Commands & Configuration Flashcards

Question 1

Q

Which option for the ‘ansible’ command allows one to specify an inventory file to be used?

Answer

A

-i

With the ‘-i’ option, one can specify a path to an inventory file or one can pass a comma separated list of hosts.

Question 2

Q

Which ansible option allows one to specify which user to use when connecting/logging-in to the hosts?

Answer

A

-u

The ‘-u’ option allows you to specify the remote user for the SSH connection.

Question 3

Q

Which option forces ansible to use password-based authentication when connecting to remote hosts?

When might it be necessary?

Answer

A

-k

The ‘-k’ option informs ansible to prompt for a password when attempting to login via SSH.

By default, ansible assumes you want to connect with SSH keys rather than by password.

Question 4

Q

Which option is used to instruct ansible which user to switch to after logging in to the remote host?

Answer

A

‘-b’ or ‘–become’

The ‘-b’ option can instruct ansible to effectively ‘su’ to another user after logging in to the host. This is often used to elevate to root or some account with administrative privileges.

When used without an argument, the ‘-b’ option defaults to root.

Question 5

Q

Which option for the ‘ansible’ command instructs the command to prompt for a password to use to elevate to the account specified by the ‘-b’ option?

Answer

A

-K

This options instructs ansible to prompt for a privilege escalation password.

Question 6

Q

Suppose you want to use ansible to create the ‘student’ user account on all hosts in the inventory. You’re going to log-in to the remote hosts as the ‘admin’ user but then elevate to root on all of the hosts. How can this be done in a one-liner?

Assume that the ‘ansible.cfg’ file doesn’t specify an inventory file.

Answer

A

ansible -i inventory all -u admin -k -b -K -m user -a “name=student”

The built-in ‘user’ module allows you to manage user accounts via ansible.

Question 7

Q

Suppose you wanted to enable the user ‘student’ to have permission to run all commands as all users on all hosts without needing to input a password. How would you enable this?

Answer

A

Add the following to ‘/etc/sudoers’ or a drop-in file in ‘/etc/sudoers.d/’

student ALL=(ALL) NOPASSWD: ALL

The first ‘ALL’ corresponds to all hosts.
The second ‘ALL’ corresponds to being able to run the relevant command as all users/groups.
The third ‘ALL’ corresponds to being able to run all commands.

The ‘NOPASSWD’ tag allows student to run all commands without giving a password.

Question 8

Q

Suppose you wanted to enable the user ‘student’ to have permission to run ‘kill’ as all users on all hosts without needing to input a password and run ‘arp’ as all users on all hosts with needing a password. How would you enable this?

Answer

A

Add the following to ‘/etc/sudoers’ or a drop-in file in ‘/etc/sudoers.d/’

student ALL=(ALL) NOPASSWD: /bin/kill, PASSWD: /sbin/arp

Question 9

Q

Where is the default ansible inventory stored?

Answer

A

/etc/ansible/hosts

An alternative inventory location can be specified in ansible.cfg

Question 10

Q

Suppose in your ansible inventory you have a group titled ‘webservers’ and you want to see the hosts that belong to this group. Which command will do this?

Answer

A

ansible -i inventory webservers –list-hosts

‘-i inventory’ is used to defined an inventory file different than the default

Question 11

Q

Describe the following inventory file:

ansible1
ansible2

[webservers]
apache1
apache2
apache3

[databases]
pgsql1
pgsql2

[servers:children]
webservers
databases

Answer

A

There are 7 unique hosts being managed by the inventory.

There are 3 groups being managed. The ‘webservers’ and ‘databases’ groups are nested within the ‘servers’ group.

The hosts ‘ansible1’ and ‘ansible2’ are considered ‘ungrouped’ which means they belong to no group.

‘ungrouped’ is technically a group itself. This group refers to all hosts that belong to no group other than the built-in ‘all’ group.

Question 12

Q

Where is the ansible configuration file stored?

Answer

A

/etc/ansible/ansible.cfg

‘ansible –version’ will show the ‘ansible.cfg’ file being used.

Each project can have its own ‘ansible.cfg’ file. If a project-specific ‘ansible.cfg’ file is found, the main ‘/etc/ansible.ansible.cfg’ will be ignored.

