Somewhere, Something Incredible Is Waiting To Be Known !!!: 2019

The Ansible vault implementation is best leveraged in conjunction with roles. Roles (as we discussed earlier) allow us to modularize our playbooks and reuse functionality within them. The specific area of the roles implementation we are going to look at would be the vars folder. The vars folder is where we define our variables and data points that are then used by the tasks and plays.

To begin with this tutorial, let's start by creating an Ansible playbook with the following folder and file structure (the contents of the files can be blank for now, as we will fill in the details in just a moment):

Once created, there are a few things that should become immediately apparent. The first is that the playbook we are creating is a simple vault test with a single role and a sensitive_data variable's implementation. Also, as you may have guessed, we will be using the sensitive_data.yml file to store our super secret information. The contents of this file should reflect the following:


---

secret_text: |

  The contents of this message are secret. This tape will explode in 5 seconds.

As we can see from the provided file content, we have a simple vars file with a variable defined within, titled secret_text.

The YAML syntax supports multi-line variable implementations. This is accomplished via the | or pipe character, which is provided at the end of the line.

Now that sensitive data has been created, let's encrypt our vars file using the Ansible vault encrypt command. This is accomplished via the following command-line entry:

#> ansible-vauult encrypt sensitive_data.yml

Now that the file is encrypted, we can create our role file, call it the main.yml file, and populate our role information. The contents of main.yml should look like the following:


---

- include_vars: sensitive_data.yml

- name: Copy sensitive data file from Ansible control server to target hosts

  copy:

    content="{{secret_text}}"

    dest=/tmp/secret_text.txt

Finally, let's create our playbook.yml file. These files are going to be really simple and only point to a single role (vaulttest). Let's take a look at the contents of these files:


---

# File: playbook.yml
- hosts: all

roles:

 - { role: vaulttest }

Now that we have all our files created, let's go ahead and commit our code to source control (if applicable) and test it out. The command to run the solution is provided next:

#> ansible-playbook -i 'localhost,' -c local playbook.yml --ask-vault-pass

The following is the output you should see when running it:

Friday, 2 August 2019

Run Django Server Permanently

=> Screen
=> Python manage.py runserver

After these two commands your django server will start.
Now its time to close your terminal. So press CTRL+a and CTRL+d and close your terminal.
your server will not stop.

Thursday, 1 August 2019

ERROR! failed to combine variables, expected dicts but got a 'dict' and a 'Ansible Sequence':

=> Var folder in role does not support " - Include "

Friday, 26 July 2019

Create an ec2 instance using anisble

---

- name: Create an ec2 instance
hosts: web
gather_facts: false

vars:
region: us-east-1
instance_type: t2.micro
ami: ami-05ea7729e394412c8
keypair:

tasks:

- name: Create an ec2 instance
ec2:
aws_access_key: '********************'
aws_secret_key: '****************************************'
key_name: "{{ keypair }}"
group: launch-wizard-26
instance_type: "{{ instance_type }}"
image: "{{ ami }}"
wait: true
region: "{{ region }}"
count: 1
vpc_subnet_id: subnet-02f498e16fd56c277
assign_public_ip: yes
register: ec2

Install software on remote windows machine

### Input Declaration

$targetHost = "localhost";
$targerFilePath = "\\$computer\C$\Tasks\Gateway"
$sourceFilePath = "c:\scripts\Tasks\*"
$ansibleInstallerPath = "c:\windows\Tasks\Cyberduck-Installer-7.0.1.30930.exe";
$pythonInstallerPath = "c:\windows\Tasks\Cyberduck-Installer-7.0.1.30930.exe";

### MainCode

### Check existence of gateway file and copy
if(![System.IO.File]::Exists($path))
{
### Gateway Folder already Exists
Write-Host "GatewayFolder already exists.";
###Copy all the content from engine & paste all the remote gateway
Write-Host "Copy all the content from engine to gateway";
Copy-Item $sourceFilePath $targerFilePath

###Trigger Ansible installer
$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq 'ansible' }) -ne $null
If(-Not $installed)
{
Write-Host "Ansible NOT is installed.";
Write-Host "Installing ansible";

Invoke-Command -ComputerName $targetHost -ScriptBlock {
Start-Process $ansibleInstallerPath -ArgumentList '/silent' -Wait
}
}
else
{
Write-Host "Ansible is already installed."
}

###Trigger Python installer
$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq 'Python' }) -ne $null

