Top 30 Configuration Management Interview Questions & Answers

Learn all the frequently asked interview questions on Configuration Management

Top 30 Configuration Management Interview Questions & Answers

1. What are the goals of Configuration management processes?

The purpose of Configuration Management (CM) is to ensure the integrity of a product or system throughout its life-cycle by making the development or deployment process controllable and repeatable, therefore creating a higher quality product or system. The CM process allows orderly management of system information and system changes for purposes such as to:

  • Revise capability
  • Improve performance
  • Reliability or maintainability
  • Extend life
  • Reduce cost
  • Reduce risk
  • Liability, or correct defects

2. What is the difference between Asset management and Configuration Management?

Given below are few differences between Asset Management and Configuration Management:

Asset Management:

  • Concerned with finances
  • Scope is everything you own
  • Interfaces to purchasing and leasing
  • Maintains data for taxes
  • Lifecycle from purchase to disposal
  • Only incidental relationships

Configuration Management:

  • Concerned with operations
  • Scope is everything you deploy
  • Interfaces to ITIL processes
  • Maintains data for troubleshooting
  • Lifecycle from deploy to retirement
  • All operational relationships

3. What do you understand by “Infrastructure as code”? How does it fit into the DevOps methodology? What purpose does it achieve?

Infrastructure as Code (IAC) is a type of IT infrastructure that operations teams can use to automatically manage and provision through code, rather than using a manual process.
Companies for faster deployments treat infrastructure like software: as code that can be managed with the DevOps tools and processes. These tools let you make infrastructure changes more easily, rapidly, safely and reliably.

4. What is Puppet?

Puppet is a configuration management tool ensuring that all systems are configured to a desired and predictable state. You can also use Puppet as a deployment tool as it can automatically deploy software on the system. Puppet implements infrastructure as code, which means you can test the environment and ensure that it is deployed accurately.

The Puppet environment can be broken down into the main server environment (shown above) and the client environment. In the main server environment, there is a Puppet master store which stores all configuration files.

5. What are Puppet Manifests?

Every node (or Puppet Agent) has got its configuration details in Puppet Master, written in the native Puppet language. These details are written in the language which Puppet can understand and are termed as Manifests. They are composed of Puppet code and their filenames use the .pp extension.

You can write a manifest in Puppet Master that creates a file and installs apache on all Puppet Agents (Slaves) connected to the Puppet Master.

6. What is Puppet Module and How it is different from Puppet Manifest?

A Puppet Module is a collection of Manifests and data (such as facts, files, and templates), and they have a specific directory structure. Modules are useful for organizing your Puppet code, because they allow you to split your code into multiple Manifests. It is considered best practice to use Modules to organize almost all of your Puppet Manifests.
Puppet programs are called Manifests which are composed of Puppet code and their file names use the .pp extension.

7. What is Facter in Puppet?

Facter gathers basic information (facts) about Puppet Agent such as hardware details, network settings, OS type and version, IP addresses, MAC addresses, SSH keys, and more. These facts are then made available in Puppet Master’s Manifests as variables.

8. How can I configure systems with Puppet?

In order to configure systems with Puppet in a client or server architecture, we have to use the Puppet Agent and the Puppet Master applications. In a stand-alone architecture, we have to use the Puppet apply application.

9. What is a Puppet codedir?

The codedir is the main directory for Puppet code and data. It is used by Puppet master and Puppet apply, but not by Puppet agent. It contains environments (which contain your manifests and modules), a global modules directory for all environments, and your Hiera data and configuration.

10. Where do you find codedir in Puppet?

It is found at one of the following locations:

Unix/Linux Systems:




Non-root users:


11. What is Chef?

It is a powerful automation platform that transforms infrastructure into code. Chef is a tool for which you write scripts that are used to automate processes.

It consists of:

  • Chef Server: The Chef Server is the central store of your infrastructure’s configuration data. The Chef Server stores the data necessary to configure your nodes and provides search, a powerful tool that allows you to dynamically drive node configuration based on data.
  • Chef Node: A Node is any host that is configured using Chef-client. Chef-client runs on your nodes, contacting the Chef Server for the information necessary to configure the node. Since a Node is a machine that runs the Chef-client software, nodes are sometimes referred to as “clients”.
  •  Chef Workstation: A Chef Workstation is the host you use to modify your cookbooks and other configuration data.

12. What is a resource in Chef?

A resource is a statement of configuration policy that:

  • Describes the desired state for a configuration item
  • Declares the steps needed to bring that item to the desired state
  • Specifies a resource type
  • such as package, template, or service
  • Lists additional details (also known as resource properties), as necessary
  • Are grouped into recipes, which describe working configurations


type 'name' do
attribute 'value'
action :type_of_action

13. What do you mean by recipe in Chef?

A recipe is the most fundamental configuration element. 

A recipe:

  • Is authored using Ruby, which is a programming language designed to read and behave in a predictable manner
  • Is mostly a collection of resources, defined using patterns (resource names, attribute-value pairs, and actions)
  • Must define everything that is required to configure part of a system
  • Must be stored in a cookbook
  • May be included in another recipe
  • May have a dependency on one (or more) recipes
  • Must be added to a run-list before it can be used by Chef Infra Client
  • Is always executed in the same order as listed in a run-list

14. How does a Cookbook differ from a Recipe in Chef?

A Recipe is a collection of Resources, and primarily configures a software package or some piece of infrastructure. A Cookbook groups together Recipes and other information in a way that is more manageable than having just Recipes alone.

