Explore topic-wise InterviewSolutions in .

Dot notation works fine UNLESS we stump upon few SPECIAL cases such as

• If the variable contains a dot(.), colon(:), starting or ending with an underscore or any KNOWN PUBLIC attribute.
• If there’s a collision between METHODS and attributes of python dictionaries.
• Array notation also allows for dynamic variable composition.

Ansible has a very simple ad-hoc command for this

We can also use the Passlib LIBRARY of Python, e.g

On top of this, we should also avoid storing raw passwords in playbook or host_vars, INSTEAD, we should use integrated methods to generate a hash version of a password.

Handlers are LIKE SPECIAL tasks which only run if the Task contains a “notify” directive. 

In the above example after INSTALLING NGINX we are starting the server USING a `start nginx` handler.

To MAKE content REUSABLE and redistributable Ansible roles can be used. Ansible roles are basically a LEVEL of abstraction to organize playbooks. For example, if we need to execute 10 tasks on 5 systems, writing all of them in the playbook might LEAD to blunders and CONFUSION. Instead we create 10 roles and call them inside the playbook.

There’s a copy module that has a recursive PARAMETER in it but there’s SOMETHING CALLED synchronize which is more efficient for large numbers of files. 

For EXAMPLE:

Ansible Tower is an enterprise-level solution by RedHat. It provides a web-based console and REST API to manage Ansible across teams in an organization. There are many features such as

• Workflow Editor - We can set up different dependencies among playbooks, or running multiple playbooks maintained by different teams at once
• Real-Time ANALYSIS - The status of any play or TASKS can be monitored easily and we can check what’s going to run next
• Audit Trail - Tracking logs are very important so that we can quickly revert back to a FUNCTIONAL state if something bad happens.
• Execute Commands Remotely - We can use the tower to run any command to a host or group of hosts in our inventory.

There are other features also such as Job Scheduling, NOTIFICATION INTEGRATION, CLI, etc.

Management and SCHEDULING:  In Ansible, the server pushes the configuration to the nodes on the other hand in puppet, the client pulls the configuration from the server. Also for scheduling, the puppet has an agent who POLLS EVERY 30mins(default settings) to make sure all nodes are in a desirable state. Ansible doesn’t have that feature in the free version.
Availability: Ansible has backup secondary nodes and puppet has more than one master node. So both try to be highly available.
Setup: Puppet is considered to be harder to set up than ansible as it has a client-server ARCHITECTURE and also there’s a specific language called Puppet DSL which is its own DECLARATIVE language.

VARIABLE names can be built by adding strings together. For EXAMPLE, if we need to get ipv4 address of an arbitrary INTERFACE, where the interface to be used may be supplied via a ROLE parameter or other input, we can do it in this way.

The playbook file would be:

In the above playbook, we are fetching all hosts of stagingwebservers group for executing these tasks. The first TASK is to install Nginx and then configure it. We are also taking a flask server for reference. In the end, we also defined handlers so that in case the state changes it will restart Nginx. After executing the above playbook we can verify whether Nginx is installed or not.

Ad-hoc commands are like one-line playbooks to perform a specific TASK only. The syntax for the ad-hoc COMMAND is

For EXAMPLE, we need to reboot all servers in the staging group

This can be done by accessing the “$groups” DICTIONARY in the template, like so:

If we need to ACCESS facts also we need to make sure that the facts have been populated. For INSTANCE, a play that talks to db_servers:

Now, this can be used within a template, like so:

Ansible vault is used to KEEP SENSITIVE data such as passwords instead of placing it as PLAINTEXT in playbooks or roles. Any structured data file or any single value inside the YAML file can be encrypted by Ansible. 

To encrypt a file

And SIMILARLY to decrypt

In Ansible, there are two types of INVENTORY files: Static and Dynamic.

• Static inventory file is a list of managed hosts declared under a host group using EITHER hostnames or IP addresses in a plain text file. The managed host entries are listed below the group name in each LINE. For example

• Dynamic inventory is GENERATED by a SCRIPT written in Python or any other programming language or by using plugins(preferable). In a cloud setup, static inventory file configuration will fail since IP addresses change once a virtual server is stopped and started again. We create a demo_aws_ec2.yaml file for the config such as

Now we can fetch using this command

Callback plugins basically control most of the output we see while running cmd programs. But it can also be used to add ADDITIONAL output. For example log_plays callback is used to record playbook events to a log file, and mail callback is used to send email on playbook failures. We can also add custom callback plugins by DROPPING them into a callback_plugins directory adjacent to play, inside a role, or by PUTTING it in one of the callback directory SOURCES configured in ansible.cfg.

<P>To automate password input we can have a password file for all the passwords of encrypted files will be SAVED and ansible can make a call to fetch those when required.

This can ALSO be achieved by having a SEPARATE script that specifies the passwords. But in this case, we need to print a password to stdout to work without annoying errors.

First, we NEED to SET a ProxyCommand in ansible_ssh_common_args INVENTORY variable, since any arguments specified in this variable are added to the sftp/scp/ssh command line when connecting to the relevant host(s). For example

To create a jump host for these we need to add a command in ansible_ssh_common_args

In this way whenever we will try to CONNECT to any host in the gatewayed group ansible will APPEND these arguments to the command line.