Question 13

Q

Describe the following ansible.cfg file:

[defaults]
inventory = inventory
remote_user = ansible
host_key_checking = false
deprecation_warning = false

[privilege_escalation]
become = True
become_method = sudo
become_user = root
become_ask_pass = False

Answer

A

The [defaults] section sets the default settings while the [privilege_escalation] section sets how ansible runs commands on managed hosts.

‘inventory’ defines the path to the inventory file
‘remote_user’ is the name of the user that will log in on the remote host
‘ask_pass’ specifies whether or not to prompt for a password

‘become’ indicates whether you want to automatically switch to the ‘become_user’
‘become_user’ specifies the user that ansible will change to after connecting to the remote host
‘become_method’ sets how to become the other user after connecting

Question 14

Q

What is ansible-navigator?

Answer

A

ansible-navigator is a command-line tool and text-based interface for creating, reviewing, running and troubleshooting different types of Ansible content.

ansible-navigator is primarily used alongside execution environments.

An execution environment is just a container image serving as an Ansible control node.

Question 15

Q

Which command can be used to list all currently available Ansible modules on a machine?

Answer

A

ansible-doc -l

The ‘-l’ option lists all available modules.

The ‘ansible-doc’ command is used for viewing Ansible-specific documentation.

Question 16

Q

Suppose you want to find detailed documentation on how to use the ‘ansible.builtin.shell’ module. How could you do this?

Answer

A

ansible-doc -t module shell

If you don’t know the name of the module, you could first list all available modules with the ‘ansible-doc -l’ command.

If you’re interested in a different plugin type, you could run the command ‘ansible-doc -t [plugin-type] -l’ instead. Then after finding the plugin name, you would run ‘ansible-doc -t [plugin-type] [plugin-name]’ to get the detailed documenation page.

The ‘-t’ option allows you to filter the documentation for specific types of plugins (the default plugin type is ‘module’)

Question 17

Q

What is the ‘requirements.yml’ file?

Answer

A

The ‘requirements.yml’ file lists all required collections for a project.

This file is usually found in the current project directory.

The ‘requirements.yml’ file is usually used as an argument to the ‘ansible-galaxy’ command.

Question 18

Q

What is the ‘ansible-galaxy’ command?

Answer

A

‘ansible-galaxy’ is used to install collections from a Galaxy server.

The default Galaxy server is ‘galaxy.ansible.com’

Question 19

Q

How can one list all installed collections with the ‘ansible-galaxy’ command?

Answer

A

ansible-galaxy collection list

Question 20

Q

How can one install all collections specified by the ‘requirements.yml’ file?

Answer

A

ansible-galaxy collection install -r requirements.yml

The -r option allows one to specify a requirements file.

Question 21

Q

How can one install the Ansible ‘my.collection’ collection while making sure that it is accessible from the execution environment?

Answer

A

ansible-galaxy collection install my.collection -p collections

The ‘-p’ option allows one to specify the path where collections will be placed after being downloaded.

‘-p collections’ installs collections in ‘./collection/’

Without the ‘-p’ option, the collection is installed in the default collections path which is ‘~/.ansible/collections:/usr/share/ansible/collections’

The default path for collections is specified by the ‘collections_path’ variable in the ‘ansible.cfg’ file.

The default ‘collections_path’ is not available from within the ‘ansible-navigator’ execution environment.

Question 22

Q

How does one set up ‘ansible-navigator’ on a Linux machine?

Answer

A

Install ‘ansible-navigator’: sudo dnf install ansible-navigator
Login to the RedHat container registry: podman login registry.redhat.io
Pull the RedHat execution environment image: podman pull registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel8:latest
All ‘ansible-navigator’ commands should now work!

Use RedHat developer account credentials for the registry login

’~/.ansible-navigator.yml’ can be defined to include generic settings for ‘ansible-navigator’

Like other Ansible commands, if an ‘ansible-navigator.yml’ file is found in the current project directory, this will have higher priority than the settings file found in the home directory.

Question 23

Q

How would you ping all hosts in the inventory to verify connectivity?

Answer

A

ansible all -m ping

Question 24

Q

What is the default module for running ad-hoc commands with the ‘ansible’ utility?

Answer

A

ansible.builtin.command

This means that ‘-m command’ isn’t necessary when using this module

Question 25

Q

How could you ensure that the ‘httpd’ service is running on ‘managed-node1’ ?

