40+ Best Ansible Interview Questions To Hire Or Get Hired With

Ansible is a powerful IT and devops tool used by some of the best engineers in Silicon Valley. Some of the use cases for Ansible reside around the ability to SSH into many on-prem boxes that you are managing. This might allow devops engineers to manage multiple servers and hosting provisions from one unified portal. It directly competes with Docker and Puppet which are gaining in popularity right now. Ansible was around and established before these other options, though. And with that it has a long history of features which some still stand by as one of the best devops tools and remote host tools. It's more than just a programming language. Below are some ansible interview questions and answers to help you with your next advanced engineering interview session. As with all of the interview answers, these are mock sessions. I would suggest you take these answers and make sure they are similar to your own and practice answering the questions with a friend, much like you would in a study session.

Before we begin, I wanted to provide you with a short video going over Ansible. I find that its helpful to see how others are speaking about the programming language so that you can emulate the delivery during your discussions with future hiring managers.

Ansible Interview Questions & Answers Table of Contents


1. What is Ansible?

Ansible refers to an open source automation framework, which is there to assist with configuration management application deployment or task automation engine. It is able to deploy on application with the use of SSH without involving any downtime. It is also developed and written in Python.

2. How does Ansible work?

• There are a number of similar automation tools available including Capistrano, Chef, Puppet, Salt and others though Ansible is the one, which categorizes into two modes of server controlling machines and nodes.
• The controlling machine where Ansible is installed and Nodes are managed by the controlling machine over SSH. Through controlling the machine via inventory, the location of the nodes would then be specified.
• With the use of the SH protocol, the controlling machine deploys modules to the nodes and these modules would be stored on the remote nodes and through the JSON connection. Here they communicate with the Ansible machine over a standard output.
• There is no need for agent installation upon the remote nodes as Ansible does not require agents, which means there are no background daemons or programs are executing for Ansible if it is not managing any of the nodes.
• Ansible has the ability to manage hundreds of these nodes from an SSH connection and the complete implementation can be done and executed by a single command which is ‘Ansible’. Though there are cases where one is required to execute a number of multiple commands for the deployment and here it is possible to construct playbooks.
• The playbooks are some commands, which have the ability to perform multiple tasks and each of the playbooks, are in YAML file format.

3. What is the purpose of Ansible?

It can be utilized for IT infrastructure for the purpose of managing and deploying particular software applications to remote nodes. You may need to deploy a single software of multiple software to hundreds of nodes with the use of one command. With the assistance of Ansible, it is possible to deploy as many applications to several nodes with a single command though you would have to have some python coding knowledge for understanding the Ansible scripts.

4. Describe the following elements within Ansible and the relationship that is there between them: Module, Play, Playbook, Role, and Task.

This is to check if you are familiar with the Ansible fundamental components and the manner they fit in:

• Task: this is a call to a particular Ansible module
• Module: this is an actual unit of code, which is implemented by Ansible on your host or a remote type of host. The modules can be indexed by category, which is also denoted as the task plugins.
• Play: One or more of the tasks executed on a particular host.
• Playbook: One or more of the plays. Each of the plays may be executed on similar or different hosts.
• Role: Ansible roles allow you to group the resources according to particular functionality or service such that they can be used easily. In this role, you have directories for variables, templates, handlers, tasks files and metadata. It is possible to then use the role through specifying it within the playbook.

5. What are the benefits of Ansible?

• There is no agent: the agent is not required during the setup of Ansible. If Box can support SSH and it has python, then it is not going to be a problem setting up Ansible.
• Declarative and not procedural: one of the normal attitudes of the other configuration tools when it comes to following the procedural process means you will have to do things systematically and so forth. Though Ansible writes the description of the state of the machine in the manner that is desired and takes the needed steps to fulfill that particular description.
• Idempotent: the architecture of Ansible is structured according to the concept of idempotency. The main idea is that only these things, which need to be, added which are required and those things can be repeatable without the side effects to be considered.

