Top 50 Ansible Interview Questions and Answers (2026)

Top 50 Ansible Interview Questions and Answers

Preparing for an Ansible interview? Here are the 50 most frequently asked questions, organized from basic to advanced. Each answer is concise but thorough enough to impress your interviewer.

I'm Luca Berton, Ansible expert and author. These questions come from real DevOps interviews.

See also: Ansible Certification Guide: EX374 and EX467 Exam Prep (2026)

Basic Questions (1-15)

1. What is Ansible?

Ansible is an open-source IT automation engine for configuration management, application deployment, cloud provisioning, and orchestration. It uses YAML-based playbooks and is agentless (connects via SSH).

2. What are the advantages of Ansible?

• Agentless — Uses SSH, no client software needed • Idempotent — Safe to run multiple times • Simple YAML syntax — Easy to learn • Large module library — 30,000+ modules • Free and open source — Backed by Red Hat

3. What is an Ansible Playbook?

A playbook is a YAML file containing one or more plays. Each play maps a group of hosts to tasks (modules) to execute.

4. What is an Ansible Inventory?

An inventory is a file listing managed hosts, organized into groups. It can be static (INI/YAML) or dynamic (scripts/plugins that query cloud APIs).

5. What is an Ansible Module?

A module is a unit of code that Ansible executes on managed nodes. Examples: apt, copy, service, file, user.

6. What is the difference between Ansible and Ansible Automation Platform?

Ansible is the free CLI tool. Ansible Automation Platform (AAP) is Red Hat's enterprise product adding a web UI (Controller), Event-Driven Ansible, automation hub, and analytics.

7. How does Ansible connect to remote hosts?

Linux/Unix: SSH. Windows: WinRM or SSH. Network devices: network_cli, httpapi, or netconf.

8. What is idempotency in Ansible?

Idempotency means running the same playbook multiple times produces the same result without side effects. Ansible modules check current state before making changes.

9. What is a handler in Ansible?

A handler is a task triggered by notify. Handlers run once at the end of a play, even if notified multiple times. Common use: restart services after config changes.

10. What is Ansible Galaxy?

Ansible Galaxy is a community hub for sharing Ansible roles and collections. Use ansible-galaxy install to download and use community content.

11. What is an Ansible Role?

A role is a reusable, self-contained unit with a standard directory structure containing tasks, variables, files, templates, and handlers.

12. What is Ansible Vault?

Ansible Vault encrypts sensitive data (passwords, keys, certificates) within playbooks and variable files using AES-256 encryption.

13. What is a fact in Ansible?

Facts are system properties gathered automatically when Ansible connects to a host (OS, IP, memory, etc.). Access via ansible_ variables.

14. What is the difference between copy and template modules?

copy transfers files as-is. template processes Jinja2 templates, replacing variables before transferring.

15. What are ad-hoc commands?

One-line commands for quick tasks: ansible all -m ping or ansible web -m shell -a "uptime".

Intermediate Questions (16-35)

16. Explain become in Ansible.

become enables privilege escalation (like sudo). Set become: true in playbook or use --become flag. Configure method with become_method (sudo, su, pbrun, etc.).

17. What is register in Ansible?

register saves a task's output to a variable for use in subsequent tasks: register: result then result.stdout, result.rc, etc.

18. Explain when conditional.

when controls task execution: when: ansible_os_family == "Debian". Supports Jinja2 expressions, lists (AND logic), and variables.

19. What is the difference between command and shell modules?

command executes directly without shell processing — no pipes, redirects, or environment variables. shell runs through /bin/sh with full shell features.

20. How do you handle errors in Ansible?

Use ignore_errors, failed_when, block/rescue/always, any_errors_fatal, or max_fail_percentage.

21. What are Ansible Collections?

Collections are a distribution format bundling modules, roles, plugins, and documentation. Installed via ansible-galaxy collection install.

22. Explain dynamic inventory.

Dynamic inventory uses scripts or plugins to fetch host lists from cloud providers (AWS EC2, Azure, GCP) instead of static files.

23. What is ansible.cfg?

The main configuration file controlling Ansible behavior: inventory path, SSH settings, privilege escalation, plugin paths, etc. Searched in: current dir → home dir → /etc/ansible/.

24. How do you pass variables to a playbook?

Via: vars, vars_files, -e extra vars (highest priority), group_vars/, host_vars/, inventory variables, registered variables, facts.

25. What is variable precedence in Ansible?

From lowest to highest (22 levels): role defaults → inventory vars → playbook vars → role vars → block vars → task vars → extra vars (-e). Extra vars always win.