Answer

A

ansible managed-node1 -m service -a ‘name=httpd state=started’

Question 26

Q

How could you list the user account being used after connecting to each managed node? (without using the shell module)

Answer

A

ansible -a ‘whoami’

The command module is not idempotent.

‘-m command’ isn’t necessary since the command module is the default module.

The ‘ansible.builtin.command’ module doesn’t support the use of shell metacharacters (a metacharacter is a space, tab, newline, or one of the following characters: ‘|’, ‘&’, ‘;’, ‘(’, ‘)’, ‘<’, or ‘>’)

Question 27

Q

How could you verify that the ‘nginx’ package is installed on every managed host?

Answer

A

ansible all -m shell -a ‘rpm -qa | grep nginx’

Use of the pipe (‘|’) is supported in the ‘ansible.builtin.shell’ module

Question 28

Q

How could you copy the contents ‘Welcome!’ into the ‘message of the day’ file on each managed host?

Answer

A

ansible all -m copy -a ‘content=”Welcome!” dest’=/etc/motd’

Question 29

Q

Why is it better to use the ‘user’ module than to use the ‘command’ module for managing users with Ansible?

Answer

A

The ‘command’ module is not idemptotent. The ‘user’ module is idemptotent.

The ‘command’ module should only be used when no dedicated module exists or can be found for a task.

Question 30

Q

Describe the important pieces of the following playbook:

Answer

A

This playbook will install/enable the ‘vsftpd’ package on the ‘ansible2’ managed node. It will then use the ‘copy’ module to add content to the ‘/var/ftp/pub/README’ file.

Lines that begin with a dash (-) are part of a YAML list. The first line (-name: deploy vsftpd) is a ‘play’ within the playbook. Each playbook can contain multiple plays and within each play there can be multiple tasks.

The first two tasks use the old, deprecated Ansible playbook syntax for specifying arguments. The final task (copy) uses the modern syntax for specifying arguments. This modern syntax conforms better with YAML syntax.

Question 31

Q

How could you run the ‘vsftpd.yml’ file using ‘ansible-navigator’ with the output being displayed similarly to running playbooks normally?

Answer

A

ansible-navigator run -m stdout –pp never vsftpd.yml

‘-m stdout’ will write the command output to STDOUT instead of using interactive mode.

’–pp never’ will instruct ‘ansible-navigator’ to not check for a newer version of the specified container image.

Question 32

Q

Suppose you want to instruct ‘ansible-navigator’ to not check for a new container image every time you run a playbook without having to manually specify ‘–pp never’ on the command line every time. How can you do this?

Answer

A

Add the following to your ‘.ansible-navigator.yml’ file:

What matters here is the “policy: missing” for pulling container images. This will tell ‘ansible-navigator’ to only pull an image if the desired one is missing.

Question 33

Q

What is the purpose of running a playbook with interactive mode in ‘ansible-navigator’ ?

Answer

A

Interactive mode is good for debugging. It allows you to separately view each individual play/task in a playbook.

It can be used by simply running a playbook with ‘ansible-navigator’ and not specifying ‘-m stdouot’

Question 34

Q

What is a ‘play’ in an Ansible playbook?

Answer

A

A ‘play’ is a series of tasks executed against selected hosts from the inventory, using specific credentials.

Using multiple plays allows running tasks on different hosts, using different credentials from the same playbook.

Each play can have its own escalation parameters defined. Some of the common ones include the following:

remote_user
become
become_method
become_user

Question 35

Q

Where/How can variables be defined?

Answer

A

Variables can be defined in playbooks
The output of a command/task can be used as a variable via the ‘register’ keyword
‘vars_prompt’ can be used to ask for user input and then store that as a variable
Variables can be specified on the command line
Variables can be defined in include files

Include files make for the most portable playbooks as an include file can be creatd per environment, rather than hardcoding site-specific values in multiple different playbooks.

Question 36

Q

How could you define a ‘web_package’ variable with the value ‘httpd’ at the beginning of a play within a playbook?

Question 37

Q

Suppose you want to use an include file named ‘users.yml’ to define variables for a play. How could you do this?

Answer

A

It’s common practice to have a ‘vars’ subdirectory in your Ansible project directory for storing different include files.

Question 38

Q

How do you refer to a variable within a playbook after defining it? Use ‘web_package’ as an example.