6. Is there a web interface?

REST API and so forth? Ansible incorporated makes a good product, which makes it even more powerful and easier to utilize.

7. How do you install Ansible?

This is through the installation of Ansible Ubuntu 14.04. the best way to get Ansible for Ubuntu would be to add the personal package archive of the project to the system. In order to do this effectively, you will have to install the software properties common package that is going to provide the ability to work with the PPA’s in an effective manner. This package is known as the python software properties on the older versions of Ubuntu.

• Sudo apt-get update
• Sudo apt-get install software properties common
At the time the package has been installed, you then add the Ansible PPA through typing the following command: sudo apt-add repository ppa: Ansible/ Ansible

Press ENTER in order to accept the PPA addition

The next thing to do would be to refresh the package index of the system so that it is aware of the packages, which are there in the PPA. After that, you can install the software:

• Sudo apt-get update
• Sudo apt-get install Ansible

We now have all of the software needed to administer the servers through Ansible.

8. How do you generate encrypted passwords for the User Module?

The mkpasswd utility which is available on a lot of the Linux systems is one of the great options whereby mkpasswd—method= 512. If the utility is not installed on the system then you may still generate the passwords through Python. First, make sure the Passlib password-hashing library has been installed.

Pip install passlib

At the time the library is ready, SHA512 password values would then be generated in the following manner: python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"

You can use the Integrating hashing filters for coming up with a hashed version of a password. You should not place plaintext passwords within the playbook or host_vars. You can instead use Vault in order to encrypt some of the sensitive data.

9. How do you get Ansible to reuse the connection and allow kerberized SSH or have the platform pay attention to your local SSH config file?

Switch the default connect type within the configuration file to SSH or use ‘-C SSH’ in order to use Native OpenSSH for the connections as opposed to the python paramiko library. In Ansible 1.2.1 and then SSH is going to be utilized by default if the OpenSSH type provides a number of advanced alternatives. So you will want to run Ansible from a machine that is new such that it can support ControlPersist, in the event that you are using this connection type. You will still be able to manage some of the older clients. In the event you are using RHEL 6, CentOS 6, SLES 10 or even SLES 11, then the version of OpenSSH is still old so it would be better to consider managing from a Fedora or openSUSE client even though you may be managing older nodes or you can just use paramiko. Paramiko is kept as the default as you may be first installing Ansible on an EL box so it provides one of the better experiences for the new users.

10. Give differences between Ansible and Puppet

• Ansible provides very good performance considering there is no need for an agent during installation and deployment. In the case of Puppet, the performance is a bit questionable and the installation is agent based.
• Puppet is based according to Ruby language while Ansible is based according to Python language.
• CLI accepts the commands in almost every language when it comes to Ansible. For Puppet, all clients have to become acquainted with the Puppet DSL.
• As Ansible is hard and not well tested. It cannot give a proper and mature solution for every situation all of the time. Puppet always provides mature solutions every time.
• The GUI for Ansible is a work in progress though for Puppet, it is a work in progress.
• For Ansible, there is no support for Windows, but Puppet supports all of the major operating systems.

11. What is the difference between environment variables and variable name?

• A variable name may be built by adding String but an environment variable can be accessed by accessing the existing variable.
• For the Environment Variable, if you want to add the variable, you need to open the advance playbooks section. For the Variable Name, you can add Strings. • For the Variable name, you use the IPV4 address. In the case of the Remote environment variables use {{ Ansible_env.SOME_VARIABLE }}

12. What is Ansible Tower?

Ansible is classified as a web based solution, which makes it easy to use. It is considered to be acts such as a hub for all automation tasks. The tower is free for use up to the point of 10 nodes.

ansible interview questions

13. How do you access the Shell Environment Variables?

If you are looking to get access to the existing variables then you can use ‘env’ lookup plugin.Access of the value of Home environment on the management machine would be: local_home:”{{lookup(‘env’,’HOME’)}}”

14. How do you speed up the management within EC2?

It is not advised to manage A GROUP OF ec2 machines from your PC. The best way would be connect to a management node within EC2 at first and then execute Ansible from that point.

