Quiz: RHCE (EX294) Exam¶
15 questions
L1 (6 questions)¶
1. What is the precedence order for Ansible configuration files?
Show answer
Highest to lowest:1. ANSIBLE_CONFIG environment variable,
2. ./ansible.cfg in current directory,
3. ~/.ansible.cfg in home directory,
4. /etc/ansible/ansible.cfg system-wide. The first file found wins — Ansible does NOT merge config files. *Common mistake:* Many people assume config files are merged. They are not — the highest-precedence file found is used exclusively.
2. How do you install roles and collections from a requirements.yml file?
Show answer
For roles: 'ansible-galaxy role install -r requirements.yml'. For collections: 'ansible-galaxy collection install -r requirements.yml'. The file can contain both roles and collections sections with optional version pinning.3. What does FQCN mean and why is it important on the RHCE exam?
Show answer
FQCN = Fully Qualified Collection Name. Format: namespace.collection.module (e.g., ansible.builtin.copy, ansible.posix.firewalld). It prevents ambiguity when multiple collections provide same-named modules. Always use FQCN in playbooks.4. You need to encrypt sensitive variables for your playbook. Show how to create an encrypted file and use it at runtime.
Show answer
Create: 'ansible-vault create vars/secrets.yml'. Reference in playbook via vars_files: - vars/secrets.yml. Run with: 'ansible-playbook site.yml --ask-vault-pass' or '--vault-password-file .vault_pass'. To encrypt a single string: 'ansible-vault encrypt_string "secret" --name "var_name"'.5. How do you use ansible-doc on the exam to find module information?
Show answer
ansible-doc ansible.builtin.dnf — full docs for a module. ansible-doc -s ansible.builtin.user — short snippet. ansible-doc -l — list all modules. ansible-doc -l | grep firewall — search. ansible-doc -t callback -l — list by plugin type. This is your ONLY reference on the exam (no internet access).6. What are Ansible handlers and when do they run?
Show answer
Handlers are tasks triggered by the 'notify' keyword. They run ONLY when the notifying task reports 'changed' status, and they run at the END of the play (not immediately after the task). A handler runs only once even if notified multiple times. Force mid-play execution with: ansible.builtin.meta: flush_handlers. *Common mistake:* Common gotcha: if a task reports 'ok' (no change), the handler will NOT run, even if you expect it to.L2 (7 questions)¶
1. What is the complete directory structure of an Ansible role and what goes in each directory?
Show answer
roles/name/ contains: defaults/main.yml (default vars, lowest precedence), vars/main.yml (role vars, high precedence), tasks/main.yml (task list), handlers/main.yml (handlers), templates/ (Jinja2 templates), files/ (static files), meta/main.yml (dependencies and metadata). Create with 'ansible-galaxy role init name'.2. Explain the difference between include_role and import_role.
Show answer
import_role is static — parsed at playbook load time. Tags are inherited by all role tasks. Cannot be used in loops. include_role is dynamic — parsed at runtime. Tags only apply to the include task itself. Can be used in loops and conditionals. Default approach: use the roles: section. Use include_role only for conditional/looped inclusion. *Common mistake:* This distinction matters for tags — with import_role, tagging the import tags ALL tasks inside the role. With include_role, only the include itself is tagged.3. How do you implement rolling updates in Ansible and what is the canary pattern?
Show answer
Use serial in the play: 'serial: 2' runs on 2 hosts at a time. Percentage: 'serial: 25%'. Canary pattern with stepped serial: 'serial: [1, 5, "100%"]' — first 1 host as canary, then 5, then all remaining. Combine with max_fail_percentage to abort if the canary fails.4. How do you automate LVM storage setup (VG, LV, filesystem, mount) with Ansible?
Show answer
Four modules in sequence:1. community.general.lvg (vg: datavg, pvs: /dev/sdb),
2. community.general.lvol (vg: datavg, lv: datalv, size: 5g),
3. community.general.filesystem (fstype: xfs, dev: /dev/datavg/datalv),
4. ansible.posix.mount (path: /mnt/data, src: /dev/datavg/datalv, fstype: xfs, state: mounted). The mount module also updates /etc/fstab.
5. How do you manage SELinux file contexts and booleans with Ansible? What step do people forget?
Show answer
Booleans: ansible.posix.seboolean (name: httpd_can_network_connect, state: true, persistent: true). File contexts: community.general.sefcontext (target: '/srv/app(/.*)?', setype: httpd_sys_content_t). CRITICAL: after sefcontext you must run 'restorecon -Rv /path' to apply the policy to existing files. Ports: community.general.seport. *Common mistake:* The most common mistake is forgetting restorecon after sefcontext. sefcontext updates the policy database but does NOT relabel existing files.6. What is the Ansible variable precedence order? Where should role defaults vs role vars go?
Show answer
Lowest to highest: role defaults → inventory group_vars/all → group_vars/7. How do you configure firewalld rules with Ansible that persist across reboots?
Show answer
Use ansible.posix.firewalld with BOTH permanent: true (survives reboot) AND immediate: true (applies now). For services: service: http, state: enabled. For ports: port: 8080/tcp. For port ranges: port: 5000-5100/tcp. Forgetting permanent: true means rules disappear on reboot — the exam reboots systems to verify.L3 (2 questions)¶
1. How do you run async tasks in Ansible with fire-and-forget, and how do you check their status later?
Show answer
Fire and forget: set async: 3600 (max seconds) and poll: 0 (don't wait), register: job. Check later with ansible.builtin.async_status: jid: '{{ job.ansible_job_id }}', register: result, until: result.finished, retries: 60, delay: 10. Useful for long-running tasks like large package updates or database migrations.2. Explain block/rescue/always error handling in Ansible with a practical example.