Let's say john.doe wants to issue a command that requires elevated privileges. If sudo is not used, "permission denied" will be returned.

[john.doe@server1 ~]# reboot
reboot: Permission denied

Likewise, if John Doe attempts to reboot using the shell module without using sudo . . .

---
- hosts: all
  tasks:
    - name: "reboot server"
      shell: "reboot"

"permission denied" will be returned.

[Errno 13] Permission denied

On a systemd system, the systemctl command is used to reboot the system, and only root has permission to execute the systemctl command.

[john.doe@server1 ~]# ls -l /bin/systemctl
-rwxr-xr-x. 1 root root 717568 Feb  4 10:30 /bin/systemctl

Let's say john.doe uses sudo to invoke the reboot command.

[john.doe@server1 ~]# sudo reboot

If john.doe has not been added to the /etc/sudoers file, the following will be displayed.

john.doe is not in the sudoers file. This incident will be reported.

If john.doe has been added to the /etc/sudoers file, but has not been granted permission to the command being issued, the following will be displayed.

john.doe is not allowed to run sudo on server1.  This incident will be reported.

John Doe can be granted permission to the reboot command (or any other command).

• Give a user permission to run certain commands
• Give a group permission to run certain commands

If John Doe is granted sudo permission with password, John will be prompted to provide his password, like this.

[john.doe@server1 ~]# sudo reboot
Password for john.doe: ******

If John Doe is granted sudo permission with the NOPASSWD option, John will not be prompted to provide his password and the system will reboot.

[john.doe@server1 ~]# sudo reboot

Let's say john.doe attempts to reboot server1 using the shell module and sudo.

---
- hosts: all
  tasks:
    - name: "reboot using sudo"
      shell: "sudo reboot"

Assuming the following option is commented out in ansible.cfg or set to true . . .

# command_warnings = False

. . . and you are not using the warn parameter, like this . . .

- name: "reboot using sudo"
  shell: "sudo reboot"
  warn: "false"

Invoking the play should return the following warning. 

[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running sudo

As the warning suggests, "become" should be used. There are different ways to use "become":

• Use the become command line flags - this will take precendence over all other approaches
• Use the become parameters in a playbook
• Use the become connection variables
• Use the become directives in ansible.cfg