Skip to content

Ansible Core

← Back to all decks

56 cards — 🟢 9 easy | 🟡 28 medium | 🔴 4 hard

🟢 Easy (9)

1. What is an Ansible "inventory"?

Show answer A file that defines the managed nodes and their groups.

Remember: inventory = 'who to manage.' Playbook = 'what to do.' Together they answer 'do what, to whom.'

Example: [webservers]
web1.example.com
web2.example.com ansible_port=2222

2. What is Ansible and how does it work?

Show answer Ansible is an open-source IT automation tool for configuration management, provisioning, and deployment. It's agentless – the control node connects over SSH/WinRM to managed nodes and executes "modules" (tasks) to bring systems to a desired state.

Remember: Ansible = 'Agentless, No daemons, SSH-based, Idempotent, YAML-driven.' Mnemonic: 'A Nice Simple Infrastructure Language.'

Name origin: from Ursula K. Le Guin's novel — an 'ansible' is a device for instantaneous communication across any distance.

3. How does Ansible connect to managed nodes?

Show answer It typically uses SSH for Linux and WinRM for Windows.

Under the hood: Ansible copies Python modules to the remote host via SFTP, executes them, captures JSON output, then deletes the temp files. SSH ControlPersist multiplexing keeps connections fast.

Fun fact: Ansible's agentless architecture (2012) was a key differentiator — competitors like Puppet and Chef required a daemon on every node.

Remember: Control Node = where Ansible runs. Managed Node = where Ansible acts. Think 'puppeteer vs. puppet.'

Gotcha: managed nodes need Python installed (except for raw module). Windows nodes use WinRM, not SSH.

4. How do you execute a single ad-hoc Ansible command?

Show answer Using the ansible command. For example: ansible all -m ping will run the "ping" module on all hosts in the inventory (useful for quick tasks or to test connectivity).

Example: ansible webservers -m apt -a 'name=nginx state=present' -b installs nginx on all webservers with sudo (-b = become). Ad-hoc commands are great for one-off tasks.

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.

5. What is a "Managed Node"?

Show answer A target device or server managed by Ansible.

Remember: Control Node = where Ansible runs. Managed Node = where Ansible acts. Think 'puppeteer vs. puppet.'

Gotcha: managed nodes need Python installed (except for raw module). Windows nodes use WinRM, not SSH.

Example: your laptop (control node) runs ansible-playbook, which SSHs into 50 web servers (managed nodes).

6. What is the Ansible inventory?

Show answer The inventory is a list of managed hosts (and groups of hosts) that Ansible operates on. It can be a static INI/JSON/YAML inventory file or dynamic inventory script, defining hostnames, groups, and connection info.

Remember: inventory = 'who to manage.' Playbook = 'what to do.' Together they answer 'do what, to whom.'

Example: [webservers]
web1.example.com
web2.example.com ansible_port=2222

7. What is an inventory file and how do you define one?

Show answer An inventory file defines hosts and/or groups of hosts on which Ansible tasks executed upon.