If(-Not $installed)
{
Write-Host "Python NOT is installed.";
Write-Host "Installing Python";

Invoke-Command -ComputerName $targetHost -ScriptBlock {
Start-Process $pythonInstallerPath -ArgumentList '/silent' -Wait

}
}
else
{
Write-Host "Pyhton is already installed."
}

}
else
{
### Create Gateway Folder
New-item -itemtype directory -path "Gateway"
if(![System.IO.File]::Exists($path))
{

###Copy all the content from engine & paste all the remote gateway
Copy-Item $sourceFilePath $targerFilePath

Start-Sleep -s 15

###Trigger Ansible installer
$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq 'ansible' }) -ne $null

If(-Not $installed)
{
Write-Host "Ansible NOT is installed.";
Write-Host "Installing ansible";

Invoke-Command -ComputerName $targetHost -ScriptBlock {
Start-Process $ansibleInstallerPath -ArgumentList '/silent' -Wait

}
}
else
{
Write-Host "Ansible is already installed."
}

###Trigger Python installer
$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq 'Python' }) -ne $null

If(-Not $installed)
{
Write-Host "Python NOT is installed.";
Write-Host "Installing Python";

Invoke-Command -ComputerName $targetHost -ScriptBlock {
Start-Process $pythonInstallerPath -ArgumentList '/silent' -Wait

}
}
else
{
Write-Host "Pyhton is already installed."
}

}

}
else
{
### Unable to create Gateway Folder

Write-Host "Unable to create Gateway folder"
}

Install software on remote linux machine

### Input Declaration

targetHost=localhost
targerFolderPath=/opt/raghu/gateway
sourceFolderPath=/tmp
ansibleInstallerPath=/opt/raghu
pythonInstallerPath=/opt/raghu

### Main Code

### Check existance of gateway file and copy

if [ -d $targerFolderPath ]; then
echo "$targerFolderPath exist"
#Copy all the content from engine & paste all the remote gateway
sshpass -p "Pass@123" scp -r /tmp root@localhost:/opt/raghu/gateway

if command -v python3.6 &>/dev/null; then
echo Python 3 is already installed
exit 1
else
echo Python 3 is not installed
yum install gcc openssl-devel bzip2-devel -y
cd /usr/src
wget https://www.python.org/ftp/python/3.6.8/Python-3.6.8.tgz
tar xzf Python-3.6.8.tgz
cd Python-3.6.8
./configure --enable-optimizations
make altinstall
rm /usr/src/Python-3.6.8.tgz
if command -v python3.6 &>/dev/null; then
echo Python 3 is installed
if command -v ansible &>/dev/null; then
echo anisble is already installed
exit 1
else
echo ansible is not installed
echo installing ansible
pip3.6 install ansible
if command -v ansible &>/dev/null; then
echo installed ansible
exit 1
else
echo unable to install ansible by automation
exit 1
fi
fi
else
echo Unable to install python3 by automation
exit 1
fi
fi

else
echo "$targerFolderPath does not exist"
mkdir -p /opt/raghu/gateway;
#Copy all the content from engine & paste all the remote gateway\
sshpass -p "Pass@123" scp -r /tmp root@localhost:/opt/raghu/gateway

if [ -d $targerFolderPath ]; then
echo "created gatewayfolder"

if command -v python3.6 &>/dev/null; then
echo Python 3 is already installed
exit 1
else
echo Python 3 is not installed
yum install gcc openssl-devel bzip2-devel -y
cd /usr/src
wget https://www.python.org/ftp/python/3.6.8/Python-3.6.8.tgz
tar xzf Python-3.6.8.tgz
cd Python-3.6.8
./configure --enable-optimizations
make altinstall
rm /usr/src/Python-3.6.8.tgz

if command -v python3.6 &>/dev/null; then
echo Python 3 is installed
if command -v ansible &>/dev/null; then
echo anisble is already installed
exit 1
else
echo ansible is not installed
echo installing ansible
pip3.6 install ansible
if command -v ansible &>/dev/null; then
echo installed ansible
exit 1
else
echo unable to install ansible by automation
exit 1
fi
fi
else
echo Unable to install python3 by automation
exit 1
fi
fi
else
echo unable to create gateway via automation
exit 1
fi
fi

