- What is Ansible, and how does it differ from other configuration management tools (like Puppet, Chef, or SaltStack)?
- Explain the difference between Ad-hoc commands and Playbooks in Ansible.
- What are Inventory files in Ansible? How do you manage dynamic inventories?
- Can you explain the difference between static and dynamic inventory? Give examples of when youโd use each.
- What is the difference between roles and playbooks?
- How does idempotency work in Ansible?
๐น Intermediate โ Advanced Concepts
- How do you handle secrets management in Ansible (Vault, HashiCorp Vault, AWS Secrets Manager)?
- Explain handlers in Ansible and when they are triggered.
- How do you use conditionals and loops in Ansible playbooks? Give examples.
- What are facts in Ansible? How do you use custom facts?
- How do you implement error handling in Ansible (ignore_errors, failed_when, rescue blocks)?
- What is the difference between delegate_to, local_action, and run_once?
๐น Real-world Scenarios
- Suppose a task should run only if the previous one fails โ how do you implement it?
- You need to deploy the same configuration across multiple environments (Dev, QA, Prod). How do you design your playbooks and inventories?
- How would you ensure zero-downtime deployment using Ansible?
- How do you handle package version drift across multiple servers using Ansible?
- If you have 200+ servers, how would you optimize Ansible performance?
๐น Integration & DevOps Practices
- How do you integrate Ansible with Jenkins/GitLab CI/Azure DevOps pipelines?
- Have you used Ansible for cloud provisioning (AWS, Azure, GCP)? Can you give an example?
- How do you use Ansible with Docker and Kubernetes?
- How do you store and reuse Ansible playbooks across multiple projects?
๐น Troubleshooting & Best Practices
- If a playbook fails halfway, how do you resume execution from the failed task?
- How do you debug Ansible playbooks (-vvv, ansible-playbook –step, etc.)?
- What are some best practices you follow while writing playbooks?
- How do you test Ansible playbooks before applying them in production (Molecule, Ansible Lint, etc.)?
- Have you faced any Ansible pitfalls (e.g., large inventory execution, slow SSH connections)? How did you solve them?
โ With 4โ5 years of experience, interviewers will often mix theory + hands-on scenarios. They may ask you to:
- Write a small playbook on the spot.
- Debug a broken YAML snippet.
- Explain how youโd structure Ansible for multi-environment deployments.
Perfect ๐ Since you asked for more scenario-based Ansible interview questions, Iโll focus on real-world problem-solving โ the type of challenges DevOps engineers face in 4โ5 years of experience.
๐น Scenario-Based Ansible Interview Questions
1. Multi-environment Setup
- You need to configure Dev, QA, and Prod environments with slightly different variables.
How will you structure your inventories, group_vars, and playbooks to avoid duplication?
2. Zero-Downtime Deployment
- Youโre deploying a web application to 100 servers. The deployment must be rolling (one batch at a time) to avoid downtime.
๐ How would you write the playbook? (Hint: use serial and max_fail_percentage.)
3. Secrets & Security
- You need to store database credentials and API keys securely in Ansible.
๐ Would you use Ansible Vault, environment variables, or an external secret manager (e.g., AWS Secrets Manager)? Why?
4. Failover Handling
- During deployment, one task fails on 5% of servers due to a package conflict. The rest should continue normally.
๐ How will you handle partial failures while still completing the playbook run?
5. Performance Optimization
- Running a playbook on 500+ servers is taking too long.
๐ What would you do to improve speed? (e.g., forks, pipelining, ssh multiplexing, async + poll).
6. Dynamic Inventory
- You need to manage AWS EC2 instances that scale up and down dynamically.
๐ How do you configure Ansible to always pick the latest hosts without manual editing of the inventory?
7. Compliance & Drift
- Your security team wants to ensure all servers have a specific version of OpenSSL.
๐ How would you enforce and regularly check compliance using Ansible?
8. CI/CD Integration
- Youโre using Jenkins/GitLab CI to run Ansible playbooks after each code commit.
๐ How do you ensure playbooks run only on affected servers and not the entire inventory?
9. Handling Large Files
- You need to distribute a 1 GB WAR file to 200 servers.
๐ How would you optimize this process with Ansible to avoid bottlenecks?
10. Rolling Back
- Your Ansible deployment fails in production after updating a config file.
๐ How do you rollback to the previous version using Ansible?
11. Conditional Deployments
- You want to install a package only if itโs not already installed or update it only if a new version is available.
๐ How would you write this playbook using when, register, and changed_when?
12. Delegation
- A playbook needs to fetch files from all servers and store them in a central log server.
๐ How do you use delegate_to and run_once?
13. Error Recovery
- You want to retry failed tasks automatically with a wait time before re-execution.
๐ How do you implement retries in Ansible?
14. Blue-Green Deployment
- You need to implement a blue-green deployment strategy using Ansible for a web app cluster.
๐ How would you structure the inventory and playbooks to handle traffic switching?
15. Ansible + Kubernetes
- Youโre using Ansible to deploy apps into a Kubernetes cluster.