15. What is Ansible Playbooks?

The Playbooks are a different way for one to use Ansible than in adhoc task execution mode and they are particularly powerful. The Playbooks are Ansible configuration, deployment and orchestration. They may describe a policy you would like your remote systems to enforce or a number of steps within the general IT process. Ansible refers to a configuration management tool that automates the configuration of different servers through the use of Ansible PLAYBOOKS. The playbook is the main element of any Ansible configuration. The playbook has one or multiple plays, which each define the work that is to be done for a configuration on the managed server. Ansible plays are all written in YAML. Every one of the plays is done by an administrator and with particular parameters for the target machines so there are no standard plays.

16. What is Ad-hoc commands in Ansible?

Ad-hoc commands are a powerful but simple feature when it comes to Ansible. The ad-hoc commands are those, which can only be used for quick purposes, which you do not want to save for a later time. This may include checking the status of the server or copying a file to the server tasks that you just want to do quickly by only typing a few commands.

17. How do you submit a change to the documentation when it comes to Ansible?

The documentation for Ansible is kept within the main project git repository and the complete instructions for the contribution can be found within the documents.

18. How do you write an Ansible ad-hoc command?

The syntax for it is:

Ansible [-m ] –a<’arguments’> -u [-become]

• Hosts: it can be any entry within the inventory file. For the specification of all of the hosts in inventory, you may use all or *. The wild card patterns in this case are also accepted.
• Arguments: you should pass values, which are required by the module. This can change depending on the module, which is used.
• Module name: this is an optional type of parameter. There are many modules, which are available in Ansible. By default, it is command. For one, yup, shell, copy, apt and file.
• Username: it specifies the user account where Ansible may execute commands. The user account, SSH.
• Become: this is one of the optional parameters that are specified when you want to execute operations that require sudo-privilege. By default, become would be false.
• If you put a –c option, then Ansible would do a dry run of the command. It is not going to be actually applied on the nodes.

19. How do you disable cowsay within Ansible?

In Ansible, if cowsay is installed, Ansible takes it upon themselves to make your day better when running playbooks. If you decide that you would like to work in a professional cow-free environment, then you may either opt to uninstall cowsay or set the Ansible_NOCOWS environment variable: export Ansible_NOCOWS= 1(ref Ansible doc).

20. How do you copy files recursively on to a target host within Ansible?

In Ansible, the copy module has one of the recursive parameters. On the other hand, you can consider the synchronize module in the event that you want to do something more efficient for a larger number of the files. The synchronize module then wraps resync.

21. How do you generate crypted passwords when it comes to the user module in Ansible?

The mkpasswd utility which is available on several of the Linux systems is a good alternative:

Mkpasswd – method = sha-512

If this utility is not installed in the system (you may be using OS X) then you may still easily generate the passwords with the use of python. First make sure the Passlib password-hashing library has been installed: Once the library is ready, SHA12 password values may then be generated:

Python –c “from passlib.hash import sha512_crypt; import getpass; print sha512_crypt. Using (rounds= 5000). Hash(getpass.getpass())”

Use the integrated Hashing filters for the purpose of generating a hashed version of the password. You may not put plaintext passwords in your playbook or host_vars; instead, you may use Using Vault in playbooks for encrypting sensitive data. (Ref Ansible doc).

22. How is it possible to access a list of Ansible_Variables?

By default, Ansible gathers facts under the machines under management. The other thing is these facts are accessed within the Playbooks and in templates. One of the best means to view a list of all the facts which are available in a machine, then you would have to run the setup module in the ad-hoc manner:

Ansible- setup hostname

Once this statement has been implemented, it is going to print out a dictionary of all of the facts available for this particular host. This would be the best means of accessing the list of Ansible_variables.