Monday, 15 July 2019

Error : ERROR: Failed to log in as st2admin1: 401 Client Error: Unauthorized MESSAGE: Invalid or missing credentials for url: http://127.0.0.1:9100/tokens

cd ~/.st2/token

rm token-stadmin

Saturday, 13 July 2019

Ansible playbook to configure and install LDAP

---

- name: Create the directory for ldap database
file: path=/var/lib/ldap/{{ openldap_server_domain_name }}/ state=directory owner={{ openldap_server_user }} group={{ openldap_server_user }}

- name: Create the directory for ldap certificates
file: path={{ openldap_server_app_path }}/certs/ state=directory owner={{ openldap_server_user }} group={{ openldap_server_user }}

- name: Generate the private key for certificate request
shell: openssl genrsa -des3 -passout pass:password -out my1.key 1024 chdir={{ openldap_server_app_path }}/certs/
creates={{ openldap_server_app_path }}/certs/my1.key

- name: Strip the passphrase from the key
shell: openssl rsa -in my1.key -passin pass:password -out my.key chdir={{ openldap_server_app_path }}/certs/
creates={{ openldap_server_app_path }}/certs/my.key

- name: Create and sign the the new certificate
shell: openssl req -new -x509 -subj '/C={{ openldap_server_country }}/ST={{ openldap_server_state }}/L={{ openldap_server_location }}/O={{ openldap_server_organization }}/CN={{ ansible_hostname }}/' -days 3650 -key my.key -out cert.crt -extensions v3_ca chdir={{ openldap_server_app_path }}/certs/ creates={{ openldap_server_app_path }}/certs/cert.crt

- name: copy the supporting files
copy: src=ldap dest=/etc/sysconfig/ldap mode=0755
when: openldap_server_enable_ssl and ansible_os_family == 'RedHat'
notify:
- restart slapd

- name: copy the supporting files
copy: src=slapd_fedora dest=/etc/sysconfig/slapd mode=0755
when: openldap_server_enable_ssl and ansible_distribution == "Fedora"
notify:
- restart slapd

- name: copy the supporting files
copy: src=slapd dest=/etc/default/slapd mode=0755
when: openldap_server_enable_ssl and ansible_os_family == 'Debian'
notify:
- restart slapd

- name: start the slapd service
service: name=slapd state=started enabled=yes

- name: Copy the template for creating base dn
template: src={{ openldap_server_ldif }} dest=/tmp/
register: result

- name: add the base domain
shell: ldapadd -x -D "cn=Manager,dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" -w {{ openldap_server_rootpw }} -f {{ result.dest|default(result.path) }} && touch {{ openldap_server_app_path }}/rootdn_created creates={{ openldap_server_app_path }}/rootdn_created

- name: Create the directory for ldap database

file: path=/var/lib/ldap/{{ openldap_server_domain_name }}/ state=directory owner={{ openldap_server_user }} group={{ openldap_server_user }}

- name: Create the directory for ldap certificates

file: path={{ openldap_server_app_path }}/certs/ state=directory owner={{ openldap_server_user }} group={{ openldap_server_user }}

- name: Generate the private key for certificate request

shell: openssl genrsa -des3 -passout pass:password -out my1.key 1024 chdir={{ openldap_server_app_path }}/certs/

creates={{ openldap_server_app_path }}/certs/my1.key

- name: Strip the passphrase from the key

shell: openssl rsa -in my1.key -passin pass:password -out my.key chdir={{ openldap_server_app_path }}/certs/

creates={{ openldap_server_app_path }}/certs/my.key

- name: Create and sign the the new certificate

shell: openssl req -new -x509 -subj '/C={{ openldap_server_country }}/ST={{ openldap_server_state }}/L={{ openldap_server_location }}/O={{ openldap_server_organization }}/CN={{ ansible_hostname }}/' -days 3650 -key my.key -out cert.crt -extensions v3_ca chdir={{ openldap_server_app_path }}/certs/ creates={{ openldap_server_app_path }}/certs/cert.crt

- name: copy the supporting files

copy: src=ldap dest=/etc/sysconfig/ldap mode=0755

when: openldap_server_enable_ssl and ansible_os_family == 'RedHat'

notify:

- restart slapd

- name: copy the supporting files

copy: src=slapd_fedora dest=/etc/sysconfig/slapd mode=0755

when: openldap_server_enable_ssl and ansible_distribution == "Fedora"

notify:

- restart slapd

- name: copy the supporting files

copy: src=slapd dest=/etc/default/slapd mode=0755

when: openldap_server_enable_ssl and ansible_os_family == 'Debian'

notify:

- restart slapd

- name: start the slapd service

service: name=slapd state=started enabled=yes

- name: Copy the template for creating base dn

- name: add the base domain

shell: ldapadd -x -D "cn=Manager,dc={{ openldap_server_domain_name.split('.')[0] }},dc={{ openldap_server_domain_name.split('.')[1] }}" -w {{ openldap_server_rootpw }} -f {{ result.dest|default(result.path) }} && touch {{ openldap_server_app_path }}/rootdn_created creates={{ openldap_server_app_path }}/rootdn_created

Ansible playbook to create shared folder

---

- hosts: unix
sudo: yes
connection: local
tasks:
- command: groupadd dev2
- command: groupadd ops2
- command: mkdir /home/spk2
- command: chgrp dev /home/spk2

Ansible playbook to configure samba

---
- hosts: unix
sudo: yes
connection: local
tasks:
- apt:
name: samba
state: present
- template:
src: '/etc/samba/smb.conf2'
dest: '/etc/samba/smb.conf2'
owner: 'root'
group: 'root'

notify: Restart Samba service

handlers:
- name: Restart Samba service
service: name=smb state=restarted

Ansible playbook to configure DNS named bind service

---
# tasks file for dns
- name: Install bind
yum:
pkg: bind
state: installed

- name: Set hostname
hostname:
name: "{{ host_name }}"

- name: Set hostname fact
set_fact:
ansible_fqdn: "{{ host_name }}"

- name: Copy named conf file
template:
src: named.conf.j2
dest: /etc/named.conf
owner: root
group: named
mode: 0660
notify: restart named

- name: Make named directory
file:
path: /etc/named
state: directory
owner: root
group: named
mode: 0750

- name: Copy named conf local file
template:
src: named.conf.local.j2
dest: /etc/named/named.conf.local
owner: root
group: named
mode: 0640
notify: restart named

- name: Make zones Directory
file:
path: /etc/named/zones
state: directory
owner: root
group: named
mode: 0750

- name: Copy forward file
template:
src: db.forward.j2
dest: /etc/named/zones/db.{{ domain }}
owner: root
group: named
mode: 0640
notify: restart named

- name: Copy reverse file
template:
src: db.reverse.j2
dest: /etc/named/zones/db.{{ rev_domain }}
owner: root
group: named
mode: 0640
notify: restart named

- name: Open firewall port
firewalld:
service: dns
permanent: true
state: enabled
immediate: yes

Ansible playbook to Copy named conf local file

- name: Copy named conf local file
template:
src: named.conf.local.j2
dest: /etc/named/named.conf.local
owner: root
group: named
mode: 0640
notify: restart named

Ansible playbook to Make named directory

- name: Make named directory
file:
path: /etc/named
state: directory
owner: root
group: named
mode: 0750

Ansible playbook to Copy named conf file

- name: Copy named conf file
template:
src: named.conf.j2
dest: /etc/named.conf
owner: root
group: named
mode: 0660
notify: restart named

Ansible Playbook to set FQDN

- name: Set hostname fact
set_fact:
ansible_fqdn: "{{ host_name }}"

Ansible playbook to set hostname

- name: Set hostname
hostname:
name: "{{ host_name }}"

Ansible Playbook to Install Bind

- name: Install bind
yum:
pkg: bind
state: installed

Ansible Playbook to open firewall port (DNS) (firewalld)

- name: Open firewall port
firewalld:
service: dns
permanent: true
state: enabled
immediate: yes

Ansible playbook to Install DFS on Windows server

- name: Install DFS

win_feature:

include_management_tools: yes

include_sub_features: yes

state: present

Ansible playbook to Add AD user to OU group

win_domain_user:

firstname: mouni

surname: motam

company: Netenrich

password: mouni123

state: present

groups:

- Operatonal Team

Ansible playbook to Add group and specify the AD domain services to use for the create win_domain_group (OU )

domain_username: user123

domain_password: user123

domain_server: team1.local

scope: domainlocal

Ansible playbook to Configure DNS on Windows server

- name: Installing Windows DNS Server

win_feature:

state: present

windows_dns_server_state: present

include_management_tools: yes

- name:Configure DNS

win_dns_client:

adapter_names: "Ethernet"

ipv4_addresses: 10.0.0.1

Ansible playbook to Configure Active directory on Windows server

tasks:

