patternMajor
Ansible: Other option available for telnet check of open ports?
Viewed 0 times
portsavailablecheckopenoptionfortelnetotheransible
Problem
I'm new to Ansible. Here's my task ...
I have 400+ hosts, and I need to verify if 5 different ports are open from their end to our web server.
Individually, I could log in and run:
..and so on..
What module or plugin could be used in Ansible so I could automate this, and have it report the results (whether open or closed ports) back to my Ansible server?
I have 400+ hosts, and I need to verify if 5 different ports are open from their end to our web server.
Individually, I could log in and run:
telnet mywebserver.com 443
telnet mywebserver.com 80
telnet mywebserver.com 8443..and so on..
What module or plugin could be used in Ansible so I could automate this, and have it report the results (whether open or closed ports) back to my Ansible server?
Solution
You can use the Ansible wait_for module which checks a specific TCP port is open.
Since in this case, all ports should be open already, we can use a minimal no. of retries, just enough to cover network issues:
By default, Ansible will check once every second (configurable in Ansible 2.3 using the
Run this in a playbook against your inventory of 400+ hosts - Ansible will check in parallel that all hosts can reach
We use
Open ports are reported as
Fine-tuning output
If you want more specific output for the success and failure cases, the code must be more complex, adding a second task:
Since in this case, all ports should be open already, we can use a minimal no. of retries, just enough to cover network issues:
- name: Check all port numbers are accessible from the current host
wait_for:
host: mywebserver.com
port: "{{ item }}"
state: started # Port should be open
delay: 0 # No wait before first check (sec)
timeout: 3 # Stop checking after timeout (sec)
ignore_errors: yes
with_items:
- 443
- 80
- 80443By default, Ansible will check once every second (configurable in Ansible 2.3 using the
sleep attribute), so this will check 3 times per port.Run this in a playbook against your inventory of 400+ hosts - Ansible will check in parallel that all hosts can reach
mywebserver.com on those ports.- the parallelism is subject to the forks setting in your
ansible.cfg.
We use
ignore_errors: yes here so that any errors are marked in red but do not stop execution.Open ports are reported as
ok items in output and closed ports are reported as failed (you must use -vv flag on ansible-playbook to see this output).Fine-tuning output
If you want more specific output for the success and failure cases, the code must be more complex, adding a second task:
wait_fortask mustregistera variable
- the second task produces output using
debugbased on success/failure condition (e.g. using Jinja2 conditional expression)
- then you need to put both these tasks in an include file (without any
with_itemsloop), and write a main playbook task that uses aninclude...with_itemsto call the include file once per port.
Code Snippets
- name: Check all port numbers are accessible from the current host
wait_for:
host: mywebserver.com
port: "{{ item }}"
state: started # Port should be open
delay: 0 # No wait before first check (sec)
timeout: 3 # Stop checking after timeout (sec)
ignore_errors: yes
with_items:
- 443
- 80
- 80443Context
StackExchange DevOps Q#1658, answer score: 36
Revisions (0)
No revisions yet.