2016-04-04 22:03:17 +00:00
.. _check_mode_dry:
2013-09-29 20:19:59 +00:00
Check Mode ("Dry Run")
======================
2013-02-23 19:34:29 +00:00
.. versionadded :: 1.1
2013-12-26 19:32:01 +00:00
.. contents :: Topics
2014-01-22 05:05:21 +00:00
When ansible-playbook is executed with `` --check `` it will not make any changes on remote systems. Instead, any module
2013-10-05 18:57:45 +00:00
instrumented to support 'check mode' (which contains most of the primary core modules, but it is not required that all modules do
this) will report what changes they would have made rather than making them. Other modules that do not support check mode will also take no action, but just will not report what changes they might have made.
2013-02-23 19:34:29 +00:00
Check mode is just a simulation, and if you have steps that use conditionals that depend on the results of prior commands,
it may be less useful for you. However it is great for one-node-at-time basic configuration management use cases.
Example::
ansible-playbook foo.yml --check
2013-10-04 22:34:39 +00:00
.. _forcing_to_run_in_check_mode:
2016-07-23 00:40:14 +00:00
Enabling or disabling check mode for tasks
`` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ``
2013-08-20 21:09:44 +00:00
2016-07-23 00:40:14 +00:00
.. versionadded :: 2.2
2013-08-20 21:09:44 +00:00
2016-07-23 00:40:14 +00:00
Sometimes you may want to modify the check mode behavior of individual tasks. This is done via the `` check_mode `` option, which can
2019-06-26 21:07:27 +00:00
be added to tasks.
2016-07-23 00:40:14 +00:00
There are two options:
1. Force a task to **run in check mode** , even when the playbook is called **without** `` --check `` . This is called `` check_mode: yes `` .
2. Force a task to **run in normal mode** and make changes to the system, even when the playbook is called **with** `` --check `` . This is called `` check_mode: no `` .
2017-08-19 21:00:51 +00:00
.. note :: Prior to version 2.2 only the equivalent of `` check_mode: no `` existed. The notation for that was `` always_run: yes `` .
2016-07-23 00:40:14 +00:00
Instead of `` yes `` /`` no `` you can use a Jinja2 expression, just like the `` when `` clause.
2013-08-20 21:09:44 +00:00
Example::
2018-02-03 11:28:22 +00:00
tasks:
- name: this task will make changes to the system even in check mode
command: /something/to/run --even-in-check-mode
check_mode: no
2013-08-20 21:09:44 +00:00
2018-02-03 11:28:22 +00:00
- name: this task will always run under checkmode and not change the system
lineinfile:
line: "important config"
dest: /path/to/myconfig.conf
state: present
check_mode: yes
2016-07-23 00:40:14 +00:00
Running single tasks with `` check_mode: yes `` can be useful to write tests for
2017-08-19 21:00:51 +00:00
ansible modules, either to test the module itself or to the conditions under
2019-06-26 21:07:27 +00:00
which a module would make changes.
With `` register `` (see :ref: `playbooks_conditionals` ) you can check the
2016-07-23 00:40:14 +00:00
potential changes.
Information about check mode in variables
`` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ``
2013-08-20 21:09:44 +00:00
2016-07-23 00:40:14 +00:00
.. versionadded :: 2.1
2016-01-20 18:47:09 +00:00
2016-07-23 00:40:14 +00:00
If you want to skip, or ignore errors on some tasks in check mode
you can use a boolean magic variable `` ansible_check_mode ``
which will be set to `` True `` during check mode.
2016-01-20 18:47:09 +00:00
Example::
2018-02-03 11:28:22 +00:00
tasks:
2016-01-20 18:47:09 +00:00
2018-02-03 11:28:22 +00:00
- name: this task will be skipped in check mode
git:
repo: ssh://git@github.com/mylogin/hello.git
dest: /home/mylogin/hello
when: not ansible_check_mode
2016-01-20 18:47:09 +00:00
2018-02-03 11:28:22 +00:00
- name: this task will ignore errors in check mode
git:
repo: ssh://git@github.com/mylogin/hello.git
dest: /home/mylogin/hello
ignore_errors: "{{ ansible_check_mode }}"
2013-08-20 21:09:44 +00:00
2013-10-04 22:34:39 +00:00
.. _diff_mode:
2013-08-20 21:09:44 +00:00
2014-01-22 05:05:21 +00:00
Showing Differences with `` --diff ``
`` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ` ``
2013-02-23 19:34:29 +00:00
.. versionadded :: 1.1
2017-07-18 15:27:28 +00:00
The `` --diff `` option to ansible-playbook works great with `` --check `` (detailed above) but can also be used by itself.
2017-07-26 02:12:21 +00:00
When this flag is supplied and the module supports this, Ansible will report back the changes made or, if used with `` --check `` , the changes that would have been made.
2017-07-18 15:27:28 +00:00
This is mostly used in modules that manipulate files (i.e. template) but other modules might also show 'before and after' information (i.e. user).
2017-07-26 02:12:21 +00:00
Since the diff feature produces a large amount of output, it is best used when checking a single host at a time. For example::
2013-02-23 19:34:29 +00:00
ansible-playbook foo.yml --check --diff --limit foo.example.com
2018-04-05 18:08:30 +00:00
.. versionadded :: 2.4
2019-06-26 21:07:27 +00:00
The `` --diff `` option can reveal sensitive information. This option can disabled for tasks by specifying `` diff: no `` .
2018-04-05 18:08:30 +00:00
Example::
tasks:
- name: this task will not report a diff when the file changes
template:
src: secret.conf.j2
dest: /etc/secret.conf
owner: root
group: root
mode: '0600'
diff: no