Roles

Question 1

What is the list of files and folders pertaining to a role called database?

Answer 1

database/defaults/main.yml
/database/vars/main.yml
/database/handlers/main.yml
/database/files
/database/templates
/database/tasks/main.yml
/database/meta/main.yml

Question 2

How do I change the location of systemwide roles?

Answer 2

In ansible.cfg, change the defaulst.
[defaults]
roles_path=~/ansible/system_roles

This can also be done by setting env variable ANSIBLE_ROLES_APTH

Question 3

Do ansible have a notion of importing or including other playbooks?

Answer 3

Yes. Use include to include tasks and plays.

include: django.yml

Question 4

A variable proxy_hostname is defined in role database. I sit visible in a different role web?

Answer 4

Yes. Ansible has no notion of namespace across roles. A variable defined in one role will be visible everywhere else.

Question 5

What is the difference between tasks in a playbook and tasks in a role?

Answer 5

In a role, default location for files is /rolename/files or /rolename/templates for templates.

In a normal playbook the default location is inventory location.

This has an impact on copy and template modules.

Question 6

What is ansible-galaxy?

Answer 6

A command line tool that is used to find and download roles published by the community.

It can also be used to generate the skeleton for creating a role.

Question 7

How do use galaxy to create a role scaffolding?

Answer 7

ansible-galaxy init -p playbooks/roles web

Question 8

How do you declare role dependency?

Answer 8

dependencies:

• { role: ntp, ntp_server=ntp.ubuntu.com}
• { role: memcached}
• { role: activemq}

Question 9

What is Ansible Galaxy?

Answer 9

An open source repo of community contributed ansible roles.

Question 10

Install ntp role bennojoy from galaxy

Answer 10

ansible-galaxy install -p ./roles bennojoy.ntp

Question 11

Where does ansible galaxy install roles by default?

Answer 11

In system wide roles location

Question 12

List installed roles with galaxy

Answer 12

ansible-galaxy list

Question 13

Uninstall a role with galaxy

Answer 13

ansible-galaxy remove bennojoy.ntp

Question 14

How do you change the way ansible detect if a task has changed a state or failed?

Answer 14

use change_when and failed_when

Question 15

What is ansible behavior when a task failed and how do you change this behavior?

Answer 15

• Ansible stops the processing when a task failed

- To change this behavior use failed_when: False

Question 16

Explain following task:

- copy: src=/src/main/java/Job.java /src/main/java/Job.java
  failed_when: False
  register: result
  debug: var=result
  fail:

Answer 16

• Attempt to copy file Job1.java into Job.java
• If the task fails, do not stop
• register the result in the variable called result
• log the result
• stop the playbook execution

Question 17

Ansible ad-hoc command to delete a prostgres db called players

Answer 17

• ansible –become –become-user postgres -m postgresql_db -a “name=players state=absent”

Question 18

Where can I use filters in Ansible?

Answer 18

Inside {{}} and inside templates

Question 19

What is the similitude between filters and pipes?

Answer 19

Using filters resembles using linux pipes. A variable is pipled through a filter.

Question 20

Give an example of default filter and explain

Answer 20

“HOST”: “{{ database_host | default(‘localhost’) }}”

Expression evaluates to database_host if it is defined; otherwise it evaluates to ‘localhost’.

Question 21

Examples of variable filters

Answer 21

failed, changed, success, skipped

Question 22

Examples of file filters

Answer 22

basename, dirname, expanduser, realpath

Question 23

Example that shows the usage of basename filter

Answer 23

vars:
home: /usr/share/nginx/html/index.html
tasks:
- copy: src=files/index.html dest= {{ home }}

With basename filter:

vars:
home: /usr/share/nginx/html/index.html
tasks:
- copy: src=files/{{ home | basename }} dest= {{ home }}

Question 24

Explain the join filter

Answer 24

join a list of strings with a given delimiter

HOSTS: “{{ domains | join(‘,’)}}”

Question 25

Where does ansible look for custom filters?

Answer 25

in folder filter_plugins, relatively to the directory containing playbooks or location can be defined using env variable ANSIBILE_FILTER_PLUGINS

Question 26

What are lookups?

Answer 26

An ansible mechanism to to read configuration data from various sources so that this data can be used in playbooks or templates.

Question 27

Give example of lookups

Answer 27

file, password, pipe, env, template, csvfile, redis_kv, etcd

Question 28

Provide lookup command to log SSH key from /Users/paul/.ssh/id_rsa.pub into a variable.

Answer 28

debug: var={{ lookup('file','/Users/paul/.ssh/id_rsa.pub') }}

Question 29

What is goal of the pipe lookup?