An example of inventory file:

```\n192.168.1.2\n192.168.1.3\n192.168.1.4\n\n[web_servers]\n190.40.2.20\n190.40.2.21\n190.40.2.22\n```

Example: [webservers]
web1.example.com
web2.example.com ansible_port=2222

[dbservers]
db1.example.com. Groups can nest: [prod:children]
webservers
dbservers.

Remember: inventory = 'who to manage.' Playbook = 'what to do.' Together they answer 'do what, to whom.'

Example: [webservers]
web1.example.com
web2.example.com ansible_port=2222

8. What is a dynamic inventory file? When you would use one?

Show answer A dynamic inventory file tracks hosts from one or more sources like cloud providers and CMDB systems.

You should use one when using external sources and especially when the hosts in your environment are being automatically
spun up and shut down, without you tracking every change in these sources. projects/knowledge/interview/ansible/008-what-is-a-dynamic-inventory-file-when-you-would-us.txt

Example: AWS EC2 plugin queries the AWS API and auto-discovers instances by tags, regions, or VPCs — no static hosts file needed.

Remember: dynamic inventory = 'ask the cloud who exists right now' instead of maintaining a static list.

9. What are Ansible "facts"?

Show answer Dynamic system information gathered during execution.

Remember: facts = auto-discovered variables about each host. Access via ansible_facts['os_family'] or {{ ansible_hostname }}.

Example: ansible_facts['distribution'] returns 'Ubuntu', 'CentOS', etc. Use it in conditionals: when: ansible_facts['os_family'] == 'Debian'.

Gotcha: fact gathering runs the setup module on every host before tasks. Disable with gather_facts: false to speed up playbooks.

🟡 Medium (28)

1. Explain the use of the -vvv option when running Ansible commands.

Show answer The -vvv option is used to enable maximum verbosity when running Ansible commands. It produces highly detailed output, including information about each task and the status of module execution, aiding in debugging.

Remember: -v = basic, -vv = more detail, -vvv = connection debugging, -vvvv = adds connection plugin output. Start with -v and increase as needed.

2. What are Ansible Modules?

Show answer Ansible Modules are standalone scripts or programs that Ansible executes to perform specific tasks on managed nodes. Modules handle tasks such as package installation, file manipulation, and service management.

Example: the copy module transfers files, service manages daemons, yum/apt handles packages, and template renders Jinja2 configs on remote hosts.

Remember: modules = 'the verbs of Ansible.' apt installs packages, copy moves files, service manages daemons.

Example: ansible all -m ping is an ad-hoc command using the ping module — tests connectivity without a playbook.

3. How does Ansible use scripts for dynamic inventory?

Show answer Ansible executes external scripts, typically written in Python or any executable language, to fetch dynamic inventory information. These scripts should output JSON-formatted data describing hosts and groups.

Example: a Python script querying AWS EC2 API returns JSON with host groups. Ansible calls it with --list and --host flags. Modern practice prefers inventory plugins over scripts.

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.

4. Explain how you can use the "ansible-doc" command to get help on a module.

Show answer The ansible-doc command provides documentation for Ansible modules. To get help for a specific module, use:
```bash\nansible-doc \n```
It displays module documentation, including parameters, examples, and usage.

Remember: ansible-doc is your offline reference. ansible-doc -l lists all modules. ansible-doc -s module shows a short snippet of required parameters.

5. How can you troubleshoot issues related to network modules in Ansible?

Show answer Troubleshoot by:
* Checking module documentation for device compatibility.
* Verifying device connectivity.
* Examining module-specific logs and output.
* Using debug modules to inspect variables and data.

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.

6. How do you install Ansible on a Linux system?

Show answer On a Linux system, Ansible can be installed using package managers:
* For Red Hat-based systems: sudo yum install ansible
* For Debian-based systems: sudo apt-get install ansible

Gotcha: pip install ansible installs the latest version with all collections. pip install ansible-core installs just the core engine with minimal collections, giving you control over what's included.

Gotcha: pip install ansible installs all collections (~7000 modules). pip install ansible-core installs just the engine with minimal collections — better for production control.

7. How do you list all modules and how can you see details on a specific module?

Show answer 1. Ansible online docs
2. `ansible-doc -l` for list of modules and `ansible-doc [module_name]` for detailed information on a specific module

Gotcha: ansible-doc -l | wc -l shows 7,000+ modules across all collections. Filter with ansible-doc -l -t module | grep aws to find AWS-specific modules.

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.

8. How does Ansible support network automation?

Show answer Ansible supports network automation by providing modules for configuring network devices. It can automate tasks like updating device configurations, managing VLANs, and deploying changes across a network infrastructure.

Example: modules like ios_config (Cisco), junos_config (Juniper), and eos_config (Arista) push configs to devices. Network modules often use network_cli or netconf connections instead of SSH+Python.