Answer

A

Refer to a variable as: {{ web_package }}

If the variable is the first element, quotes must be used: “{{ web_package }}”

If the variable is used in a conditional, no curly braces are needed: web_package

Question 39

Q

What are host variables and how do they work?

Answer

A

Host variables are variables that are specific to a single host. They are defined in a YAML file that has the name of the inventory hostname and are stored in a ‘host_vars’ subdirectory within the project directory.

You can also define variables for host groups. This file should have the name of the host group and be located within the ‘group_vars’ directory in the project directory.

Question 40

Q

What are some common system variables?

Answer

A

hostvars: a dictionary that contains all variables applied to a specific host

inventory_hostname: inventory name of the current host

inventory_hostname_short: short host inventory name

groups: all hosts in inventory, and groups these hosts belong to

group_names: list of groups the current host is a part of

ansible_check_mode: boolean that indicates if play is in check mode

ansible_play_hosts: active hosts in the current play

ansible_version: current Ansible version

System variables are built in and cannot be used for anything else.

Question 41

Q

Suppose you want to create an encrypted host variables file for the ‘webserver01’ host.
1. Where should it be located so that ‘ansible-playbook’ automatically uses it?
2. Which command can be used to create the encrypted variables file?
3. After creating it, how can the file then be used? (Assume you want to run the ‘startup.yml’ playbook)

Answer

A

The file could be located in a subdirectory (inside the base host_vars directory) named after the host in question. In this scenario that would be ‘host_vars/webserver01/vault.yml’ (the name of the variables file ultimately doesn’t matter as long as it’s inside the host_vars directory)
‘ansible-vault create host_vars/webserver01/vault.yml’
‘ansible-playbook –ask-vault-pass startup.yml’

When creating a vault file via the ‘ansible-vault create’ command, the user will be prompted for a password that will then be used to protect the vault file.

The ‘–ask-vault-pass’ option allows the ‘ansible-playbook’ command to prompt the user for the encryption password for the vault file.

Question 42

Q

Suppose you want to run the ‘startup.yml’ playbook and it requires variables from a vault protected variables file. You don’t want to input the vault password via the command line. How can you instruct Ansible to run the playbook and automatically use the ‘/root/vault-pass’ file to find the vault password?

Answer

A

ansible-playbook –vault-password-file=/root/vault-pass startup.yml

Question 43

Q

What could you add to a playbook to disable fact gathering?

Answer

A

In the play header, add the following:

gather_facts: no

Even if fact gathering is disabled, it can be enabled again by running the ‘setup’ module in a task.

Question 44

Q

Which variable contains all of the facts discovered by Ansible?

Answer

A

ansible_facts

Question 45

Q

Suppose you want to access a fact gathered by Ansible within a playbook. The fact is ‘address’ which is within the ‘default_ipv4’ dictionary which itself is inside the ‘ansible_facts’ dictionary. What is the preferred syntax for accessing this value?

Answer

A

ansible_facts[‘default_ipv4’][‘address’]

This syntax also works:
ansible_facts.default_ipv4.address

This syntax, although deprecated, works as well:
ansible_default_ipv4.address

Question 46

Q

What are custom facts in Ansible?

Answer

A

Custom facts, unlike host variables, are stored on the managed host. Custom facts are stored in an ‘ini’ or ‘json’ file in the ‘/etc/ansible/facts.d’ directory on the managed host.

These files must end with a ‘.fact’ extension.
Custom facts must have a ‘[label]’ to help identify the variables.

The ‘/etc/ansible/facts.d’ directory doesn’t usually exist by default on a host.

Question 47

Q

While Ansible is running, where are custom facts stored?

Answer

A

Custom facts are stored in the “ansible_facts[‘ansible_local’]” variable.

Question 48

Q

Suppose you want to create some custom facts on a managed host describing the Apache service/package. You want the package to be installed and the service to be enabled. This content will be placed in the ‘/etc/ansible/facts.d/localfacts.fact’ file on the managed host. What content should be in this file? (use ‘ini’ file format and use ‘apache’ as the label)

Answer

A

[apache]
package=httpd
service=httpd
state=enabled

Question 49

Q

Suppose a host named ‘pg-01’ is expected to contain certain local variables. Which ad-hoc command can allow you to quickly view the local variables for this host?

Answer

A

ansible pg-01 -m setup -a “filter=ansible_local”

The ‘setup’ module is useful for verifying whether variables are available to a host. It is automatically called by other playbooks during the fact gathering phase.

Question 50

Q

What conditionals are available in Ansible?

Answer

A

loop: allows you to loop over a list of items

when: performs tasks only when a variable is equal to a specific value

handlers: tasks that only run when notified by other tasks

Question 51

Q

Suppose you want to create an Ansible playbook that creates the following three users:
1. anna
2. linda
3. bob

These three users should belong to the following groups, respectively:
1. wheel
2. users
3. users

How could you do this by using a loop with the ‘ansible.builtin.users’ module?

Answer

A

‘item’ is the variable that is automatically created per loop iteration.

Question 52

Q

Suppose you have a playbook with a list variable created named ‘supported_distros’ defined at the beginning of the play. The list contains Ubuntu, CentOS, and Fedora as values. There’s also a ‘mypackage’ variable containing the value ‘nmap.’ How could you use a ‘when’ conditional to only install ‘mypackage’ on managed hosts whose operating systems are in the ‘supported_distros’ variable?

Answer

A

Remember, variables used in ‘when’ conditionals don’t need to be surrounded in curly brackets or double quotes. They’re automatically considered to be in Jinja2 syntax.

Question 53

Q

What are some conditional operators available in Ansible ‘when’ statements?

Question 54

Q

Under what conditions will this package be installed?

Answer

A

The ‘httpd’ package will only be installed when the target host is running CentOS and when the host has less than 512 MB of memory available.

Ansible ‘when’ statements can take lists to form complex multi-conditional requirements.

Question 55

Q

Under what conditions will ‘httpd’ be installed?

Answer

A

‘httpd’ will be installed on a host if it is running RedHat and has less than 512 MB of memory free, or if the host is running CentOS and it has less than 1024 MB of memory available.

The ‘>’ at the beginning of the ‘when’ statement allows the following value to wrap across multiple lines.

Question 56

Q

What does this playbook do?

Answer

A

This playbook prompts the user for a value and then places that value in the ‘username’ variable. Next, it searches the ‘/etc/passwd’ file and prints out a debug message only when the ‘/etc/passwd’ file contains the ‘username’ for which the user is searching.

“private: no” allows the user to see their input as they type it out at the command line.

This ‘when’ statement showcases how to access fields within registered output.

Question 57

Q

Suppose you have a playbook that copies an ‘index.html’ file to an Apache project root directory. You want to create a handler named ‘restart_web’ that triggers Apache to restart only when the ‘index.html’ file is copied to the DocumentRoot. How can this be done?

Answer

A

To run a handler, a ‘notify’ statement with the name of the handler must be present in the main task.

Normally, handlers only execute after running all tasks in a play. However, using ‘meta: flush_handlers’ will run all handlers immediately. Only handlers that have been notified by this point in the play are flushed, not all handlers.

If one of the next tasks in the play fails, handlers will not run. This can be overridden by using ‘force_handlers: True’

Question 58

Q

What are some things that can be done with the ‘ansible.builtin.meta’ module?

Question 59

Q

What are the three main sections of a ‘block’ in Ansible and what are they used for?

Answer

A

Blocks are best used for error handling:

‘block’ defines the main tasks to run
‘rescue’ defines tasks to run if the tasks defined in ‘block’ fail
‘always’ defines tasks that will always run

Question 60

Q

Describe the following Ansible ‘block’

Answer

A

This block will attempt to remove the ‘/var/www/html/index.html’ file.

If this removal command fails, then the ‘rescue’ section will be triggered and ‘/tmp/rescuefile’ will be created.

Then, no matter the outcome of the previous sections, the ‘always’ section will be triggered. This will log a message to the system logs and then print a debug message.

Question 61

Q

By default, Ansible aborts the rest of the play on a host if any task fails for that host. How can this behavior be bypassed?

Answer

A

using ‘ignore_errors’ in a task/play will instruct Ansible to ignore errors generated and continue the play/task for that host.

If ‘ignore_errors: yes’ and ‘force_handlers: no’ are both set, then handlers will run after failing tasks.

Question 62

Q

What will the results be for the following playbook?

Answer

A

The first task in this playbook will always fail, however it will still continue to the debug task due to ‘ignore_errors: yes’ being set for the first task.

‘failed_when’ can be used to specify custom failure conditions for a task.

Question 63

Q

What will the results be for the following playbook?