26. Explain tags in Ansible.

Tags let you run or skip specific tasks: ansible-playbook playbook.yml --tags "deploy" or --skip-tags "debug".

27. What is delegate_to?

delegate_to runs a task on a different host than the play target. Common for load balancer management or database operations from a central server.

28. What is run_once?

run_once: true ensures a task executes only on the first host in the batch, regardless of how many hosts match.

29. Explain serial in Ansible.

serial controls rolling updates: serial: 2 processes 2 hosts at a time. Supports numbers, percentages, and lists for staged rollouts.

30. What is async and poll?

async runs long tasks asynchronously. poll: 0 fires and forgets; poll: N checks every N seconds. Use async_status to check later.

31. How do you test Ansible playbooks?

Use --check --diff (dry run), ansible-lint (style), Molecule (integration testing), assert module (validation), and CI/CD pipelines.

32. What is Molecule?

Molecule is a testing framework for Ansible roles. It creates temporary instances (Docker, Vagrant), runs your role, and verifies the result.

33. Explain callback plugins.

Callback plugins control Ansible output. Examples: json, yaml, profile_tasks (timing), timer. Set via ANSIBLE_STDOUT_CALLBACK.

34. What is set_fact?

set_fact creates or overrides variables at runtime: set_fact: my_var: "computed_value". Facts persist for the host during the play.

35. How do you encrypt a single variable?

Use ansible-vault encrypt_string 'value' --name 'var_name' to create an inline encrypted variable.

See also: Why Every IT Professional, Quiet Quitter or Not, Should Learn Ansible

Advanced Questions (36-50)

36. Explain Ansible Tower/Controller.

Ansible Controller (formerly Tower) provides a web UI, REST API, RBAC, job scheduling, notifications, and audit logging for enterprise Ansible automation.

37. What is Event-Driven Ansible (EDA)?

EDA listens for events (webhooks, logs, monitoring alerts) and automatically triggers Ansible playbooks in response. Part of AAP 2.4+.

38. How does Ansible handle secrets at scale?

Use Ansible Vault for file encryption, integrate with HashiCorp Vault or CyberArk via lookup plugins, use environment variables, or leverage AAP credential management.

39. Explain custom modules.

Write custom modules in Python (or any language). Place in library/ directory. Must accept JSON input and return JSON output with changed, failed, msg fields.

40. What is a lookup plugin?

Lookup plugins access external data: file, env, password, pipe, url, hashi_vault. Used in Jinja2: "{{ lookup('file', '/etc/hostname') }}".

41. Explain filter plugins.

Filter plugins transform data in Jinja2 expressions. Built-in: default, regex_replace, selectattr, map, json_query. Custom filters go in filter_plugins/.

42. What is strategy in Ansible?

Strategy controls task execution order. linear (default) waits for all hosts per task. free lets each host run independently. host_pinned pins hosts.

43. How do you manage Windows with Ansible?

Configure WinRM on Windows hosts, use win_ modules (win_command, win_shell, win_service, win_feature). Ansible 2.8+ supports SSH on Windows too.

44. Explain Ansible content navigator.

ansible-navigator is a text-based UI for running playbooks, exploring inventories, and browsing documentation within execution environments.

45. What are execution environments?

Container images with Ansible, collections, and dependencies pre-installed. Built with ansible-builder. Used by AAP and ansible-navigator.

46. How do you optimize Ansible performance?

Enable pipelining, use mitogen strategy plugin, increase forks, use async for parallel tasks, minimize gather_facts, use serial for rolling updates.

47. Explain include_tasks vs import_tasks.

import_tasks is static (resolved at parse time, supports tags). include_tasks is dynamic (resolved at runtime, supports loops/conditions on the include itself).

48. What is meta: flush_handlers?

Forces immediate execution of pending handlers mid-play instead of waiting until the end.

49. How do you debug Ansible playbooks?

Use debug module, -vvvv verbosity, --start-at-task, --step, strategy: debug (interactive debugger), and ANSIBLE_KEEP_REMOTE_FILES=1.

50. Explain FQCN (Fully Qualified Collection Name).

FQCN uniquely identifies a module: ansible.builtin.copy instead of just copy. Required in Ansible 2.10+ for clarity and avoiding conflicts.

Conclusion

These 50 questions cover the breadth of Ansible knowledge expected in DevOps interviews. For hands-on practice with each concept, explore the 800+ tutorials at AnsiblePilot.

See also: Learn Ansible: Complete Beginner to Advanced Roadmap (2026)

Related Articles

• private Galaxy servers and Ansible • using ansible.builtin.template effectively • reading environment variables in Ansible playbooks • restarting services with Ansible handlers • Ansible for Windows Guide