# Introduction

![image.png](attachment:a4f1ea6d-03cd-430b-ad15-2d8a88b36fcc.png)

Let's say you're tasked with deploying a critical software update across hundreds of servers in your organization.
* You write an Ansible playbook to automate this task, and confident in your work, you decide to run it immediately in your production environment.
* However, due to an unnoticed error in the playbook, instead of updating the software, it unintentionally shuts down the service on all servers.
* The result was a significant downtime and a frantic scramble to restore the service.

This scenario underscores the importance of a critical step in the playbook development process, which is **verification**.

# Why do we need to verify playbooks?

**Verifying a playbook** before executing it in a production environment is a crucial practice.
* It's like a rehearsal before the actual performance, allowing you to catch and rectify any errors or unexpected behaviors in a controlled environment.
* Without this verification step, you run the risk of introducing unforeseen issues into your systems, as illustrated in the scenario shown.
* These issues can lead to system downtime, data loss or other serious consequences, and can be much more difficult and time-consuming to resolve than the initial problem the playbook was intended to address.

By verifying your playbooks, you can proceed with confidence knowing that your playbook will behave exactly as expected when it's run in your production environment.

This not only helps to maintain the stability and reliability of your systems but also saves you from potential headaches down the line.


# How can we verify playbooks in Ansible?

Ansible provides several modes for verifying playbooks, out of which the **check mode** and **diff mode** are the main ones.

## Check Mode

![image.png](attachment:fc2b1026-e0fd-4ecc-983f-75c689a168c8.png)

The **check mode** is a dry run mode where Ansible executes the playbook without making any actual changes on the hosts.
* It allows you to see what changes the playbook will make without applying them.
* To run a playbook in check mode, use the `--check` option.

Let's say you have a simple Ansible playbook saved as `install_nginx.yml` that installs the nginx web server on a host.

![image.png](attachment:6c7747bb-0f08-4dd8-88ee-cc9911084e87.png)

![image.png](attachment:eb5a3439-41af-4bbd-afac-56fb65dd7e90.png)

To run this playbook in **check mode**, you would use the `--check` option.
* In check mode, Ansible will not actually install nginx on the hosts.
* Instead, it will tell you what it would do if it were to run the playbook for real.
* In this output, you can see that Ansible says it would change the state of the web server on one host by installing nginx.
* However, because you ran the playbook in check mode, no changes were actually made.

Please note that not all Ansible modules support check mode. 

If a task uses a module that doesn't support check mode, the task will be skipped when you run the playbook in check mode.

## Diff mode

![image.png](attachment:e2db4203-3814-4004-a4b4-7eb6d6717fa8.png)

Another mode for verifying playbooks is **diff mode**. 
* **Diff mode**, when used with check mode, shows the differences between the current state and the state after the playbook is run.
* It provides a **before-and-after comparison**, which can be useful for understanding what changes a playbook will make.
* To run a playbook in diff mode, use the `--diff` option.

Here's an example playbook that ensures a specific line is present in a configuration file.

You can save this playbook as `configure-nginx.yml`.

![image.png](attachment:0bc5ee75-1788-476c-8f63-05a95c4b8425.png)

![image.png](attachment:6a7c1208-6cb2-4145-9439-399d9cea0f2f.png)

To run this playbook in check mode and diff mode, you'd use the `check` and `diff` options.
* The output might look something like this if the line is not already present in the file.
* In this output, you can see the exact change that would be made to the `/etc/nginx/nginx.conf` file.
* The line with the plus symbol shows what would be added to the file.

# Syntax mode

![image.png](attachment:b82068d7-bd0b-4723-8077-8f5ab7188093.png)

In addition to the `check` and `diff` modes, Ansible also provides a `syntax check mode`.
* This mode checks the syntax of your playbook for any errors.
* It's a quick way to catch syntax errors that could cause your playbook to fail.
* To run a playbook in `syntax check mode`, use the `--syntax-check` option.

Let's say you have the following playbook saved as configure_nginx.yml.
* You can run the syntax check with the `--syntax-check` option.
* The output will simply confirm the playbook syntax is correct.

![image.png](attachment:adcedacf-735d-4c83-88fa-e29dfc6fab5d.png)

Now, let's introduce a syntax error into the playbook by removing the colon after the `lineinfile`.

If you run the **syntax check** again, you'll receive an error message indicating the problem.

![image.png](attachment:19ca140e-47f5-4f9d-af1a-07b570bc4930.png)

This error message tells you exactly where the problem is, making it easier to fix the issue.

The syntax check mode is a quick way to catch such errors before running the playbook on your hosts.

![image.png](attachment:e1e7033c-dcb5-421b-9798-999c172ee9e3.png)