- name: Install AD Services feature

win_feature:

include_management_tools: yes

include_sub_features: yes

state: present

- name: Create new forest

win_domain:

dns_domain_name: team1.local

safe_mode_password: team1@123

- name: Reboot after creation

win_reboot:

msg: "Server config in progress; rebooting..."

when: result.reboot_required

Ansible playbook for downloading backup on cisco firewall ASA

---

- hosts: asa

connection: cli

vars:

cli:

host: 192.22.110.196

username: cisco

password: cisco123

transport: cli

authorize: yes

auth_pass: cisco

tasks:

asa_config:

lines:

- access-group cloud-acl_access_in in interface cloud13

provider: "{{ cli }}"

backup: yes

backup_options:

filename: backup.cfg

dir_path: /home/user

Ansible playbook to sanity check on cisco firewall ASA

Health check commands:

---

- hosts: sw

connection: network_cli

tasks:

- name: show commands

asa_commands:

commands:

- show version

- show uptime

- show memory

- show asadrops

delegate_to: localhost

- name: print

debug:

msg: "{{ managedhost_output.stdout }}"

Ansible playbook for Network Object Creation on cisco firewall ASA

---

- hosts: asa

tasks:

- name: configure network object

asa_og:

group_type: network-object

state: present

desciption: ansible testing

host_ip:

- 192.168.10.10

group_object:

- internal router

Ansible playbook for Service Object Creation on cisco firewall ASA

---

- hosts: asa

tasks:

- name: asa_config module

asa_config:

provider:

authorize: yes

host: 192.22.110.96

username: cisco

password: cisco123

auth_pass: cisco123

- name: Add service-object

asa_og:

host: 8.8.8.8

group_type: service-object

state: present

protocol: tcp

description: 'HTTP'

Ansible playbook for Access list Creation on cisco firewall ASA ( Web Policy Restriction )

---

- hosts: asa

connection: cli

vars:

cli:

host: 192.168.1.1

username: cisco

password: cisco123

transport: cli

authorize: yes

auth_pass: cisco

tasks:

- name: restricting google

- asa_acl:

lines:

- access-list ACL-OUTSIDE extended deny tcp any host 8.8.8.8 eq 80

context: cisco

provider: "{{ cli }}"

Ansible playbook for VLAN Creation on cisco switch

---

- hosts: sw

connection: network_cli

tasks:

- name: creating vlan

ios_vlan:

authorize: yes

provider:

username: cisco

password: cisco123

host: 172.22.110.201

vlan_id: 20

state: present

Ansible playbook for User Creation on cisco switch

---

- hosts: sw

connection: network_cli

tasks:

- name: creating user

ios_config:

provider:

username: cisco

password: cisco123

host: 172.22.110.201

lines:

- username srini privilege 1 password secret456

- line console 0

- login local

- end

Ansible playbook for Banner Creation on cisco switch

---

- hosts: sw

connection: network_cli

tasks:

- name: install banner

ios_banner:

banner: motd

text: |

unauthorized access is prohibited

state: present

Wednesday, 10 July 2019

Ansible playbook accessing variables from var file

---
- hosts: raghu
vars_files:
- firstplaybookvars.yml
tasks:
- name: Create file
file:
path: "{{ path }}"
state: "{{ state }}"
notify:
- restart apache

handlers:
- name: restart apache
service: name=httpd state=started

---
path: /tmp/raghu
state: touch

Ansible playbook with notify and handlers example

---
- hosts: raghu
vars:
path: /tmp/raghu
state: touch
tasks:
- name: Create file
file:
path: "{{ path }}"
state: "{{ state }}"
notify:
- restart apache

handlers:
- name: restart apache
service: name=httpd state=started

Ansible playbook loop with condition example

tasks:
- name: Create file
file:
path: "{{ item.path }}"
state: "{{ item.state }}"
loop:
- { path: '/tmp/ragx' , state: 'touch' }
when: item.path == '/tmp/raghu'

Ansible playbook loop example

tasks:
- name: Create file
file:
path: "{{ item.path }}"
state: "{{ item.state }}"
loop:
- { path: '/tmp/raghu' , state: 'touch' }
- { path: '/opt/raghu' , state: 'touch' }

Ansible playbook vars example

---
- hosts: raghu
vars:
path: /tmp/raghu
state: touch
tasks:
- name: Create file
file:
path: "{{ path }}"
state: "{{ state }}"

