EX294 Implement advanced Ansible automation • Complete Question Bank
Complete EX294 Implement advanced Ansible automation question bank — all 0 questions with answers and detailed explanations.
You have an Ansible playbook that uses the 'lineinfile' module to manage the /etc/ssh/sshd_config file. The playbook runs without errors, but after execution, the SSH service becomes unreachable on some hosts. Investigation reveals that the file contains duplicate lines for 'Port 22' and 'PermitRootLogin no'. The playbook uses the following task:
- name: Ensure SSH settings ansible.builtin.lineinfile: path: /etc/ssh/sshd_config regexp: "^{{ item.key }}" line: "{{ item.key }} {{ item.value }}" loop: - { key: 'Port', value: '22' } - { key: 'PermitRootLogin', value: 'no' }
The playbook is run multiple times. What is the most likely cause of the duplicate lines?
Your team is responsible for managing a fleet of 200 RHEL 8 servers using Ansible Tower. You have been asked to implement a secure automation workflow that meets the following requirements:
1. All playbooks must be stored in a private Git repository hosted on an internal GitLab server. 2. Credentials to access the Git repository must be stored securely in Ansible Tower. 3. The automation must run on a schedule every night at 2:00 AM. 4. If a playbook run fails, the team must be notified via email. 5. The playbooks require SSH private keys to connect to the managed hosts; these keys must be stored securely. 6. A development team needs to be able to launch the same job template manually, but they must not be able to modify the job template or view the credentials.
You have created a Machine Credential for SSH and a Source Control Credential for Git. You have also created a Job Template that references the project, inventory, and credentials. What is the correct sequence of steps to satisfy all requirements?
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Fully qualified domain name
OS family (e.g., RedHat)
Total memory in MB
Number of CPU cores
Default IPv4 interface info
- name: Check if package is installed command: rpm -q httpd register: result failed_when: result.rc != 0 and 'not installed' not in result.stderr changed_when: false
TASK [Gathering Facts] *********************************************************
fatal: [server1]: FAILED! => {"msg": "Missing sudo password"}[webservers] web1 ansible_host=192.168.1.10 http_port=80 web2 ansible_host=192.168.1.11 http_port=8080 [webservers:vars] http_port=80
fatal: [web1]: FAILED! => {\n "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'ansible_os_family' is undefined"\n}db_password: !vault |\n $ANSIBLE_VAULT;1.1;AES256\n 65633239636661303062643934383034656661653332313234363166666562356362336638613235\n 3631326331383333616565613737353565386336303231660a666538613337343366346639666337\n 65303334376432343533393338333335393763363034646161333966373730336163386639636335\n 3332376365323932610a323639303336316338616336366232333338353731333434613266306336\n 3766
[webservers]\nweb1\n\n[databases]\ndb1\n\n[production:children]\nwebservers\ndatabases\n\n[production:vars]\nansible_user=admin\n
Refer to the exhibit. [webservers] web1 ansible_host=10.1.1.1 web2 ansible_host=10.1.1.2 [webservers:vars] ansible_user=deploy ansible_port=2222 [dbservers] db1 ansible_host=10.2.2.1 [dbservers:vars] ansible_user=dbadmin
Refer to the exhibit.
- name: Deploy app
hosts: app_servers
gather_facts: no
tasks:
- name: Copy config
copy:
src: /templates/app.conf.j2
dest: /etc/app.conf
backup: yes
- name: Ensure service is running
service:
name: app
state: startedRefer to the exhibit.
---
- name: example block
block:
- name: risky task
command: /bin/false
rescue:
- name: rescue task
debug:
msg: "Rescued"
always:
- name: always task
debug:
msg: "Always runs"# cat tasks/main.yml
- name: Create config
template:
src: config.j2
dest: /etc/config.cfg
notify: restart service
- name: Verify config
command: /usr/local/bin/validate /etc/config.cfg
changed_when: false
# cat handlers/main.yml
- name: restart service
service:
name: myapp
state: restarted
# ansible-playbook site.yml
PLAY [all] *********************************************************************
TASK [Create config] ***********************************************************
changed: [host1]
TASK [Verify config] ***********************************************************
fatal: [host1]: FAILED! => {"changed": false, "msg": "Validation failed", "rc": 1}# ansible-doc -t lookup fileglob
> FILEGLOB (/usr/lib/python3.9/site-packages/ansible/plugins/lookup/fileglob.py)
# cat lookup_usage.yml
- name: Copy config files
copy:
src: "{{ item }}"
dest: /etc/app/
with_fileglob:
- "/tmp/configs/*.conf"
# ls /tmp/configs/
server1.conf server2.conf server3.conf server4.conf
# ansible-playbook lookup_usage.yml -l host1
TASK [Copy config files] *******************************************************
ok: [host1] => (item=/tmp/configs/server1.conf)
ok: [host1] => (item=/tmp/configs/server2.conf)
ok: [host1] => (item=/tmp/configs/server3.conf)
ok: [host1] => (item=/tmp/configs/server4.conf)# cat vars.yml
---
packages:
- httpd
- mariadb-server
- php
# cat playbook.yml
- hosts: all
vars_files:
- vars.yml
tasks:
- name: Install packages
yum:
name: "{{ packages }}"
state: present
become: yes
# ansible-playbook playbook.yml
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [server1]
TASK [Install packages] ********************************************************
fatal: [server1]: FAILED! => {"changed": false, "msg": "This module requires a list of package names or a comma-separated string.", "results": []}