Remember: Ansible network automation uses specialized connection types (network_cli, httpapi, netconf) instead of standard SSH + Python, because network devices often lack Python.

9. Explain the purpose of the "copy" module in Ansible.

Show answer The copy module is used to copy files from the Ansible controller to remote nodes. It can also set file permissions and ownership during the copy operation.

Example: - copy: src=files/nginx.conf dest=/etc/nginx/nginx.conf owner=root mode=0644 notify: restart nginx

Gotcha: for large files, use synchronize (rsync wrapper) instead of copy — copy loads the entire file into memory on the control node.

10. Give examples of commonly used Ansible Modules.

Show answer * yum Module: Manages packages on Red Hat-based systems.
* apt Module: Manages packages on Debian-based systems.
* copy Module: Copies files to remote nodes.
* service Module: Manages services on the system.
* shell Module: Executes shell commands on the remote node.

Remember: the 'big five' Ansible modules: apt/yum (packages), copy/template (files), service/systemd (daemons). Master these and you cover 80% of tasks.

11. How do you set up passwordless SSH for Ansible?

Show answer Generate SSH keys using ssh-keygen on the Ansible controller, and copy the public key (~/.ssh/id_rsa.pub) to the ~/.ssh/authorized_keys file on managed nodes.

Gotcha: use ssh-copy-id user@host to automate key distribution. For large fleets, bake the public key into your base image or use a configuration management bootstrap.

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.

12. How can you troubleshoot SSH connection issues with Ansible?

Show answer Troubleshoot SSH issues by checking:
* SSH key permissions.
* User permissions on the target system.
* Connectivity between the Ansible controller and target.
* SSH configuration on the target system.
* Security groups or firewalls blocking SSH traffic.

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.

13. What are specific challenges you might face when using Ansible for network automation?

Show answer Challenges include:
* Vendor-specific syntax and module support.
* Managing device state changes.
* Handling varied device responses.
* Ensuring network reliability for automation tasks.

Gotcha: network devices often lack Python, requiring the raw module or specialized connection types (network_cli, httpapi, netconf) instead of standard SSH + Python.

Remember: Ansible network automation uses specialized connection types (network_cli, httpapi, netconf) instead of standard SSH + Python, because network devices often lack Python.

14. What does it mean for an Ansible module to be "idempotent"?

Show answer Idempotence means running the module multiple times yields the same result – the module only makes changes if the target state isn't already achieved. Most Ansible modules are designed to be idempotent (so you can run playbooks repeatedly without causing unintended changes).

Remember: idempotent = 'run it 100 times, same result as once.' Like pressing an elevator button — pressing it again doesn't call a second elevator.

15. What is "idempotency" in Ansible?

Show answer Ensuring that applying a configuration multiple times has the same result.

Remember: idempotent = 'run it 100 times, same result as once.' Like pressing an elevator button — pressing it again doesn't call a second elevator.

Example: apt: name=nginx state=present installs nginx if missing, does nothing if already installed. That's idempotent.

Gotcha: shell and command modules are NOT idempotent by default — they run every time. Use creates/removes or when: to guard them.

16. What is Ansible Networking, and how is it different from traditional Ansible?

Show answer Ansible Networking is an extension of Ansible designed for network automation. It includes modules tailored for network devices, supporting tasks like configuration management and device provisioning. While traditional Ansible can be used for network automation, Ansible Networking provides specialized modules and features.

Remember: Ansible network automation uses specialized connection types (network_cli, httpapi, netconf) instead of standard SSH + Python, because network devices often lack Python.

17. How Ansible is different from other automation tools? (e.g. Chef, Puppet, etc.)

Show answer Ansible is:

* Agentless
* Minimal run requirements (Python & SSH) and simple to use
* Default mode is "push" (it supports also pull)
* Focus on simpleness and ease-of-use

Under the hood: agentless (SSH vs. requiring daemons), push-based by default (vs. pull), YAML-based (vs. Ruby DSL for Chef/Puppet), and minimal prerequisites (just Python + SSH on targets).

