- What is Ansible?
Ans. Ansible is an open-source automation tool used for application deployment, configuration management, and cloud provisioning. It automates the entire IT environment to simplify complex tasks and make developer’s jobs easy and manageable.
It also works on IT orchestration, where we can run tasks in sequence and create a chain of events that appears on different servers or devices. Ansible is growing faster than other automation tools. Here are some of the advantages of using Ansible:
- It is a free and open-source tool
- Ansible is a simple tool to set up and use
- It helps to model highly complex workflows
- We can customize the whole application according to the need
- How does Ansible work?
Ans. Ansible does not break its process into steps or divisions. To understand how Ansible works, we have to follow stages:
Setting up the architecture:
Ansible requires nodes and release small programs called “Ansible Modules.” These released modules act as a resource to the desired state of the system. It executes these modules and removes them after the execution.
SSH Keys: There is an inventory file in the controlling machine that occupies the location of the node system. It helps modules to locate on the node system by running the playbook on the controlling system.
Example:
ssh-agent bash
ssh-add ~/.ssh/id_rsa
Managing Inventory: Ansible keeps all the machines that it is operating on the system in the INI file. The machines in the INI file are grouped as per the user’s choice. New machines are also added without any SSL signing. It is also plugging to sources such as Openstack, EC2, Rackspace, and others. Here, how inventory looks like:
[webservers]
www01.example.com
www02.example.com
[dbservers]
db01.example.com
Db02.example.com
Using Ansible: We can use Ansible, once the instance is available. All the requirements in the Ansible running commands and resource module are taken care of. Ansible already consists of the arsenal module.
Example:
ansible all -m ping
ansible foo.ex.com -m yum -a “name=httpd state=installed”
ansible foo.ex.com -a “/usr/sbin/reboot1”
- What are the requirements of Ansible server?
Ans. If you are a windows user then it is required to have virtual machine in which Linux can be installed.
- Explain different components of Ansible?
Ans. Following are some components:
- Inventory
- Playbooks
- Plays
- Tasks
- Modules
- Roles
- Handlers
- Facts
- Templates
- Variables
- Is Ansible an open-source tool?
Ans. Yes, Ansible is an open-source tool because we can rewrite the modules. An open-source automated engine provides a source to automate apps as per the need.
Q6. Name the language in which Ansible is written?
Ans. Ansible is written in Python and Powershell.
- Differentiate between Ansible Playbooks and Roles.
Ans. Following are the differences between Roles and Playbooks:
Roles | Playbooks |
It is a set of tasks and additional files to configure the host | It is a mapping between roles and hosts |
Roles are considered as group tasks into one container. We can use role for setting up MySQL, and for setting up postfix | A playbook identifies what is happening where. Sometimes playbook only contains single play, but we can get the number as required |
Example: Common, Webservers, etc. | Example: fooservers.yml, site.yml, webservers.yml, etc. |
- What are the variables in Ansible?
Ans. Variables are alike with the variables in another programming language. These are assigned a value that is used to determine playbooks. We can also use conditions by using variables:
– hosts: your host01
vars:
port_Tomcat: 2050
Here, a variable port Tomcat is defined, and the value assigned to the port number is 2020.
- What are the differences between a variable name and an environment variable?
Ans. Following are the difference between a Variable Name and an Environment Variable:
Variable Name | Environment Variable |
|
|
- What are the Ansible Modules? Explain the different types.
Ans. This is a commonly-asked Ansible interview question. Modules are the small units of code that perform a specific task. It can be used from the command line or in a playbook task. It helps to automate a wide range of tasks.
ansible webservers -m service -a “name=httpd state=installed”
ansible webservers -m ping
ansible webservers -m command -a “/sbin01/reboot -t now”
There are two types of modules:
- Core modules: The core team maintains these modules, and it will ship with Ansible only. They receive slightly high priority for the requests than extras modules.
- Extras modules: Ansible itself ships these modules, but it can be shipped separately in the future. Non-core modules receive a lower response as compare to core modules.
- How can you access a variable of the first host in a group?
Ans. By using the following command, we can access a variable:
{{ hostvars[groups[‘webservers’][0]][‘ansible_eth0’][‘ipv4’][‘address’] }}
In the given code, we’re accessing the hostname of the first machine in the webservers group. To use a template to do this, we can use Jinja2 ‘#set’ or set_fact, like written below:
– set_fact: headnode={{ groups[[‘webservers’][0]] }}
– debug: msg={{ hostvars[headnode].ansible_eth0.ipv6.address }}
- How to write an Ansible Handler with multiple tasks?
