Ansible Pocket Book

Posted on by uplatzblog

Ansible Pocket Book

Ad-hoc commands • Inventories • Playbooks & roles • Idempotency • Vault • CI/CD • Best practices

Section 1 — Fundamentals

1) What is Ansible?

Ansible is an agentless configuration management & automation tool. It connects over SSH/WinRM, executes modules, and ensures idempotent state. You organize infrastructure as inventory, playbooks, and roles.

# Verify installation & version
ansible --version

2) Ad-hoc Commands

Run one-off tasks with built-in modules to validate connectivity or perform quick changes.

# Ping all hosts in inventory
ansible all -i inventory.ini -m ping

# Run a shell command
ansible web -i inventory.ini -m shell -a "uptime"

3) Inventory Basics

Static INI/YAML or dynamic plugins (cloud). Group hosts and set variables at host/group level.

# inventory.ini
[web]
web1 ansible_host=10.0.1.10
web2 ansible_host=10.0.1.11

[db]
db1 ansible_host=10.0.2.10

[all:vars]
ansible_user=ubuntu

4) Modules vs Plugins

Modules do the work on targets (e.g., apt, service, copy). Plugins extend Ansible itself (connection, callback, lookup, filter, inventory).

5) Collections & Galaxy

Reusable content (modules, roles, plugins) are packaged as collections from Ansible Galaxy or private registries.

ansible-galaxy collection install community.general

Section 2 — Playbooks, Roles & Variables

6) Minimal Playbook

Playbooks declare desired state using tasks that call modules. Idempotency means re-running won’t change already-correct state.

# site.yml
- name: Configure web servers
  hosts: web
  become: true
  tasks:
    - name: Ensure nginx is installed
      apt:
        name: nginx
        state: present
        update_cache: true

    - name: Ensure nginx is running
      service:
        name: nginx
        state: started
        enabled: true

7) Variables & Vault

Vars can live in group_vars/, host_vars/, or be passed at runtime. Encrypt secrets with Ansible Vault.

# Create an encrypted vars file
ansible-vault create group_vars/all/vault.yml

# Run with vault password prompt
ansible-playbook site.yml --ask-vault-pass

8) Templates (Jinja2)

Render config files dynamically with variables, loops, and conditionals.

# tasks snippet
- name: Render nginx vhost
  template:
    src: templates/vhost.conf.j2
    dest: /etc/nginx/sites-available/app.conf
  notify: reload nginx

9) Handlers & Notifications

Handlers run when notified by changed tasks (e.g., restart a service after config changes).

handlers:
  - name: reload nginx
    service:
      name: nginx
      state: reloaded

10) Roles Structure

Roles encapsulate tasks, templates, files, handlers, and defaults for reuse.

roles/
  web/
    tasks/main.yml
    handlers/main.yml
    templates/vhost.conf.j2
    files/
    defaults/main.yml
    vars/main.yml

Section 3 — Execution, Idempotency & Testing

11) Targeting, Tags & Check Mode

Limit scope and run safely before changing anything.

# Limit to one host & only "nginx" tag
ansible-playbook site.yml -l web1 -t nginx

# Dry run (no changes), show diffs
ansible-playbook site.yml --check --diff

12) Conditionals & Loops

Use when for conditions and loop/with_* for iterations.

- name: Install packages (Debian)
  apt:
    name: "{{ item }}"
    state: present
  loop: ["curl","git","htop"]
  when: ansible_facts['os_family'] == "Debian"

13) Error Handling (block/rescue/always)

Group tasks and handle failures gracefully.

- block:
    - name: risky change
      command: do_something
  rescue:
    - name: rollback
      command: undo_something
  always:
    - name: notify
      debug: msg="Attempt complete"

14) Testing with Lint & Molecule

Lint for style; Molecule for role testing (Docker/Podman/EC2 backends).

ansible-lint
molecule init role web
molecule test

15) AWX / Automation Controller

Run Ansible via a web UI/API: credentials, projects, inventories, job templates, RBAC, schedules, and workflows.

Section 4 — Quick Q&A

16) Interview Q&A — 8 Quick Ones

1) Agentless — why? Simpler ops; uses SSH/WinRM, nothing resident on targets.

2) Idempotency? Tasks converge to desired state; re-runs are safe and fast.

3) When to use check mode? To validate changes & diffs before applying in prod.

4) Dynamic inventory? Use inventory plugins/cloud sources (AWS, GCP, Azure) for ephemeral hosts.

5) Secrets management? Ansible Vault or external (HashiCorp Vault), never plain text in git.

6) Roles vs collections? Roles are reusable building blocks; collections package roles + modules/plugins.

7) Speeding up runs? Enable pipelining, gather_facts: false when unneeded, and run with -f forks.

8) CI/CD integration? Use ansible-lint + Molecule in CI; trigger playbooks via AWX/Controller APIs or GitHub Actions.