ansible interview questions
Top ansible frequently asked interview questions
I'm setting up an Ansible playbook to set up a couple servers. There are a couple of tasks that I only want to run if the current host is my local dev host, named "local" in my hosts file. How can I do this? I can't find it anywhere in the documentation.
I've tried this when statement, but it fails because ansible_hostname
resolves to the host name generated when the machine is created, not the one you define in your hosts file.
- name: Install this only for local dev machine
pip: name=pyramid
when: ansible_hostname == "local"
Source: (StackOverflow)
When Ansible has problems running plays against a host, it will output the name of the host into a file in the user's home directory ending in '.retry'. These are often not used and just cause clutter, is there a way to turn them off or put them in a different directory?
Source: (StackOverflow)
I am trying to get started with Ansible to provision my Vagrantbox, but I can’t figure out how to deal with host files.
According to the documentation the should be storred in /etc/ansible/hosts
, but I can’t find this on my system (Mac OS X). I also seen examples where the host.ini
file situated in the document root adjacent to the vagrant file.
So my question is where would you store your hostfile for setting up a single vagrant box?
Source: (StackOverflow)
The same way there is "lineinfile" to add one line in a file, is there a way to add several lines?
I do not want to use a template because you have to provide the whole file.
I just want to add something to an existing file without necessarily knowing what the file already contains so a template is not an option.
Source: (StackOverflow)
How is it possible to move/rename a file/directory using an Ansible module on a remote system? I don't want to use the command/shell tasks and I don't want to copy the file from the local system to the remote system.
Source: (StackOverflow)
I see that Ansible provide some pre-defined variables that we can use in playbooks and template files. For example, the host ip address is ansible_eth0.ipv4.address. Googleing and searching the docs I cound't find a list of all available variables. Would someone list them for me?
Source: (StackOverflow)
I'm using Ansible for some simple user management tasks with a small group of computers. Currently, I have my playbooks set to hosts: all
and my hosts file is just a single group with all machines listed:
# file: hosts
[office]
imac-1.local
imac-2.local
imac-3.local
I've found myself frequently having to target a single machine. The ansible-playbook
command can limit plays like this:
ansible-playbook --limit imac-2.local user.yml
But that seems kind of fragile, especially for a potentially destructive playbook. Leaving out the limit
flag means the playbook would be run everywhere. Since these tools only get used occasionally, it seems worth taking steps to foolproof playback so we don't accidentally nuke something months from now.
Is there a best practice for limiting playbook runs to a single machine? Ideally the playbooks should be harmless if some important detail was left out.
Source: (StackOverflow)
What is the easiest way to create an empty file using Ansible? I know I can save an empty file into the files
directory and then copy it to the remote host, but I find that somewhat unsatisfactory.
Another way is to touch a file on the remote host:
- name: create fake 'nologin' shell
file: path=/etc/nologin state=touch owner=root group=sys mode=0555
But then the file gets touched every time it, showing up as a yellow line in the log, which is also unsatisfactory...
Is there any better solution to this simple problem?
Source: (StackOverflow)
A recurring theme that's in my ansible playbooks is that I often must execute a command with sudo privileges (sudo: yes
) because I'd like to do it for a certain user. Ideally I'd much rather use sudo to switch to that user and execute the commands normally. Because then I won't have to do my usual post commands clean up such as chowning directories. Here's a snippet from one of my playbooks:
- name: checkout repo
git: repo=https://github.com/some/repo.git version=master dest={{ dst }}
sudo: yes
- name: change perms
file: dest={{ dst }} state=directory mode=0755 owner=some_user
sudo: yes
Ideally I could run commands or sets of commands as a different user even if it requires sudo to su to that user.
Source: (StackOverflow)
I have read the Ansible documentation but I am still a bit confused about the three following parameters in ansible playbooks: user, sudo, sudo_user.
I have tried the following playbooks with different combination of the parameters:
user:deploy => Works
user:deploy and sudo: True => Hangs on the git task
user:deploy, sudo: True and sudo_user: deploy => Works
What does sudo_user actually do?
When and why should I use each of these combinations?