Remember: 'PAYS' — Push-based, Agentless, YAML, SSH. Chef/Puppet are pull-based, require agents, and use Ruby DSL.

18. What is a dynamic inventory in Ansible?

Show answer A dynamic inventory in Ansible is an external script or program that generates inventory information dynamically. It allows Ansible to discover and manage nodes on-the-fly, adapting to changes in infrastructure.

Example: AWS EC2 plugin queries the AWS API and auto-discovers instances by tags, regions, or VPCs — no static hosts file needed.

Remember: dynamic inventory = 'ask the cloud who exists right now' instead of maintaining a static list.

19. Why Use Ansible Collections?

Show answer - Modular and reusable components
- Simplifies management of custom and third-party modules
- Provides a standardized way to distribute automation content
- Helps in version control and dependency management

Example: ansible-galaxy collection install community.general installs the collection. Use FQCN in tasks: community.general.ufw for the firewall module.

Remember: collections replaced the old monolithic module distribution. Think of them as 'Ansible packages' with versioning.

20. How do you use the "shell" module in Ansible?

Show answer The shell module is used to execute shell commands on remote nodes. Example:
```yaml\n- name: Run a shell command\n shell: echo "Hello, World!"\n```

Gotcha: prefer the command module over shell unless you need pipes, redirects, or shell builtins. shell spawns a full /bin/sh, adding attack surface.

Remember: shell/command modules are not idempotent. Always add creates: or when: to guard against re-execution.

21. Ansible Installation and Configuration:

Show answer * Installation: Use package managers like yum or apt on Linux systems, or install Ansible using Python's pip package manager.
* Configuration: Ansible configurations are set in the ansible.cfg file, defining parameters like inventory location and SSH settings.

Gotcha: pip install ansible installs all collections (~7000 modules). pip install ansible-core installs just the engine with minimal collections — better for production control.

22. What is an Ansible Inventory file, and how is it configured?

Show answer The Ansible Inventory file lists managed nodes and defines groups. It is usually located at /etc/ansible/hosts. Nodes can be listed by IP or hostname. Example entry: webserver ansible_host=192.168.1.10.

Gotcha: the default location /etc/ansible/hosts can be overridden with -i path/to/inventory or the ANSIBLE_INVENTORY environment variable. Most projects keep inventory in the repo alongside playbooks.

Remember: inventory = 'who to manage.' Playbook = 'what to do.' Together they answer 'do what, to whom.'

Example: [webservers]
web1.example.com
web2.example.com ansible_port=2222

23. What are common issues you might encounter with dynamic inventories, and how would you troubleshoot them?

Show answer Common issues include script errors, incomplete data, or connectivity problems. Troubleshoot by running the inventory script manually, checking script permissions, and validating output format.

Gotcha: always test inventory scripts with --list and --host flags manually. Enable ANSIBLE_DEBUG=1 for verbose connection and inventory troubleshooting output.

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.

24. What are some common issues you might encounter with Ansible modules, and how would you troubleshoot them?

Show answer Issues include module compatibility, incorrect parameters, or module not installed. Troubleshoot by checking documentation, validating parameters, and ensuring the module is available.

Example: 'module not found' usually means a missing collection — install with ansible-galaxy collection install community.general. Check module docs for required Python packages on the target.

Remember: modules = 'the verbs of Ansible.' apt installs packages, copy moves files, service manages daemons.

Example: ansible all -m ping is an ad-hoc command using the ping module — tests connectivity without a playbook.

25. Explain the use of the ansible-doc command for module documentation.

Show answer ansible-doc provides documentation for Ansible modules. Example:
```bash\nansible-doc module_name\n```

Under the hood: ansible-doc reads module docstrings locally — no internet required. Use ansible-doc -l for a full module list, -s for a short snippet showing required parameters.