15. Why are SSL certificates used in Chef?

  • SSL certificates are used between the Chef server and the client to ensure that each node has access to the right data.
  • Every node has a private and public key pair. The public key is stored at the Chef server.
  • When an SSL certificate is sent to the server, it will contain the private key of the node.
  • The server compares this against the public key in order to identify the node and give the node access to the required data.

16. What is Test Kitchen in Chef?

Test Kitchen is a command-line tool in Chef that spins up an instance and tests the cookbook on it before deploying it on the actual nodes.

17. How does chef-apply differ from chef-client?

  • chef-apply is run on the client system.
  • chef-apply applies the recipe mentioned in the command on the client system.

$ chef-apply recipe_name.rb

  • chef-client is also run on the client system.
  • chef-client applies all the cookbooks in your server’s run list to the client system.

$ knife chef-client

18. What is a Run-list in Chef?

Run-list is a feature in Chef that helps in specifying the recipes for running and the order for running them. Run-list is an ideal choice in the case of multiple cookbooks where the order of running the recipes is crucial.

Some of the essential highlights of a run-list in Chef are as follows:

  • Run-list is an outline of roles and recipes in a specific order in which they have to run. If the run-list has more than one mention of a recipe, then the chef-client will run it only once.
  • Run-list is specific to the node on which it runs. Interestingly, nodes could have run-list similar to that used by other nodes.
  • Run-list finds storage on the Chef server as a part of the node object.
  • Run-list maintenance involves either a knife or the Chef Management console. In the case of using a knife, the run-list should be uploaded to the Chef server from the workstation.

19. How can we apply an updated cookbook to a node?

There are three ways for application of an updated Cookbook to a node in Chef.

  • The first one involves running knife SSH from the workstation.
  • The second method involves direct SSH into the server, followed by running chef-client.
  • The final method involves running chef-client as a service or a daemon for reviewing the Chef server at regular intervals.

20. Which command helps in uploading a cookbook to the Chef server?

The command for uploading a cookbook to the Chef server is “knife cookbook upload”.

21. What are handlers, and how many are there in Chef?

Handlers are crucial tools for identifying situations developing in the course of a chef-client run. Then, the handlers inform the chef-client about essential methods to handle the situations. The three types of handlers in Chef are exception handler, start handler and report handler.

22. What details do you need to bootstrap on Chef?

The following details are mandatory to bootstrap in Chef.

  • User name and password for logging into a specific node.
  • Host name of the node or public IP address.
  • Key-based authentication as a replacement of user name and password credentials.

23.What is the use of Knife in Chef?

A knife is a command-line tool for creating an interface between the Chef server and a local chef-repo. The knife is ideal for the management of nodes, cookbooks and recipes as well as roles, data bags, and environments.

Furthermore, a knife is a promising instrument for managing resources in different cloud environments. Also, Knife helps in managing the installation of chef-client onto nodes and searching indexed data on the Chef server.

24. How does Ansible work?

Ansible works under two different types of servers. One is Nodes, and another one is the controlling machine. Controlling machine is the platform where Ansible is installed. On the other side, controlling machines control the Nodes through SSH. Besides, the inventory file holds the node’s location. The tool deploys the modules on a node by initiating the playbook. As it is agentless, you don’t need to use any other tool to control the process.

25. What do you mean by Ansible tower?

Ansible Tower is a hub to store all the automation tasks. It works on agentless modules. Besides, it doesn’t require any local file installation to connect nodes with the controlling machine. However, until ten nodes, you can use it for free.

26. What do you mean by Ansible Galaxy?

Ansible galaxy, bundled with Ansible creates the effective directory structure. In general, with the command, it can easily communicate with the client. Besides, it also offers to automate configuration through the playbook.

27. Can you explain about different Ansible modules?

Ansible comes with two different modules, i.e., Extra and Core modules. All these modules are idempotent.

  • Extra modules: Ansible community maintains such modules. Besides, the modules are reusable. Even though they are the parts of Ansible, you can separate them whenever you need.
  • Core modules: Core modules play a much greater role than extra modules. They always come with the software.

28. What are playbooks in Ansible?

Playbooks are Ansible’s configuration, deployment, and orchestration language. They can describe a policy you want your remote systems to enforce, or a set of steps in a general IT process. Playbooks are designed to be human-readable and are developed in a basic text language. At a basic level, playbooks can be used to manage configurations of and deployments to remote machines.

29. What is the difference between Puppet and Ansible?


  • Easy agentless installation
  • Based on Python
  • Configuration files are written in YAML
  • No support for Windows


  • Agent-based installation
  • Based on Ruby
  • Configuration files are written in DSL
  • Support for all popular OS’s

30. What do you mean by Ansible Vaults and explain their uses?

It is a unique feature of Ansible which let you store all the file securely. In general, it encrypts the files, YMAL Playbooks, and other variables in Ansible. Besides, it offers you can get unique facility where you encrypt as well as integrate the data with the Playbook. It comes with five-level granularity. That means, the files can be encrypted or unencrypted. You can use one single password to encrypt and decrypt the data.

Bijan Patel
Full Stack Test Automation Expert | Selenium Framework Developer | Certified Tosca Automation Specialist | Postman | DevOps | AWS | IC Agile Certified | Trainer | Youtuber | Blogger|

Launch your GraphyLaunch your Graphy
100K+ creators trust Graphy to teach online
QASCRIPT 2024 Privacy policy Terms of use Contact us Refund policy