- hosts: all
user: deploy
sudo: True
sudo_user: deploy
tasks:
- name: Ensure code directory
file: dest=/home/deploy/code state=directory
- name: Deploy app
git: repo=git@bitbucket.org:YAmikep/djangotutorial.git dest=/home/deploy/code
Thanks
Source: (StackOverflow)
When creating a new Ansible role, the template creates both a vars
and a defaults
directory with an empty main.yml
file. When defining my role, I can place variable definitions in either of these, and they will be available in my tasks.
What's the difference between putting the definitions into defaults
and vars
? What should go into defaults
, and what should to into vars
? Does it make sense to use both for the same data?
I know that there's a difference in precedence/priority between the two, but I would like to understand what should go where.
Let's say that my role would create a list of directories on the target system. I would like to provide a list of default directories to be created, but would like to allow the user to override them when using the role.
Here's what this would look like:
---
- directories:
- foo
- bar
- baz
I could place this either into the defaults/main.yml
or in the vars/main.yml
, from an execution perspective, it wouldn't make any difference - but where should it go?
Source: (StackOverflow)
I want to setup a MySQL server on AWS, using Ansible for the configuration management.
I am using the default AMI from Amazon (ami-3275ee5b), which uses yum
for package management.
When the Playbook below is executed, all goes well. But when I run it for a second time, the task Configure the root credentials
fails, because the old password of MySQL doesn't match anymore, since it has been updated the last time I ran this Playbook.
This makes the Playbook non-idempotent, which I don't like. I want to be able to run the Playbook as many times as I want.
- hosts: staging_mysql
user: ec2-user
sudo: yes
tasks:
- name: Install MySQL
action: yum name=$item
with_items:
- MySQL-python
- mysql
- mysql-server
- name: Start the MySQL service
action: service name=mysqld state=started
- name: Configure the root credentials
action: command mysqladmin -u root -p $mysql_root_password
What would be the best way to solve this, which means make the Playbook idempotent? Thanks in advance!
Source: (StackOverflow)
I’m using Ansible 1.5.3 and Git with ssh agent forwarding (https://help.github.com/articles/using-ssh-agent-forwarding). I can log into the server that I am managing with Ansible and test that my connection to git is correctly configured:
ubuntu@test:~$ ssh -T git@github.com
Hi gituser! You've successfully authenticated, but GitHub does not provide shell access.
I can also clone and update one of my repos using this account so my git configuration looks good and uses ssh forwarding when I log into my server directly via ssh.
The problem: When I attempt the same test shown above using the Ansible command module. It fails with “Permission denied”. Part of the Ansible output (with verbose logging) looks like this:
failed: [xxx.xxxxx.com] => {"changed": true, "cmd": ["ssh", "-T", "git@github.com"], "delta": "0:00:00.585481", "end": "2014-06-09 14:11:37.410907", "rc": 255, "start": "2014-06-09 14:11:36.825426"}
stderr: Permission denied (publickey).
Here is the simple playbook that runs this command:
- hosts: webservers
sudo: yes
remote_user: ubuntu
tasks:
- name: Test that git ssh connection is working.
command: ssh -T git@github.com
The question: why does everything work correctly when I manually log in via ssh and run the command but fail when the same command is run as the same user via Ansible?
I will post the answer shortly if no one else beats me to it. Although I am using git to demonstrate the problem, it could occur with any module that depends on ssh agent forwarding. It is not specific to Ansible but I suspect many will first encounter the problem in this scenario.
Source: (StackOverflow)
I need to copy file form machine A to machine B whereas my control machine from where i run all my ansible tasks is machine C(local machine)
I have tried the following:
- use scp command in shell module of ansible
hosts: machine2
user: user2
tasks:
- name: Copy file from machine1 to machine2
shell: scp user1@machine1:/path-of-file/file1 /home/user2/file1
This approach just goes on and on never ends.
- use fetch & copy modules
hosts: machine1
user: user1
tasks:
- name: copy file from machine1 to local
fetch: src=/path-of-file/file1 dest=/path-of-file/file1
hosts: machine2
user: user2
tasks:
- name: copy file from local to machine2
copy: src=/path-of-file/file1 dest=/path-of-file/file1
This approach throws me an error as follows:
error while accessing the file /Users//.ansible/cp/ansible-ssh-machine2-22-, error was: [Errno 102] Operation not supported on socket: u'/Users//.ansible/cp/ansible-ssh-machine2-22-'
Any suggestions would be helpful.
Source: (StackOverflow)