23. How can you see the inventory variables, which are defined in the host?

The best means of seeing all of the inventory variables would be through the execution of this command:

Ansible - m debug- a “var=hostvars[‘hostname’]” localhost

24. Why doesn’t one ship in X format?

There are many reasons for not shipping using X format. It caters toward the maintenance. Within the market there are different means of shipping software and it can be tedious to support each and every one of them.

25. What is that which Ansible can do?

Ansible can do the following:

• Configuration management
• Task automation
• IT orchestration
• Task automation

26. Define what is Ansible Galaxy?

Ansible Galaxy is a reference to the website Galaxy where the users are going to be able to share all of the roles to CLI where the installation, creation and the management of roles happens.

27. When should you use {{ }}?

At the same time, how do you interpolate variables or the dynamic variable names:

• A steadfast rule is to use {{ }} except when’. The conditionals always run through Jinja2 in order to resolve the expression, so when: failed_when: and changed_when: are always the templates and you have to avoid adding {{ }}.
• In most of the other cases you ought to always use the brackets even if previously you may have used the variables without specifying (like with_clauses), because this makes it hard to distinguish between undefined variables and a string.
• The other rule is ‘moustaches don’t stack’. This is often observed.
• {{ somevar_{{other_var}} }}
• The above DOES NOT WORK, if you need to utilize a dynamic variable then use the hostvars or the vars dictionary as appropriate”
• {{ hostvars [inventory_hostname][‘somevar_’+ other_var]}}

28. What would be the best means of making the content reusable/ redistributable?

If you had not already done so, you may read about ‘Roles’ within the playbooks documentation. This would assist with making playbook content self-contained and it works with things such as git sub modules for the purpose of sharing content with others. In the event that some of these plugin types seem to be strange, then see the API documentation for more of the details about the means that Ansible can be extended.

29. How do you Access a variable name in a programmatic manner?

An example may be there when you need to get the IPV4 address of an arbitrary interface where the interface that is to be used can be supplied through a role parameter or another input. The variable names may be initiated through adding strings together in the following manner:

{{ hostvars[inventory_hostname]['Ansible_' + which_interface]['ipv4']['address'] }}

The trick when it comes to going through the hostvars is necessary considering it is a dictionary of the namespace of variables. ‘inventory_hostname’ is a magic variable, which indicates the current host you would be looping over in the host loop.

30. How do you test your Ansible based projects?

When you ask this questions in different interviews, there are several answers.

• Manual run: you run the system and check if it is within the desired state. This is not the desired answer when provided solely. It is the most lazy or straightforward answer though. even if you have tested your new written role within a development environment that is not an indication that you will attain the same type of result when it comes to a production environment.
• Check mode: check mode is an optimal manner to test the Ansible code considering it will report what you have done if would actually run without check mode. So it is possible then to see if the Ansible run behavior is meeting the needed expectations. Now the follow up question would be what about the scripts? At times the answer gotten is why? That would be fine if there was no need to use scripts within the roles and playbooks but if that was the case, then you would know that check mode does not run the scripts and commands. In order to run them, you would have to disable the check mode for the purpose of specific tasks with “check_mode: no”.
• Asserts are a method of testing considering they also resemble the best way you test in other languages including python and the important thing is it makes certain the system has reached the desired point, not as a draft when it comes to check mode but as a verification the task changed certain resource to the desired state.

31. What is Ansible pull and how is it different compared to Ansible playbook?

It is known that running Ansible playbook is going to enforce particular configuration on the hosts that you are operating on from what is known as the control node (this is the node that you will be running the commands from). Ansible pull is also applying the configuration from a managed type host and not from the control host. It is pulling the configuration from a provided URL of a repository. It can be practical for particular uses in which you need a reversed architecture of enforcing configuration on the host you are connected to from a central area.

32. Give an explanation of what is Red hat Ansible?

Ansible and Ansible tower by Red Hat are both an end-to-end complete type of automation platform, which is capable of providing features or particular functionalities. These include:

• Deploying applications
• Orchestrating the workflows
• Management of the IT systems
• Networks
• Applications
• Configurations of the IT systems

All of these particular activities are dealt with by Ansible where it can assist the business to solve the real time business problems.

