How to Dry Run an Ansible Playbook?

The check and diff modes are extremely useful to have a clear vision of the changes that are going to be performed on the target node.

I'm going to show you a live Playbook with some simple Ansible code.

I'm Luca Berton and welcome to today's episode of Ansible Pilot.

Ansible Playbook Dry Run

How to Dry Run the Ansible Playbook:

  • check
  • diff

command-line interface parameters

  • --check
  • --diff

Ansible Task statements

  • check_mode: true
  • diff: true

How to Dry Run an Ansible Playbook

Sometimes you need to deep-dive your Ansible Playbook to validate any changes on the target node.

It is useful to validate the code and have a clear vision of the single Ansible Task or Ansible Playbook outcome.

Let's explore the two modes: check and diff that you could enable via the ansible-playbook command or the Ansible Task statements check_mode: true and diff: trueinside the Playbook code.

These modes can be used separately or together.

The check mode is just a simulation, it's great to validate the Ansible Playbook without performing any action on the target machine.

The diff mode reports the changes made for any module that supports the diff mode.

It's common to combine together the two modes --check --diff in order to simulate the execution and have the full reports of changes and increase the execution verbosity.

Links

  • [Validating tasks: check mode and diff mode](https://docs.ansible.com/ansible/latest/user_guide/playbooks_checkmode.html)

Playbook

How to Dry Run the Ansible Playbook with the check and diff modes.

I'm going to show you the outcome of the check and diff modes on an Ansible Playbook with a simple task to enable the PermitRootLogin parameter in the SSH configuration file /etc/ssh/sshd_config.

code

``yaml

---

  • name: root login enabled

hosts: all

become: true

gather_facts: false

tasks:

- name: ssh PermitRootLogin

ansible.builtin.lineinfile:

dest: /etc/ssh/sshd_config

regexp: '^PermitRootLogin'

line: "PermitRootLogin yes"

state: present

notify: ssh restart

handlers:

- name: ssh restart

ansible.builtin.service:

name: sshd

state: restarted

`

before execution

Before the execution of the Ansible Playbook the PermitRootLogin is disabled in the SSH configuration file - no value.

`bash

$ ssh [email protected]

[devops@demo ~]$ sudo grep ^PermitRootLogin /etc/ssh/sshd_config

PermitRootLogin no

`

check execution

``bash

$ ansible-playbook --check -i virtualmachines/demo/inventory edit\ single-line\ text/enable_root_login.yml

PLAY [root login enabled] *

TASK [ssh PermitRootLogin] **

changed: [demo.example.com]

RUNNING HANDLER [ssh restart] *

ch