Ansible is one of the most popular automation and configuration-management tools, and it appears in most DevOps and cloud interviews. This 2026 guide groups the questions you are most likely to face, from fundamentals to real automation scenarios.
Ansible Fundamentals
What is Ansible and how does it work?
Ansible is an open-source automation tool for configuration management, application deployment and orchestration. It is agentless — it connects to managed nodes over SSH (or WinRM) and pushes changes, so there's no agent to install. Automation is described declaratively in YAML.
What does "agentless" and "push-based" mean?
There is no persistent agent on managed hosts; the control node pushes configuration on demand over SSH. This simplifies setup and security compared with agent-based tools.
What is idempotency in Ansible?
Running the same playbook repeatedly produces the same result — Ansible only makes a change if the system isn't already in the desired state. Well-written tasks use modules (not raw shell) to stay idempotent.
Core Concepts
What is an inventory?
A list of managed hosts, grouped logically. It can be static (an INI/YAML file) or dynamic (generated from a cloud provider via an inventory plugin).
What is a playbook, a play and a task?
A playbook is a YAML file of one or more plays; each play maps a group of hosts to a list of tasks; each task calls a module (e.g., apt, copy, service).
What is an ad-hoc command?
A one-off command run without a playbook, e.g., ansible all -m ping, useful for quick checks.
What are roles?
A standard directory structure (tasks, handlers, templates, vars, defaults, files) that packages reusable automation, shareable via Ansible Galaxy and collections.
Variables, Facts and Templates
What are facts?
System information automatically gathered from hosts (via the setup module / gather_facts) — OS, IP, memory, etc. — usable as variables.
What is register and when used?
register captures a task's output into a variable so later tasks can act on it (often with when conditionals).
What are handlers?
Tasks triggered by notify only when something changed (e.g., restart a service after its config file changes). Handlers run once, at the end of the play.
What templating engine does Ansible use?
Jinja2 — used in template tasks and throughout playbooks for dynamic values, loops and conditionals.
Security
How do you protect secrets in Ansible?
Use Ansible Vault to encrypt variables or whole files (passwords, keys), decrypted at runtime with a vault password or a secrets manager.
Advanced and Comparison
How is Ansible different from Terraform?
Terraform is declarative provisioning of infrastructure with state tracking; Ansible focuses on configuration and app deployment on existing hosts (procedural-leaning, no state file). They are often used together — Terraform to create, Ansible to configure.
What are check mode and tags?
--check (dry run) reports what would change without changing it; tags let you run only selected tasks in a large playbook.
Scenario Questions
- Zero-downtime rolling update: use
serialto update hosts in batches behind a load balancer. - Error handling: use
ignore_errors,failed_when,block/rescue/alwaysfor controlled failure handling. - Reusable, environment-specific config: use roles plus group_vars/host_vars and Vault for secrets.
Keep Learning
Pair this with our Terraform and Linux for DevOps guides, the full interview-questions library, and DevOps training to practise hands-on.