Ansible playbook to create folder

---
- hosts: raghu

tasks:
- name: Create file
file:
path: /tmp/raghu
state: touch

ansible vault

ansible-vault create vault.yml
ansible-vault view vault.yml
ansible-vault edit vault.yml
ansible-vault decrypt vault.yml
ansible-vault rekey vault.yml

ansible-playbook site.yml --ask-vault-pass
ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt

Tuesday, 18 June 2019

Install multiple python modules once from .txt file

pip install -r req.txt

Install Python 3.6.4 on CentOS 7 From a Repository

This is the easier method of the two for installing Python on your machine. Here, we simply add a repository that has the pre-compiled version ready for us to install. In this case, we are adding the Inline with Upstream Stable repository, a community project whose goal is to bring new versions of software to RHEL-based systems.

Step 1: Open a Terminal and add the repository to your Yum install.

sudo yum install -y https://centos7.iuscommunity.org/ius-release.rpm

Step 2: Update Yum to finish adding the repository.

sudo yum update

Step 3: Download and install Python.

This will not only install Python – but it will also install pip to help you with installing add-ons.

sudo yum install -y python36u python36u-libs python36u-devel python36u-pip

Once these commands are executed, simply check if the correct version of Python has been installed by executing the following command:

python3.6 -V

You have now finished installing Python 3.6.4 on your CentOS 7 machine, as well as installing a native Python package management tool called pip.

Saturday, 15 June 2019

Ansible Ad-Hoc Commands

Syntax
# Command hostgroups module/arguements[options]

Examples
#ansible webserver reboot
#ansible all -a uptime
#ansible all -a "uname -a"
#ansible all -m
# ansible-doc -l |more
#ansible-doc -l |more |wc -l
#ansible-doc -l | grep -i <modulename>
#ansible-doc <modulename>
#ansible-doc -s <modulename>
example
#ansible all -m ping
#ansible all -m ping -o
#ansible all -m user -a "name=john password=redhat"
#rpm -q httpd
#ansible all -a "yum -y install httpd"
rpm -q httpd
#ansible all -a "yum -y remove httpd"

#ansible all -m yum -a "name=httpd state=present"
#ansible all -m yum -a "name=httpd state=absent"

#ansible all -m shell -a "uname -a;df -h" -v

Friday, 14 June 2019

Installing Ansible on Ubuntu

Installing Ansible
Next, install Ansible. Here are the steps to make that happen:

Log into the Ubuntu Server that will host Ansible
Install the necessary repository with the command sudo apt-add-repository ppa:ansible/ansible.
Update apt with the command sudo apt-get update.
Install Ansible with the command sudo apt-get install ansible -y.
Because Ansible requires a Python interpreter (in order to run its modules), we need to install Python as well. For that, issue the command:

sudo apt-get install python -y
Note: You may find Python already installed.

At this point, Ansible is installed and ready to go.

Tuesday, 21 May 2019

how-can-i-split-a-perl-string-only-on-the-last-occurrence-of-the-separator

split(/:([^:]+)$/, $str)