Ans. If you want to create a handler that restarts a service when it is running
Ansible Handlers. It can listen to the general topics, and those topics are shown below. This task makes it easier to trigger multiple handlers. It also decouples handler from their name and makes it simpler to share handlers in Playbooks and roles:
– name: Check if restarted
shell: check_is_var.sh
register: result
listen: Restart processes_a
– name: Restart conditionally step 1
service: name=service state=restarted
when: result
listen: Restart processes_a
- How to keep secret data in the playbook?
Ans. If we have a task and we don’t want to show the output or command given in it when using -v (verbose) mode, the following code is used:
– name: secret task
shell: /usr/bin_a/do_something –value={{ secret_value01 }}
no_log: True
It can be used to keep verbose output
– hosts: all
no_log: True
- What is Ansible Tower?
Ans. Ansible Tower is a web-based solution used by IT teams for managing an organization with a very easy user interface. It is mainly designed for solving all sorts of automation tasks. Ansible Tower provides a dashboard with the state summaries of all the hosts, monitors each configuration, and allows fast deployments.
It allows to share the SSH credentials, manage inventories graphically, logs all the jobs, and syncs them with a variety of cloud providers.
- Mention the features of Ansible Tower.
Ans. Following are the features:
- Ansible Tower Dashboard – It presents all sorts of things available on their environments such as the hosts, the recent job activity, inventory status, and more.
- Real-Time Job Updates – An Ansible can automate the whole infrastructure so that we can see the real-time job updates, like tasks and plays divided by each machine. By this, we can check our automation status and easily track what’s next in the queue.
- Multi-Playbook Workflows – It allows to connect any number of playbooks, in spite of using different inventories, run various users, or utilize multiple credentials.
- Scale Capacity With Clusters – With this feature of Ansible tower, we can connect various nodes of it into the Ansible tower cluster. It creates redundancy that allows scaling Ansible automation over the enterprise.
- Integrated Notifications – This feature notifies if the job succeeds or fails in the whole organization or customize on a per-job basis.
- Remote Command Execution – On this platform, we can run simple tasks like restart malfunctioning service, reset passwords, and add users in the inventory with Ansible Tower’s remote command execution.
- Schedule Ansible Jobs – Ansible Tower provides this feature for various kinds of jobs like Playbook runs, source control, and cloud inventory updates that can be scheduled to run across the platform according to the need.
- Who Ran What Job When – It provides us the option to know who ran what job when and whereas all the automation activity is securely logged in the Ansible tower.
- Manage & Track Inventory – It provides the benefit of managing the entire infrastructure by allowing us to use inventory from public cloud providers like Microsoft Azure, Amazon web services, and others.
- Self-Service – It allows us to launch Playbooks with just a single click. It also helps to choose from the available credentials and record the available deployments.
- Write a code to set the PATH or any environment variable for a task?
Ans. Environment variables can be set by using the keyword “Environment.” This variable can be set for the entire Playbook or only for a particular task.
Following code shows, how to set a path:
Environment:
PATH: “{{ ansible_env.PATH }}:/thing_a/bin”
SOME: value01
- How can you handle various machines needing different user accounts or ports to log in with?
Ans. It can be handled by setting inventory variables into the inventory file.
These hosts consist of different username and ports:
[webservers]
www.example.com ansible_port=2050 ansible_user=tom
jkl.examplein ansible_port=5002 ansible_user=jack
We can also specify the connection type:
[testcluster]
localhost ansible_connection=local
/path/to_a/chroot1 ansible_connection=xyz
www.example.com ansible_connection=abc
To make the task easier, we can compile it into a file group_vars/<group-name> file.
- Does Ansible support AWS?
Ans. Ansible has multiple modules that support AWS; some of them are:
- Route53
- Elastic Cloud Compute (EC2)
- Virtual Private Cloud (VPC)
- Relational Database Service (RDS)
- CloudWatch
- Identity Access Manager (IAM)
- DynamoDB
- ElastiCache
- CloudTrail
- CloudFormation
- Simple Storage Service (S3)
- Autoscaling groups
- Can you copy files to remote locations recursively onto a target host? If yes, how?
Ans. Yes, we can copy files to remote locations repetitively by using a copy module. It can copy files from the directory recursively, and the other module called synchronize that is specially used for this process.
– synchronize:
src: /first/absolute01/path
dest: /second/absolute02/path
delegate_to: “{{ inventory_hostname_xyz }}”
- How can you access a variable of the first host in a group?
Ans. We can access a variable by executing the below command:
{{ hostvars[groups[‘webservers’][0]][‘ansible_eth0’][‘ipv4’][‘address’] }}
In the given command, we are obtaining the hostname of the first machine in the webservers group. We can use Jinja2 ‘#set’ or set_fact that is shown below:
– set_fact: headnode={{ groups[[‘webservers’][1]] }}
– debug: msg={{ hostvars[headnode].ansible_eth0.ipv6.address }}
- What is CD/CI in Ansible?
Ans. CD (Continuous Deployment) and CI (Continuous Integration) are approaches in software development that help you deliver high-quality applications. CI/CD enables incremental code changes from the developer to be delivered quickly and reliably to production. In CD, the software is built and delivered into production. In CI, different developers working on different modules upload the integrations frequently and reliably.
Ansible is a great tool for both CD and CI as it provides an infrastructure for setting the required environment and then deploying the application.
- Explain Idempotency.
Ans. Idempotency is a feature of Ansible that ensures that only the required changes occur. One or more tasks can be executed multiple times, but it won’t change anything that is already been modified or is working correctly. It can be implemented in Ansible using the attribute created. For example, if a task is to create a directory on the server, then the directory will be created only if it does not already exist. Idempotency ensures a quality experience for both users and software teams.
- What are the different strategies used to test Ansible projects?
Ans. There are three strategies to test Ansible projects:
- Manual Run: It verifies that the system is in the desires state. While it is an easy way to test Ansible projects, it has increased risky because the results in a test environment might not be the same as in the production environment.
- Check Mode: Check mode lets you know what the modules would have changed if the playbook was executed without check mode. It lets you check if the project behaves the way you want it to. Check mode is like a simulation and is the least used method in Ansible.
- Asserts: It replicates how the test works in programming languages such as Python. It verifies the system has reached the actual state, not as a simulation, which you find in check mode. Asserts displays that the task did what it was expected to do.
- What are Ad-hoc commands?
Ans. Ad-hoc commands are one-line commands which can be run individually to perform a certain task quickly. These commands need not be performed later. They are like an alternative to writing playbooks. While the playbooks are used for a repeated action, ad-hoc commands are used when we want to perform a non-repetitive task. As ad-hoc commands are of one-time usage, they are not used for configuration management and deployment. They are best suited for tasks you repeat rarely.
An Ansible ad-hoc command uses the /usr/bin/ansible command-line tool.
- What are the differences between Ansible and Puppet?
Ans. Below are some of the differences between Ansible and Puppet:
Ansible | Puppet |
Ansible is a provisioning, configuration, and deployment tool | It is more of a configuration management tool |
The installation process is complex | Easy to install |
Ansible uses YAML Python language | Has its own declarative language (Ruby) |
GUI is less interactive than Puppet | GUI is more interactive and highly developed |
More scalable than Puppet | Less scalable than Ansible |
Less secure | More secure |
- How to increase the Ansible reboot module to more than 600 seconds?
Ans. The Ansible reboot module can be increased more than 600 seconds using the below syntax:
– name: Reboot a Linux system
reboot:
reboot_timeout: 1000
- How to use docker modules in Ansible?
Ans. Docker modules require the Docker SDK for Python installed on the host running Ansible.
For Python 2.7 or Python 3, it can be installed using the following:
$ pip install docker
For Python 2.6, a version before 2.0 will be required. It can be installed using the following:
$ pip install ‘docker-py>=1.7.0’
- What are the differences between Ansible and Chef?
Ans. Below are the differences between Ansible and Chef:
Ansible | Chef |
Easy to set up. | Not very easy to set up compared to Ansible. |
Ansible runs with a single active node (Primary instance). When the primary instance goes down, the Secondary instance fills in. | Chef uses a backup server that helps when the primary server goes down. |
Uses YAML (Python) for managing configurations and is simple to understand. | Chef uses DSL (Ruby) for managing configurations. It has a steeper learning curve than YAML. |
For Ansible, one has to pay $10,000 annually for 100 nodes. | It costs $13700 annually for 100 nodes. |
Both Ansible and Chef are easily scalable. | |
- Explain the different types of Ansible Inventory.
Ans. There are two types of inventory files in Ansible:
Static Inventory File:
It is a plain text file containing a list of managed hosts declared under a host group using either hostnames or IP addresses. A host group name is enclosed in square brackets. The managed host entries are listed below the group name in each line.
Example:
[group name]
Host A ip_address
Host B ip_address
Dynamic Inventory File:
A dynamic inventory is a script written in Python, PHP, or any other programming language. It is useful in cloud setups where IP addresses change once a virtual server is stopped and started again.
Example:
Create a demo_aws_ec2.yaml file for the config
plugin: aws_ec2 regions:
ap-south-1 filters:
tag:tagtype: testing
We can fetch it using the below command:
ansible-inventory -i demo_aws_ec2.yaml –graph
- Define Ansible Galaxy.
Ans. Ansible Galaxy refers to the Galaxy website used to find, share, and download modules and roles by the Ansible users. These command-line tool is available with Ansible. It is used to install roles from Galaxy or the source management system. It can also be used to create new roles, remove old ones, and perform tasks on the Galaxy website. We can boost our project using Galaxy.
The syntax used to download roles from Galaxy website:
$ansible-galaxy install username.role_name