Answer 29

Evaluate an external program on the control machine. Such as checking the version of git source base. debug: msg="{{lookup('pipe', 'git rev-parse HEAD') }}"

Question 30

What is goal of the env lookup?

Answer 30

Retrieves the value of an environment variable on the control machine. debug: msg="{{lookup('env', 'SHELL') }}"

Question 31

What is goal of the password lookup?

Answer 31

Generate a random password and ALSO write it to the specifed file. -name: create deploy user postgresql_user: user: deploy password: "{{ lookup('password','deploy-password.txt')}}"

Question 32

What is goal of the template lookup?

Answer 32

Evaluate a jinja2 template and return the result. denug: msg="{{ lookup('template','message.j2')}}"

Question 33

What is goal of the csvfile lookup?

Answer 33

Read an entry from csv file debug msg="{{ lookup('csffile','Paul file=file.csv delimiter=, col=1') }}" col=the column to retrieve Paul=the row to retrieve; must appear exactly once in column 0.

Question 34

What is goal of the redis lookup?

Answer 34

Read an entry from redis debug: msg="{{ lookup('redix_kv', 'redis://host:port, my_key') }}"

Question 35

What is goal of the etcd lookup?

Answer 35

Read entry from etcd" debug: msg="{{ lookup('etcd','my_key')}}" etcd is defined in ANSIBLE_ETCD_URL

Question 36

How do you loop in Ansible?

Answer 36

Use: with_items, with_lines, with_dict, with_fileglob, with_flattened, with_first_found, etc.

Question 37

Explain with_lines

Answer 37

Run a command on the control machine and loop over its result, line by line. - name: log the content of a file line by line debug: msg="{{ lookup('file',item)}}" with_lines: - cat /files/turing.txt

Question 38

Explain with_fileglob

Answer 38

Iterates over a set of files on the control machine - name: log the content of each file in directory debug: msg="{{ lookup('file',item)}}" with_lines: - /files/*.txt - /var/logs/*log

Question 39

Explain with_dict

Answer 39

iterate over a dictionary -name: iterate over dict debug: msg="{{ item.key}}={{ item.value }}" with_dict: {{ ansible_eth0.ip4 }}

Question 40

What is the relationship between lookups and loops?

Answer 40

Loops are lookup plugins with name starting with "with_" and that return a list.

Question 41

How do you change the default looping variable?

Answer 41

Use loop_var construct. ``` - debug: msg= {{user.name}} with_items: - {name: gil} - {name: sarina} - {name: leanne} loop_control: loop_var: user ```

Question 42

Explain the benefit of renaming the loop control variable?

Answer 42

Avoid conflict in cases where some playbook fragments are included that use the same loop control variables.

Question 43

Explain the label instruction in loop control?

Answer 43

Helps users control how data should be displayed during loop execution.

Question 44

Explain no_log

Answer 44

Allows hiding password from logs.

Question 45

Explain include

Answer 45

Allow you to include tasks or playbooks. Often used in roles.

Question 46

What is dynamic include?

Answer 46

Dynamic include is a mechanism that allows you to dynamically evaluate the name of the file to include. - include: {{ ansible_os_family }}.yml

Question 47

What can be a drawback of dynamic include?

Answer 47

ansible-playbook --list-tasks might not be able to determine all tasks if it cannot evaluate all variables. Example: fact variables are not populated when using this command.

Question 48

What is the difference between include sand include_role?

Answer 48

include includes the complete content of a file include_role sllows selectively choosing what parts to include and where in the play to include it. include_role makes the handle available as well.

Question 49

What is conditional include and what is the syntax?

Answer 49

include a file only when a condition is met: - include: Debian.yml when: "ansible_os_family=='Debian'"

Question 50

How can I use a block to make my code more compact?

Answer 50

Use a block to group tasks and provide a common conditions or arguments. - block: - package: name: nginx - service: name: nginx state: started enabled: yes become: yes when: "ansible_os_family == 'Redhat'"

Question 51

What is ansible default error handling behavior?

Answer 51

take a host out of play if a task fails and continue as long as there are hosts remaining that haven't encountered errors.

Question 52

What clauses does ansible provide to give you more control on error handling?

Answer 52

serial, max_fail_percentage, block-rescue-always

Question 53

what is ansible-vault

Answer 53

A command line tool that allows you to encrypt credentials so ansible can use them. It creates encrypted file that ansible-playbook can recognize and decrypt automatically given the password.

Question 54

What are ansible valut commands?

Answer 54

``` create encrypt edit decrypt rekey view ```

Question 55

How to tell ansible to prompt for password that it will use to decrypt the secret files?

Answer 55

ansible-playbook playbook.ym --ask-vault-pass

Question 56

Where can I specify the location of the encrypted password file?

Answer 56

Use vars_files to specify the file or provide the file when launching the playbook using --vault-password-file.