Thursday, 2 May 2019

Top 15 Docker interview questions

Q1. What are the differences between Docker and Hypervisors?
Docker vs Hypervisors Features Hypervisors Docker Default Security Support
To a great degree
To a slightly less degree Memory on disk required
Complete OS plus apps
App requirement only Time Taken to start up
Substantially longer as it requires boot of OS plus app loading
Substantially shorter as apps only need to start as the kernel is already running Portability
Portable with proper preparation
Portable within image format; typically smaller Operating System
Supports multiple OS
It uses the host OS
Q2. What is Docker?
I will suggest you to start with a small definition of Docker.
• Docker is a containerization platform which packages your application and all its dependencies together in the form of containers so as to ensure that your application works seamlessly in any environment be it development or test or production.
• Docker containers, wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries etc. anything that can be installed on a server.
• This guarantees that the software will always run the same, regardless of its environment.
You can refer the diagram shown below, as you can see that containers run on a single machine share the same operating system kernel, they start instantly as only apps need to start as the kernel is already running and uses less RAM.
Note: Unlike Virtual Machines which has its own OS Docker containers uses the host
OS
Q3. What is Docker image?
I will suggest you to go with the below mentioned flow:
Docker image is the source of Docker container. In other words, Docker images are used to create containers. Images are created with the build command, and they’ll produce a container when started with run. Images are stored in a Docker registry such as registry.hub.docker.com because they can become quite large, images are designed to be composed of layers of other images, allowing a minimal amount of data to be sent when transferring images over the network. Tip: Be aware of Dockerhub in order to answer questions on pre-available images.
Q4. What is Docker container?
This is a very important question so just make sure you don’t deviate from the topic and I will advise you to follow the below mentioned format:
Docker containers include the application and all of its dependencies, but share the kernel with other containers, running as isolated processes in user space on the host operating system. Docker containers are not tied to any specific infrastructure: they run on any computer, on any infrastructure, and in any cloud. Now explain how to create a Docker container, Docker containers can be created by either creating a Docker image and then running it or you can use Docker images that are present on the Dockerhub.
Docker containers are basically runtime instances of Docker images.
Q5 What is Docker hub?
Answer to this question is pretty direct.
Docker hub is a cloud-based registry service which allows you to link to code repositories, build your images and test them, stores manually pushed images, and links to Docker cloud so you can deploy images to your hosts. It provides a centralized resource for container image discovery, distribution and change management, user and team collaboration, and workflow automation throughout the development pipeline.
Q6. How is Docker different from other container technologies?
According to me, below, points should be there in your answer:
Docker containers are easy to deploy in a cloud. It can get more applications running on the same hardware than other technologies, it makes it easy for developers to quickly create, ready-to-run containerized applications and it makes managing and deploying applications much easier. You can even share containers with your applications. If you have some more points to add you can do that but make sure the above the above explanation is there in your answer.
Q7. What is Docker Swarm?
You should start this answer by explaining Docker Swarn.
Docker Swarm is native clustering for Docker. It turns a pool of Docker hosts into a single, virtual Docker host. Docker Swarm serves the standard Docker API, any tool that already
communicates with a Docker daemon can use Swarm to transparently scale to multiple hosts.
I will also suggest you to include some supported tools:
• Dokku
• Docker Compose
• Docker Machine
• Jenkins
Q8. What is Dockerfile used for?
This answer, according to me should begin by explaining the use of Dockerfile.
Docker can build images automatically by reading the instructions from a Dockerfile.
Now I will suggest you to give a small definition of Dockerfle.
A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using docker build users can create an automated build that executes several command-line instructions in succession.
Q9. Can I use json instead of yaml for my compose file in Docker?
You can use json instead of yaml for your compose file, to use json file with compose, specify the filename to use for eg: docker-compose -f docker-compose.json up
Q10. Tell us how you have used Docker in your past position?
➢ Explain how you have used Docker to help rapid deployment. Explain how you have scripted Docker and used Docker with other tools like Puppet, Chef or Jenkins.
➢ If you have no past practical experience in Docker and have past experience with other tools in a similar space, be honest and explain the same. In this case, it makes sense if you can compare other tools to Docker in terms of functionality.
Q11. How to create Docker container?
I will suggest you to give a direct answer to this.
We can use Docker image to create Docker container by using the below command:
1
docker run -t -i command name
This command will create and start a container.
You should also add, If you want to check the list of all running container with the status on a host use the below command:
1
docker ps -a
Q12. How to stop and restart the Docker container?
In order to stop the Docker container you can use the below command:
1
docker stop container ID
Now to restart the Docker container you can use:
1
docker restart container ID
Q13 How far do Docker containers scale?
Large web deployments like Google and Twitter, and platform providers such as Heroku and dotCloud all run on container technology, at a scale of hundreds of thousands or even millions of containers running in parallel.
Q14. What platforms does Docker run on?
I will start this answer by saying Docker runs on only Linux and Cloud platforms and then I will mention the below vendors of Linux:
• Ubuntu 12.04, 13.04 et al
• Fedora 19/20+
• RHEL 6.5+
• CentOS 6+
• Gentoo
• ArchLinux
• openSUSE 12.3+
• CRUX 3.0+
Cloud:
• Amazon EC2
• Google Compute Engine
• Microsoft Azure
• Rackspace
Note that Docker does not run on Windows or Mac.
Q15. Do I lose my data when the Docker container exits?
You can answer this by saying, no I won’t lose my data when Docker container exits, any data that your application writes to disk gets preserved in its container until you explicitly delete the container. The file system for the container persists even after the container halts.
Q16. Mention some commonly used Docker command?
Below are some commonly used Docker commands: