25+ Ansible Interview Questions and Answers for 2025

Basic Ansible Interview Questions

1. What is Ansible and why is it popular?

Answer: Ansible is an open-source automation tool used for configuration management, application deployment, and task automation. It's popular because:

• Agentless - Uses SSH, no need to install agents on managed nodes
• Simple - Uses YAML syntax which is human-readable
• Powerful - Can manage complex multi-tier deployments
• Idempotent - Safe to run multiple times
• Large community - Extensive module library and support

2. What is the difference between Ansible and other configuration management tools?

Answer:

3. Explain Ansible Architecture

Answer: Ansible has a simple push-based architecture:

• Control Node - Where Ansible is installed and playbooks are run
• Managed Nodes - Target systems managed by Ansible (require Python and SSH)
• Inventory - List of managed nodes
• Modules - Units of code that perform specific tasks
• Playbooks - YAML files defining automation tasks
• Plugins - Extend Ansible functionality (connection, callback, lookup, etc.)

4. What is idempotency in Ansible?

Answer: Idempotency means that running the same playbook multiple times produces the same result without causing unintended changes. For example:

# Idempotent - creates user only if it doesn't exist
- name: Ensure user exists
  user:
    name: john
    state: present

# Not idempotent - appends line every time
- name: Add line to file
  shell: echo "test" >> /tmp/file.txt

5. What is an Ansible Playbook?

Answer: A playbook is a YAML file that defines a series of tasks to be executed on managed nodes. It contains:

• Hosts - Target systems to run tasks on
• Tasks - Actions to perform using modules
• Variables - Dynamic values used in tasks
• Handlers - Tasks triggered by notifications
• Roles - Reusable automation components

Intermediate Interview Questions

6. Explain Ansible Roles

Answer: Roles are a way to organize playbooks into reusable components with a standard directory structure:

roles/webserver/
├── tasks/        # Main tasks
├── handlers/     # Event handlers
├── templates/    # Jinja2 templates
├── files/        # Static files
├── vars/         # Variables
├── defaults/     # Default variables
├── meta/         # Role metadata
└── tests/        # Test playbooks

7. What is Ansible Vault?

Answer: Ansible Vault is a feature that encrypts sensitive data like passwords, API keys, and certificates. Usage:

# Encrypt a file
ansible-vault encrypt secrets.yml

# Decrypt a file
ansible-vault decrypt secrets.yml

# Run playbook with vault password
ansible-playbook site.yml --ask-vault-pass

8. What are Ansible Facts?

Answer: Facts are system information automatically gathered by Ansible about managed nodes. They include OS, IP addresses, CPU, memory, disk space, etc. Access with:

- name: Display OS
  debug:
    msg: "Running {{ ansible_distribution }} {{ ansible_distribution_version }}"

# Disable fact gathering to improve performance
- hosts: all
  gather_facts: no

9. Explain the difference between Variables and Facts

Answer:

• Variables - User-defined values set in playbooks, inventory, or var files
• Facts - System information automatically discovered by Ansible (gathered using setup module)
• Both can be used in playbooks with the same syntax

10. What is the difference between copy and template modules?

Answer:

• copy - Copies static files from control node to managed nodes without modification
• template - Processes Jinja2 template files and substitutes variables before copying

Advanced Interview Questions

11. How do you handle errors in Ansible?

Answer: Multiple approaches:

# Ignore errors
- name: Task that might fail
  command: /bin/failing_command
  ignore_errors: yes

# Use blocks with rescue
- block:
    - name: Attempt task
      command: /bin/some_command
  rescue:
    - name: Handle failure
      debug:
        msg: "Task failed, handling error"
  always:
    - name: Always run cleanup
      file:
        path: /tmp/lockfile
        state: absent

# Custom failure conditions
- name: Check return code
  command: /bin/some_command
  register: result
  failed_when: result.rc != 0 and result.rc != 2

12. What are Handlers and when do you use them?

Answer: Handlers are tasks that run only when notified by other tasks. Common use: restarting services after configuration changes.

tasks:
  - name: Update nginx config
    template:
      src: nginx.conf.j2
      dest: /etc/nginx/nginx.conf
    notify: restart nginx

handlers:
  - name: restart nginx
    service:
      name: nginx
      state: restarted

13. Explain Ansible variable precedence

Answer: Variables are resolved in this order (lowest to highest priority):

1. Role defaults (defaults/main.yml)
2. Inventory file or script group vars
3. Inventory group_vars/all
4. Playbook group_vars/all
5. Inventory group_vars/*
6. Playbook group_vars/*
7. Inventory file or script host vars
8. Inventory host_vars/*
9. Playbook host_vars/*
10. Host facts / cached set_facts
11. Play vars
12. Play vars_prompt
13. Play vars_files
14. Role vars (vars/main.yml)
15. Block vars
16. Task vars
17. include_vars
18. set_facts / registered vars
19. Role (and include_role) params
20. Include params
21. Extra vars (-e command line)

14. How do you optimize Ansible performance?

Answer: Multiple strategies:

• Increase forks - Run tasks on more hosts in parallel (forks = 50)
• Enable SSH pipelining - Reduces SSH operations
• Use async and poll - For long-running tasks
• Disable fact gathering - When not needed (gather_facts: no)
• Use strategy plugins - free strategy for maximum parallelism
• Enable fact caching - Redis or JSON file caching
• Use ControlPersist - Keep SSH connections open

15. What is Ansible Galaxy?

Answer: Ansible Galaxy is a public repository for sharing and discovering Ansible roles and collections. Commands:

# Install a role
ansible-galaxy install geerlingguy.apache

# Install from requirements.yml
ansible-galaxy install -r requirements.yml

# Create a new role
ansible-galaxy init my-role

# Install a collection
ansible-galaxy collection install community.general

Scenario-Based Questions

16. How would you deploy a web application across multiple environments?

Answer: Use inventory groups and group_vars:

# inventory/production
[webservers]
web1.example.com
web2.example.com

# inventory/staging
[webservers]
staging.example.com

# group_vars/production.yml
app_version: "1.5.0"
db_host: "prod-db.example.com"

# group_vars/staging.yml
app_version: "1.6.0-beta"
db_host: "staging-db.example.com"

# Run with: ansible-playbook -i inventory/production deploy.yml

17. How do you test Ansible playbooks?

Answer: Multiple testing approaches:

• Syntax check - ansible-playbook --syntax-check playbook.yml
• Dry run - ansible-playbook --check playbook.yml
• Molecule - Framework for testing roles with Docker/Vagrant
• Ansible-lint - Static analysis tool for best practices
• Assert module - Verify conditions during execution

18. Explain Dynamic Inventory

Answer: Dynamic inventory retrieves host information from external sources (cloud providers, CMDB) instead of static files. Examples:

• AWS EC2 plugin - Queries EC2 API for instances
• Azure plugin - Queries Azure API for VMs
• GCP plugin - Queries GCP API for compute instances
• Custom scripts - Return JSON with host information

Tips for Interview Success

• Practice writing playbooks by hand
• Understand the difference between imperative (shell/command) vs declarative (modules) approaches
• Know when to use include vs import
• Be familiar with common modules: apt, yum, service, copy, template, file, user
• Understand Ansible Tower/AWX for enterprise environments
• Practice troubleshooting with -vvv verbose mode

Conclusion

These questions cover the most common topics in Ansible interviews. Practice writing playbooks, understand core concepts, and gain hands-on experience to ace your next DevOps interview!