Learn how to run your playbooks without having the changes actually apply. This is a great way for Ansible to validate a playbook.
Ansible Check and Diff modes
Check mode
check mode is a way for Ansible to do a "Dry Run" and validate your playbook without making any actual changes to remote systems. Simply adding --check to the end of your ansible-playbook command will run ansible in check mode. This is a great way to test your playbook during the development cycle.
Here is an example of running an ansible play in checkmode
ansible-playbook -i hosts -K playbook-apt-install.yml --check
After running in check mode, you should see output similar to below.
PLAY RECAP ******************************************************************************************************************
node3 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Diff mode
diff mode gives a verbose before-and-after comparison of changes being made.
Here's how to run it.
ansible-playbook -i hosts -K playbook-apt-install.yml --check
You will get output like below in regards to what changes on the system will be made.
TASK [ensure NMAP is installed.] ********************************************************************************************
Suggested packages:
ncat ndiff zenmap
The following NEW packages will be installed:
nmap
0 upgraded, 1 newly installed, 0 to remove and 85 not upgraded.
Combining Check and Diff
Although not required, it's common practice to combine both check and diff together. This way you can do a Dry Run of your playbook AND get all the changes that would be made.
ansible-playbook -i hosts -K playbook-apt-install.yml --check --diff