loading...

Connectivity check WITH Ansible

koh_sh profile image koh-sh ・2 min read

Using telnet or nc command to make sure DNS, routing and firewalls are set correctly is a kind of common use case for server engineers.
But these commands are not always installed on servers, and they don't seem to be usable for Ansible.
In this situation, wait_for module is the right module to use.

What is wait_for

https://docs.ansible.com/ansible/latest/modules/wait_for_module.html

Main use cases for this module are,

  • wait until a port becomes LISTEN state after starting
  • wait for specific strings by tailing log files

But if you use this module with a very short timeout, it works as a port-level connectivity check.

Example

※Version of Ansible is 2.9.0
I created the below Playbook for example.

% cat test.yml
---
- hosts: Vag1
  gather_facts: False
  tasks:
    - name: check if github.com:22 is accessible
      wait_for:
        host: github.com
        port: 22
        state: started
        delay: 0
        timeout: 1

    - name: check if 192.168.33.12:25 is accessible
      wait_for:
        host: 192.168.33.12
        port: 25
        state: started
        delay: 0
        timeout: 1
        search_regex: Postfix
  • checking access to github.com with 22 port at the 1st task
  • checking access to 192.168.33.12 with 25 port and weather the string "Postfix" is shown at the 2nd task

Executing.

[koh@kohs-MBP] ~/vag_test
% ansible-playbook test.yml

PLAY [Vag1] *****************************************************************************************

TASK [check if github.com:22 is accessible] *********************************************************
ok: [Vag1]

TASK [check if 192.168.33.12:25 is accessible] ******************************************************
ok: [Vag1]

PLAY RECAP ******************************************************************************************
Vag1                       : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

[koh@kohs-MBP] ~/vag_test
%

If the destinations are accessible, its result should be ok

Next, I tried blocking accesses at 192.168.33.12 with firewalld.

[vagrant@Vag2] ~
% hostname -I 
10.0.2.15 192.168.33.12
[vagrant@Vag2] ~
% sudo systemctl start firewalld
[vagrant@Vag2] ~
%

Tried again.

[koh@kohs-MBP] ~/vag_test
% ansible-playbook test.yml

PLAY [Vag1] *****************************************************************************************

TASK [check if github.com:22 is accessible] *********************************************************
ok: [Vag1]

TASK [check if 192.168.33.12:25 is accessible] ******************************************************
fatal: [Vag1]: FAILED! => {"changed": false, "elapsed": 1, "msg": "Timeout when waiting for search string Postfix in 192.168.33.12:25"}

PLAY RECAP ******************************************************************************************
Vag1                       : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

zsh: exit 2     ansible-playbook test.yml
[koh@kohs-MBP] ~/vag_test
%

An error is thrown and you can see you couldn't access.

Conclusion

Googling Ansible connectivity check always returns about connectivity between a play node and target node, so it is kind of hard to find out.

Ref

https://devops.stackexchange.com/questions/1658/ansible-other-option-available-for-telnet-check-of-open-ports

Discussion

pic
Editor guide