Firewall Rules Check with Ansible
53 views
Skip to first unread message
marcalfa1
Feb 22, 2018, 4:26:38 PM2/22/18
to Ansible Project
I have a firewall with about 50 rules and constantly growing. Is there a way I can create a playbook to test whether a source host can connect to a destination host on a specific port?
If that is possible I can create a playbook similar to my firewall rules so next time we make a change to the firewall, I can quickly validate all the rules using my ansible playbook.
Currently, my environment is Windows and Linux and telnet client is installed/enabled on every host.
Kai Stian Olstad
Feb 22, 2018, 5:00:54 PM2/22/18
to ansible...@googlegroups.com
https://docs.ansible.com/ansible/latest/wait_for_module.html
--
Kai Stian Olstad
marcalfa1
Feb 24, 2018, 10:23:35 PM2/24/18
to Ansible Project
marcalfa1
Feb 24, 2018, 10:23:47 PM2/24/18
to Ansible Project
I had a chance to check the wait_for module. Let say my ansible controller is HOST3 and I have two other VMs, let's call them HOST1 and HOST2. From my ansible controller (HOST3), can I create a playbook to check if HOST1 can connect to HOST2 over port 80? If that's possible, is there an example that shows how this playbook should look like.
Thanks in advance.
-mm
Kai Stian Olstad
Feb 25, 2018, 2:33:07 AM2/25/18
to ansible...@googlegroups.com
On Sunday, 25 February 2018 04.23.46 CET marcalfa1 wrote:
> I had a chance to check the wait_for module. Let say my ansible controller
> is HOST3 and I have two other VMs, let's call them HOST1 and HOST2. From
> my ansible controller (HOST3), can I create a playbook to check if HOST1
> can connect to HOST2 over port 80? If that's possible, is there an example
> that shows how this playbook should look like.
If host1 is Linux yes, if it's Windows I don't know.
> I had a chance to check the wait_for module. Let say my ansible controller
> is HOST3 and I have two other VMs, let's call them HOST1 and HOST2. From
> my ansible controller (HOST3), can I create a playbook to check if HOST1
> can connect to HOST2 over port 80? If that's possible, is there an example
> that shows how this playbook should look like.
---
- hosts: host1
tasks:
- wait_for:
host: host2
port: 80
timeout: 10
ignore_errors: true
register: result
- debug: var=result
--
Kai Stian Olstad
marcalfa1
Feb 25, 2018, 4:53:29 PM2/25/18
to Ansible Project
I tried your example and getting the following result. Is an inventory file needed since all the hosts being defined in the playbook?
[WARNING]: Could not match supplied host pattern, ignoring: all
[WARNING]: provided hosts list is empty, only localhost is available
[WARNING]: Could not match supplied host pattern, ignoring: HOST1
PLAY [HOST1] ********************************************************
skipping: no hosts matched
[WARNING]: Could not match supplied host pattern, ignoring: all
[WARNING]: provided hosts list is empty, only localhost is available
[WARNING]: Could not match supplied host pattern, ignoring: HOST1
PLAY [HOST1] ********************************************************
skipping: no hosts matched
On Thursday, February 22, 2018 at 4:26:38 PM UTC-5, marcalfa1 wrote:
Varun Chopra
Feb 26, 2018, 6:05:14 AM2/26/18
to Ansible Project
Yes, the playbook looks up hosts in the inventory file.
Reply all
Reply to author
Forward
0 new messages