How can I activate sudo without a password for the apache2 service?

Problem: I do not see how to enable the use of the service apache2 with sudo without password. I can enable it for all user commands, but as this seems like a bad idea, I only want to activate some commands.

Context: I'm trying to configure a streaming distribution / deployment system, and in this context, I let Ansible execute some commands on the target computers. Some of these commands unfortunately require sudo and I have to remove the corresponding password prompt. Ideally, all permissions in this process work with saved keys instead of passwords.

(Machine names have been replaced with placeholder values.)

Machine under Ubuntu 18.04 LTS and Apache 2.x

Machine under Ubuntu 16.04 LTS and Ansible 2.7.8

File /etc/sudoers.d/ansible on machine

ansible ALL = NOPASSWD: / usr / sbin / service / usr / sbin / apache2 *

File / etc / ansible / hostson machine


File ~ / deploy.yml on machine

- hosts: production
remote_user: ansible

- name: stop apache
shell: service apache2 stop
become: yes
become_method: sudo
- name: start apache
shell: service apache2 start
become: yes
become_method: sudo

Additional information:
When running ansible-playbook ~ / deploy.yml sure, I receive an error sudo: a password is required. I can reproduce the prompt for the password when connecting to the target via ssh and then running sudo service apache2 stop and sudo service apache2 start. Therefore, I hesitantly state that the problem lies somewhere with the sudo configuration on and Ansible is only the messenger.

I've tried different configurations of /etc/sudoers.d/ansiblemainly because I am not at all sure of the correct syntax and have tried all kinds of expressions to see what works. The only job I've found is ansible ALL = NOPASSWD: ALL, which I want to avoid for security reasons.