๐ How would you handle kubectl configuration, secrets, and namespaces across multiple clusters?
16. Troubleshooting
- A playbook runs fine on Ubuntu servers but fails on RHEL servers.
๐ How would you debug and fix such OS-specific issues?
17. Parallel vs Sequential Execution
- Some tasks must run in parallel (like package installation), while others must run sequentially (like DB migrations).
๐ How would you control execution order in Ansible?
18. Compliance Reports
- Management wants a report of applied changes after each Ansible run.
๐ How would you generate logs or reports from Ansible runs (callback plugins, JSON output, etc.)?
19. Inventory Groups
- You have a group of 50 servers, but a playbook should run only on 10 randomly selected servers for testing.
๐ How would you achieve this with Ansible?
20. Migrating Legacy Systems
- You need to migrate apps from CentOS 7 to Ubuntu 22.04 using Ansible.
๐ How do you handle OS-specific modules, package managers, and playbook structures?
๐ก Pro Tip: In interviews, when asked scenario-based questions, donโt just say โuse Ansible Vaultโ or โuse serialโ. Instead, explain:
- Why you chose that approach
- How youโd implement it (with Ansible syntax if possible)
- What trade-offs exist
1. Multi-environment Setup (Dev, QA, Prod)
๐ Use inventory + group_vars
# inventory/hosts
[dev]
dev-app-01 ansible_host=10.0.1.10
[qa]
qa-app-01 ansible_host=10.0.2.10
[prod]
prod-app-01 ansible_host=10.0.3.10
# group_vars/dev.yml
app_port: 8080
# group_vars/prod.yml
app_port: 80
# site.yml
– hosts: all
tasks:
– name: Start app service
service:
name: myapp
state: started
vars:
port: “{{ app_port }}”
๐น 2. Zero-Downtime Rolling Deployment
๐ Use serial and max_fail_percentage
– hosts: webservers
serial: 10
max_fail_percentage: 20
tasks:
– name: Deploy new version
copy:
src: myapp.war
dest: /opt/tomcat/webapps/
notify: restart tomcat
handlers:
– name: restart tomcat
service:
name: tomcat
state: restarted
๐น 3. Secrets Management with Ansible Vault
๐ Encrypt secrets with ansible-vault encrypt
# vars/secret.yml (vault encrypted)
db_user: admin
db_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
3834343333… (encrypted data)
– hosts: db
vars_files:
– vars/secret.yml
tasks:
– name: Configure DB
template:
src: db.conf.j2
dest: /etc/db.conf
๐น 4. Handle Partial Failures
๐ Use ignore_errors and rescue
– hosts: all
tasks:
– name: Install package
yum:
name: httpd
state: present
ignore_errors: yes
– block:
– name: Risky task
command: /bin/false
rescue:
– name: Recovery action
debug:
msg: “Task failed, executing rollback”
๐น 5. Performance Optimization
๐ Use async + poll for long tasks
– hosts: all
tasks:
– name: Run long job in parallel
shell: /usr/bin/long_script.sh
async: 600
poll: 0
๐น 6. Dynamic Inventory for AWS
๐ Use aws_ec2 plugin
# inventory/aws_ec2.yml
plugin: aws_ec2
regions:
– ap-south-1
filters:
instance-state-name: running
keyed_groups:
– key: tags.Environment
prefix: env
ansible-inventory -i inventory/aws_ec2.yml –list
๐น 7. Enforce Compliance (OpenSSL version check)
– hosts: all
tasks:
– name: Get OpenSSL version
command: openssl version
register: openssl_ver
– name: Fail if wrong version
fail:
msg: “OpenSSL not up to date!”
when: “‘OpenSSL 1.1.1’ not in openssl_ver.stdout”
๐น 8. Distribute Large WAR File Efficiently
๐ Use delegate_to + rsync
– hosts: deploy-master
tasks:
– name: Copy WAR to master node
copy:
src: myapp.war
dest: /tmp/myapp.war
– hosts: appservers
tasks:
– name: Sync WAR from master
synchronize:
src: /tmp/myapp.war
dest: /opt/tomcat/webapps/
delegate_to: deploy-master
๐น 9. Rollback on Failure
๐ Keep backup before deployment
– hosts: webservers
tasks:
– name: Backup old config
copy:
src: /etc/myapp/config.yml
dest: /etc/myapp/config.yml.bak
remote_src: yes
– block:
– name: Deploy new config
copy:
src: config.yml
dest: /etc/myapp/config.yml
rescue:
– name: Rollback config
copy:
src: /etc/myapp/config.yml.bak
dest: /etc/myapp/config.yml
remote_src: yes
๐น 10. Delegate Tasks (Central Log Collection)
๐ Use delegate_to + run_once
– hosts: all
tasks:
– name: Collect logs
fetch:
src: /var/log/app.log
dest: logs/{{ inventory_hostname }}/
flat: yes
– name: Compress logs
archive:
path: logs/
dest: logs/all-logs.tar.gz
run_once: yes
delegate_to: log-server