33. Why does one have to learn Ansible?

Ansible is more of a particular tool for servers through the question is does it have anything for networking. If you consider it closely, there is support available within the market for the networking devices. With the use of the tool, it may provide an overall view of the environment and the knowledge concerning the manner of how it works for network automation. It represents one of those tools where it would be considered to be good to explore a new tool.

34. What are the Ansible server requirements?

If you are a windows user then you would have to have a virtual machine in which Linux would be installed. It needs Python version 2.6 or higher as well to operate.

35. What is ask_sudo_pass in Ansible?

The control is similar to ask_pass

The ask_sudo_pass controls the Ansible Playbook in order to prompt the sudo password. At times the default behavior is no:

Ask_sudo_pass= true
One has to make certain and change this setting where the sudo passwords are enabled a lot of the time.

36. What is ask_vault_pass in Ansible?

Using this control, it is possible to determine whether Ansible Playbook would prompt a password for the vault password by default. Usually the default behavior is no:

Ask_vault_pass= True

37. Write a task in order to create the directory ‘/tmp/new_directory’.

This is a basic question but it is indicative of the way that you work with Ansible. Several will answer this question through the use of the shell or the command modules. It does not necessarily mean bad though the best practice is to use an explicit Ansible type module. The reason for this has to do with readability. Some of the actions execute in a different manner on the different operating systems though the module usage would always be the same and any Ansible user would know what you meant when reading the task particularly if it is a long shell command. The other thing is it does not necessarily mean the modules are faster as compared to the commands specified with ‘shell’ or ‘command’. The task of creating the directory is set as:

1. name: Create a new directory
2. file:
3. path: "/tmp/new_directory"
4. state: directory

38. How can one connect to other devices within Ansible?

Once Ansible is installed and the basic setup has been completed then an inventory is created. That would be the base and one may start testing Ansible. In order to connect to a different device then you have to use the ‘ping module’. This would be utilized as a simple connection test. Ansible –m ping all

39. Can you build the modules with Ansible?

Yes it is possible to create or own the modules within Ansible. This is an open source tool that primarily works on Python. If you are good at programming in Python then you can begin on creating your modules within a few hours from scratch and there is no need to have prior knowledge of the same.

40. What does Fact mean when it comes to Ansible?

The term Fact has been commonly used within the Ansible environment. They are described within the playbook areas as they display some of the known and discovered variables concerning the system. Facts are then utilized in order to implement some of the conditional executions and also for getting ad-hoc information of the information. The facts are available through:

$ Ansible all- m setup

Therefore if you want to extract only a particular part of the information you may then use ‘setup’ module where you can have an option for filtering out the output and then get hold of the fact that require.

41. What is ask_pass in Ansible?

The ask_pass refers to a control within Ansible Playbook. The controls for whether Ansible playbook to prompt a password by default. The behavior tends to be no : It is always set to ask_pass=True

In the event you are using SSH keys for authentication then you do not have to change the setting.

Pro tips for being prepared

Being prepared to your technical interview is key. A couple of things you can do is not only have the above questions and answers properly practiced but you can come with examples of work. That often has a high impact, if you can show off your work via real functioning products. This could mean a personal project you did or maybe a project that you worked on while employed. Either way, the ability to showcase it and speak to it will do wonders. That way you can point to something and say, "This is what I did." Also be sure to turn off your cell phone. It sounds simple but a buzzing cell phone both receiving phone calls or text messages is going to make you seem unprofessonal and speak to the fact that you don't respect the interview that you are in. Afterwards, you'll want to send a thank you note to every single person that you spoke with. That's the formal and respectful thing to do.

author: patrick algrim
About the author

Patrick Algrim is an experienced executive who has spent a number of years in Silicon Valley hiring and coaching some of the world’s most valuable technology teams. Patrick has been a source for Human Resources and career related insights for Forbes, Glassdoor, Entrepreneur, Recruiter.com, SparkHire, and many more.


Help us by spreading the word