Remember: ansible-doc is your offline reference. ansible-doc -l lists all modules. ansible-doc -s module shows a short snippet of required parameters.

26. Can you provide an example of a task you've automated to improve data center efficiency?

Show answer One example of a task automated for data center efficiency is the provisioning of virtual machines (VMs) based on demand. Using tools like Ansible or PowerShell, I created automation scripts that dynamically allocate and configure VMs in response to changing workloads. These scripts assess current resource utilization, determine the required capacity, and automatically spin up or down VMs accordingly. This ensures optimal resource allocation, reduces manual intervention, and improves scalability, contributing to overall data center efficiency.

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.

27. How do you approach automating repetitive tasks in a data center?

Show answer Automating repetitive tasks in a data center involves the following steps: **Task Identification:* • Identify tasks that are repetitive and time-consuming but suitable for automation. **Tool Selection:* • Choose appropriate automation tools based on the task requirements. For server management, tools like Ansible, PowerShell, or configuration management tools may be suitable. **Scripting/Playbook Development:* • Develop scripts or playbooks that automate the identified tasks. Ensure they are well-documented and modular for scalability and maintenance.

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.

28. Provide an example of a complex task or process you automated using scripting or automation tools.

Show answer In a previous role, I automated the deployment and configuration of a multi-tiered application stack using Ansible. **Steps Taken:* • • Infrastructure Provisioning: Wrote Ansible playbooks to automate the provisioning of virtual machines on different environments (development, testing, and production). • Software Installation: Automated the installation and configuration of various software components, including web servers, application servers, and databases, ensuring consistency across environments.

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.

🔴 Hard (4)

1. Ansible in a Multi-Cloud Environment

Show answer To manage multi-cloud environments, I would use dynamic inventories and cloud-specific modules for each provider (AWS, Azure, GCP).

Example using multiple dynamic inventories:

```\nplugin: aws_ec2\nregions:\n - us-east-1\n\nplugin: azure_rm\n```

```\nansible-playbook -i aws_ec2.yml -i azure_rm.yml playbook.yml\n```

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.

2. What are idempotency issues in infrastructure automation and how are they avoided?

Show answer Idempotency means that running a task multiple times should have the same effect as running it once. To identify and fix idempotency issues:

Identify the Task: Determine which task is causing the issue by reviewing the output of ansible-playbook with the -v (verbose) flag.

Analyze the Task: Check if the task is correctly checking for the desired state before making changes. For example, ensure that file changes, service restarts, or package installations are conditional.

Remember: idempotent = 'run it 100 times, same result as once.' Like pressing an elevator button — pressing it again doesn't call a second elevator.

3. Handling Secret Management

Show answer For managing sensitive information in Ansible, I use Ansible Vault. Ansible Vault allows you to encrypt sensitive data within YAML files.

To encrypt a file:

```\nansible-vault encrypt secrets.yml\n```

To use the encrypted secrets in a playbook:

```\n- hosts: all\n vars_files:\n - secrets.yml\n tasks:\n - name: Use secret API key\n uri:\n url: "https://api.example.com/data"\n headers:\n Authorization: "Bearer {{ api_key }}"\n\n```

To run the playbook with the vault password:

```\nansible-playbook playbook.yml --ask-vault-pass\n```

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.

4. Why is Ansible more dangerous than shell scripts at scale?

Show answer Ansible provides consistent, parallel execution of potentially wrong changes across your entire fleet.

The dangers:

1. Consistent blast radius
- Shell script on one host = one host affected
- Ansible playbook = hundreds of hosts simultaneously
- Mistakes replicated perfectly everywhere

2. Idempotent repetition of wrong state
- "Idempotent" means it enforces state consistently
- Wrong state enforced consistently is still wrong
- Running again won't fix it, will reinforce it

Remember: Ansible's strength is simplicity — YAML playbooks, agentless SSH, and idempotent modules. When you find yourself fighting Ansible, you're probably overcomplicating it.