Answer

A

The first task in this playbook will always fail, however it will still continue to the debug task due to ‘ignore_errors: yes’ being set for the entire play.

Additionally, the ‘fail’ module is being used to print a custom error message. The ‘fail’ task will trigger when the string ‘world’ is found in the output of the ‘echo’ command in the first task.

When using the ‘fail’ module, the failing task must have ‘ignore_errors’ set to ‘yes’

Question 64

Q

When might you want to define a custom ‘changed’ status for a task?

Answer

A

You may want to define custom ‘changed’ conditions for non-idempotent modules such as ‘command’ or ‘shell.’

Non-idempotent modules can only discern a difference between success and failure and cannot discern between changed/not-changed. Therefore, non-idempotent modules may falsely report ‘changed’ when in reality no change has happened.

Answer 62

A

An ‘include’ is a dynamic process. Ansible process the contents of the included files at the moment that this include is reached.

An ‘import’ is a static process. Ansible preprocesses the imported file contents before the actual play is started.

Playbook imports must be defined at the beginning of the playbook, using ‘import_playbook’

You cannot trigger a handler in an imported task file from the main task file.

Answer 63

A

This playbook will only include the tasks in the ‘tasks/service.yaml’ file when the host OS is in the RedHat family. This include will happen dynamically, meaning that the tasks will be included only once execution reaches this ‘include_tasks’ line.

On the other hand, the ‘tasks/firewall.yaml’ file will always be imported into the playbook. Additionally, this will occur before the playbook begins executing tasks.

Both tasks are using variables that are defined in the included/imported task files.

Answer 64

A

ansible.builtin.lineinfile - useful for changing a single line in a file

ansible.builtin.blockinfile - manipulates multi-line blocks of text in files

ansible.builtin.file - sets attributes to files, and can also create and remove files, symbolic links and more

ansible.builtin.stat - useful for requesting file statistics (works well when combined with registering output to a variable)

Answer 65

A

ansible.builtin.copy - copies a file from a local machine to a location on a manged host

ansible.builtin.fetch - used to fetch a file from a remote machine and store it on the management node

ansible.posix.synchronize - synchronizes files ‘rsync’ style (only works if ‘rsync’ is installed on on the target hosts)

ansible.posix.patch - applies patches to files

Answer 66

A

‘ansible_managed’ is often used as a comment in configuration files to indicate that the file is managed by Ansible. It is commonly used in templates or tasks that generate files to ensure that users know the file is managed by Ansible and should not be modified manually.

‘ansible_managed’ is commonly defined in ‘ansible.cfg’ under the ‘[defaults]’ section.

Here is an example:
~~~
ansible_managed={file} modified by Ansible on %d-%m-%Y by {uid}
~~~

Answer 67

A

- name: Create VSFTPD config from template
  template:
    src: vsftpd.j2
    dest: /etc/vsftpd/vsftpd.confg

This assumes that ‘vsftpd.j2’ is located under ‘./templates/vsftpd.j2’

Answer 68

A

{% for host in groups['db_servers'] %}
    {{ host }}
{% endfor %}

Answer 69

A

{% for host in groups['db_servers'] %}
   {{ hostvars[host]['ansible_eth0']['ipv4']['address'] }}
{% endfor %}

Before accessing facts about a host, you have to first be sure that the facts have been populated. You can ensure this by having a previous play/task contact the server.

Answer 70

A

‘ansible.builtin.file’ sets SELinux context directly on files and not in the policy.

‘community.general.sefcontext’ sets context in the SELinux policy but not to files. It’s common to then use ‘ansible.builtin.command’ to run ‘restorecon’ so that these changes are applied to the filesystem.

Answer 71

A

policycoreutils-python-utils

You can easily install this with the ‘ansible.builtin.yum’ module.

Answer 72

A

hostvars
groups
group_names
inventory_hostname

Answer 73

A

Ansible uses the ‘roles_path’ setting when installing roles.

The default ‘roles_path’ will use the following order of precedence:
* A roles directory in the current project directory
* The ‘~/.ansible/roles’ directory
* ‘/etc/ansible/roles’
* ‘/usr/share/ansible/roles’

Roles will be installed to the first directory in the ‘roles_path’

‘ansible-galaxy role install -p [alternate-path]’ can be used to install roles in different locations.

