How can I activate sudo without a password for the apache2 service?

Problem: I do not see how to enable the use of the service apache2 with sudo without password. I can enable it for all user commands, but as this seems like a bad idea, I only want to activate some commands.

Context: I'm trying to configure a streaming distribution / deployment system, and in this context, I let Ansible execute some commands on the target computers. Some of these commands unfortunately require sudo and I have to remove the corresponding password prompt. Ideally, all permissions in this process work with saved keys instead of passwords.

configs:
(Machine names have been replaced with placeholder values.)

Machine target.example.com under Ubuntu 18.04 LTS and Apache 2.x

Machine control.example.com under Ubuntu 16.04 LTS and Ansible 2.7.8

File /etc/sudoers.d/ansible on machine target.example.com:

ansible ALL = NOPASSWD: / usr / sbin / service / usr / sbin / apache2 *

File / etc / ansible / hostson machine control.example.com:

[production]



target.example.com

File ~ / deploy.yml on machine control.example.com:

---
- hosts: production
remote_user: ansible

Tasks:
- name: stop apache
shell: service apache2 stop
become: yes
become_method: sudo
- name: start apache
shell: service apache2 start
become: yes
become_method: sudo

Additional information:
When running ansible-playbook ~ / deploy.yml sure control.example.com, I receive an error sudo: a password is required. I can reproduce the prompt for the password when connecting to the target via ssh ansible@target.example.com and then running sudo service apache2 stop and sudo service apache2 start. Therefore, I hesitantly state that the problem lies somewhere with the sudo configuration on target.example.com and Ansible is only the messenger.

I've tried different configurations of /etc/sudoers.d/ansiblemainly because I am not at all sure of the correct syntax and have tried all kinds of expressions to see what works. The only job I've found is ansible ALL = NOPASSWD: ALL, which I want to avoid for security reasons.