Explore topic-wise InterviewSolutions in .

Task delegation is an important feature of Ansible since there MIGHT be use cases where we would want to perform a task on one host with reference to other hosts. We can do this using the delegate_to keyword. 

For example, if we want to MANAGE NODES in a load balancer pool we can do:

We are also defining serial to control the number of hosts executing at one time. There is another shorthand syntax called local_action which can be used instead of delegate_to. 

But there are few exceptions also such as include, add_host, and debug tasks that cannot be delegated.

ANSIBLE register is used to store the output from TASK execution in a VARIABLE. This is useful when we have different outputs from each remote host. The register VALUE is valid throughout the playbook execution so we can make use of set_fact to MANIPULATE the data and provide input to other tasks accordingly.

In the above example, we are searching for all .txt files in the remote host’s home folder and then capturing it in find_txt_files and displaying that variable.

All of the TASK's ARGUMENTS can be dictionary-typed variables which can be useful in some dynamic EXECUTION scenarios also. However, Ansible issues a warning SINCE it introduces a security risk.

In the above example, the values passed to the variable usermod_args could be overwritten by some other malicious values in the HOST facts on a compromised target machine. To avoid this

• bulk variable precedence should be greater than host facts.
• need to disable INJECT_FACTS_AS_VARS configuration to avoid collision of fact values with variables.

 In Ansible, set_fact is used to SET new variable values on a host-by-host basis which is just like ansible facts, discovered by the setup module. These variables are AVAILABLE to subsequent plays in a playbook. In the case of vars, vars_file, or include_var we know the value beforehand whereas when using set_fact, we can STORE the value after preparing it on the fly using certain tasks like using FILTERS or taking subparts of another variable. We can also set a fact cache over it.

set_fact variable assignment is done by using key-pair values where the key is the variable name and the value is the assignment to it. A simple example will be like below

Ansible firewalld is used to manage firewall rules on host machines. This works just as Linux firewalld daemon for allowing/blocking services from the port. It is split into two major concepts

• Zones: This is the LOCATION for which we can CONTROL which services are exposed to or a location to which one the local network interface is connected.
• Services: These are typically a series of port/protocol combinations (sockets) that your host may be listening on, which can then be placed in one or more zones

Few examples of setting up firewalld are

Ansible synchronize is a module similar to rsync in Linux machines which we can use in playbooks. The features are similar to rsync such as archive, compress, delete, etc but there are few limitations also such as

• Rsync must be installed on both source and target systems
• Need to specify delegate_to to change the source from localhost to some other port
• Need to handle user permission as files are ACCESSIBLE as per remote user.
• We should always give the full PATH of the destination host location in CASE we use sudo otherwise files will be copied to the remote user home directory.
• Linux rsync limitations related to hard LINKS are also applied here.
• It forces -delay-updates to AVOID the broken state in case of connection failure

An example of synchronize module is

Here we are transferring files of /var/tmp/sync_folder folder to remote machine’s /var/tmp folder