Answer 74

A

ansible-galaxy role list

Answer 75

A

The first source installs version 2 of ‘myrole’ from a Git repository.

The second source installs ‘myrole’ as ‘mytarrole’ from a file URI.

The last source installs ‘myrole’ as ‘mywebrole’ from a web location.

If a role is hosted in Git, the ‘scm: git’ attribute is required, otherwise Ansible will interpret the Git URL incorrectly.

SCM (Source Code Management)

Answer 76

A

Tasks specified under ‘pre_tasks:’ will run before roles while tasks specified under ‘post_tasks:’ will run after roles.

Answer 77

A

Variables in the ‘defaults’ directory in the role provide default variables that are intended to be changed in plays.

Variables in the ‘vars’ directory in the role are used for internal purposes in the role and are not intended to be overwritten in the playbook.

Answer 78

A

ansible-galaxy init database

Answer 79

A

Installing the RPM is better than installing the content collection. The RPM comes with sample playbooks located in the ‘/usr/share/doc/rhel-system-roles’ directory.

dnf install rhel-system-roles

Answer 80

A

at the play level with the roles option: This is the classic way of using roles in a play.
at the tasks level with ‘include_role’: You can reuse roles dynamically anywhere in the tasks section of a play using ‘include_role’
at the tasks level with ‘import_role’: You can reuse roles statically anywhere in the tasks section of a play using ‘import_role’
as a dependency of another role

Answer 81

A

---
- hosts: webservers
  roles:
    - common
    - webservers

You could also use fully qualified paths:

---
- hosts: webservers
  roles:
    - role: '/path/to/my/roles/common'
    - role: '/path/to/my/roles/webservers'

Answer 82

A

Add the following to ‘ansible-navigator.yml’

ansible-navigator:
  playbook-artifact:
	    enable: false

Answer 83

A

‘verbosity’ allows you to set a condition for when specific ‘debug’ tasks will run. For example, if you have a ‘debug’ task with ‘verbosity: 2’ set, then the task will only execute if the playbook is executed from the command line with the ‘-vv’ option.

The number passed to ‘verbosity’ determines how many ‘-v’ options are necessary for it to run.

Answer 84

A

You can use the ‘–check’ option with ‘ansible-playbook’ on the command line.

Modules in the playbook must support check mode for this to work. Check mode doesn’t always work well in conditionals.

Answer 85

A

The ‘uri’ module is used to check content that is returned from a specific URL.

The ‘script’ module can be used to run a script (in this context a custom test script) from the control node on managed nodes.

The ‘stat’ module returns a dictionary of statistics about a specific file. These results can be registered in a variable for future testing.

The ‘assert’ module will fail with an error if a specific condition is not met.

Answer 86

A

atime: last access time of the file

isdir: true if file is a directory

exists: true if file exists

size: size in bytes

Answer 87

A

The playbook prompts the user for a number (representing a filesize in megabytes) and then stores that in the ‘filesize’ variable.

Next, the ‘assert’ module is used to determine whether the input provided is in between 1 and 100. If it is, then the ‘success_msg’ is displayed. If not, the ‘fail_msg’ is displayed.

Lastly, if the ‘assert’ is succesful, the file is created.

In the ‘assert’ task, the ‘filesize’ variable must be converted into an integer before being compared. The input from ‘vars_prompt’ is stored as a string by default.

Answer 88

A

To install a package group, put a ‘@’ in front of the name.

Answer 89

A

- name: Get information about packages
  ansible.builtin.package_facts:
    manager: auto

This will cause Ansible to gather package facts and store them within the ‘ansible_facts[‘packages’]’ variable.

Answer 90

A

ansible.builtin.yum_repository

This module creates a repository file in the ‘/etc/yum.repos.d’ directory.

If the module argument ‘gpgcheck: yes’ is used, then the ‘ansible.builtin.rpm_key’ module must be used to install the GPG key.

Answer 91

A

createrepo

Install this command with ‘dnf install createrepo’

Answer 92

A

ansible.builtin.authorized_keys

The public key being copied must be in a public location on the control host, where it is readable.

Answer 93

A

ansible.builtin.known_hosts

This is often used to ensure that users are not prompted to verify the remote host SSH key fingerprint before connecting to the server.

Brainscape's Knowledge GenomeTM

Commands & Configuration Flashcards

Brainscape's Knowledge Genome^TM