tutorials/vFWDT/playbooks/vpgn/latest/ansible/distributetrafficcheck/site.yml

   1 ---
   2 - hosts: vpgn
   3   gather_facts: no
   4   remote_user: ubuntu
   5   tasks:
   6
   7   - name: Install tcpdump, grepcidr
   8     apt:
   9       name: "{{ packages }}"
  10     vars:
  11       packages:
  12       - tcpdump
  13       - grepcidr
  14     become: true
  15
  16
  17   - include_vars: "{{ ConfigFileName }}"
  18   - debug: var="trafficpresence"
  19     failed_when: "'trafficpresence' is not defined"
  20
  21   - name: Get all Interfaces
  22     set_fact:
  23       interfaces: "{{destinations[0].vservers | map(attribute='l-interfaces') | list}}"
  24   - name: Interfaces vserver 1
  25     set_fact:
  26       vserver1_interfaces: "{{destinations[0].vservers[0]['l-interfaces'] | list}}"
  27   - name: Interfaces vserver 2
  28     set_fact:
  29       vserver2_interfaces: "{{destinations[0].vservers[1]['l-interfaces'] | list}}"
  30   - block:
  31      - name: length interfaces vserver1
  32        set_fact:
  33          length1: "{{ vserver1_interfaces |length }}"
  34      - name: length interfaces vserver2
  35        set_fact:
  36          length2: "{{ vserver2_interfaces |length }}"
  37   - block:
  38      - name: adress 1 vserver
  39        set_fact:
  40          sink_addresses:
  41            - "{{destinations[0].vservers[0]['l-interfaces'][0]['ipv4-addresses'][0]}}"
  42            - "{{destinations[0].vservers[0]['l-interfaces'][1]['ipv4-addresses'][0]}}"
  43            - "{{destinations[0].vservers[0]['l-interfaces'][2]['ipv4-addresses'][0]}}"
  44      - name: adress 2 vserver
  45        set_fact:
  46          fw_addresses:
  47            - "{{destinations[0].vservers[1]['l-interfaces'][0]['ipv4-addresses'][0]}}"
  48            - "{{destinations[0].vservers[1]['l-interfaces'][1]['ipv4-addresses'][0]}}"
  49            - "{{destinations[0].vservers[1]['l-interfaces'][2]['ipv4-addresses'][0]}}"
  50            - "{{destinations[0].vservers[1]['l-interfaces'][3]['ipv4-addresses'][0]}}"
  51     when:
  52       - length1 == "3"
  53       - length2 == "4"
  54   - block:
  55      - name: adress 1 vserver
  56        set_fact:
  57          fw_addresses:
  58            - "{{destinations[0].vservers[0]['l-interfaces'][0]['ipv4-addresses'][0]}}"
  59            - "{{destinations[0].vservers[0]['l-interfaces'][1]['ipv4-addresses'][0]}}"
  60            - "{{destinations[0].vservers[0]['l-interfaces'][2]['ipv4-addresses'][0]}}"
  61            - "{{destinations[0].vservers[0]['l-interfaces'][3]['ipv4-addresses'][0]}}"
  62      - name: adress 2 vserver
  63        set_fact:
  64          sink_addresses:
  65            - "{{destinations[0].vservers[1]['l-interfaces'][0]['ipv4-addresses'][0]}}"
  66            - "{{destinations[0].vservers[1]['l-interfaces'][1]['ipv4-addresses'][0]}}"
  67            - "{{destinations[0].vservers[1]['l-interfaces'][2]['ipv4-addresses'][0]}}"
  68     when:
  69       - length1 == "4"
  70       - length2 == "3"
  71
  72   - name: Concatenate sink_addresses
  73     set_fact:
  74       sink_addresses_conc: "{{ sink_addresses | join('\n') }}"
  75
  76   - name: Get sink IP fom json
  77     shell: printf "{{ sink_addresses_conc }}" | grepcidr -f /opt/config/protected_net_cidr.txt
  78     register: sink_ip
  79
  80   - debug: var=sink_ip.stdout
  81
  82   - name: Find interface name
  83     shell:
  84       cat /etc/network/interfaces | grep 255.255.255.0 -B2 | grep iface | awk '{print $2}'
  85     register: interface_name
  86
  87   - name: Interface name
  88     debug: msg='interface_name {{ interface_name.stdout }}'
  89
  90   - name: Traffic check if trafficpresence is TRUE
  91     when: trafficpresence == true
  92     block:
  93     - name: Traffic check if trafficpresence is TRUE
  94       raw: |
  95         #!/bin/bash
  96         for i in {1..15}
  97         do
  98           sudo timeout 2 tcpdump -i {{ interface_name.stdout }} dst {{ sink_ip.stdout }} -c 10 > /dev/null 2>&1
  99           timeout_result=$?
 100             if [ $timeout_result == 0 ] ; then
 101               echo 'traffic present'
 102               break
 103             fi
 104         done
 105         if [ $timeout_result == 124 ] ; then
 106           echo 'traffic absent'
 107         elif [ $timeout_result != 0 ] ; then
 108           echo 'other error'
 109         fi
 110         exit $timeout_result
 111       register: traffic_check
 112       ignore_errors: yes
 113     - debug:
 114         msg: 'traffic absent {{ traffic_check.stdout_lines }} '
 115       when: traffic_check.rc == 124
 116       failed_when: traffic_check.rc == 124
 117     - debug:
 118         msg: 'traffic present {{ traffic_check.stdout_lines }} '
 119       when: traffic_check.rc == 0
 120
 121   - name: Traffic check if trafficpresence is FALSE
 122     when: trafficpresence == false
 123     block:
 124     - name: Traffic check trafficpresence is FALSE
 125       raw: |
 126         #!/bin/bash
 127         for i in {1..3}
 128         do
 129           sudo timeout 10  tcpdump -i {{ interface_name.stdout }} dst {{ sink_ip.stdout }} -c 1 > /dev/null 2>&1
 130           timeout_result=$?
 131             if [ $timeout_result == 124 ] ; then
 132               echo 'traffic absent'
 133               break
 134             fi
 135         done
 136         if [ $timeout_result == 0 ] ; then
 137           echo 'traffic present'
 138          elif [ $timeout_result != 124 ] ; then
 139           echo 'other error'
 140         fi
 141         exit $timeout_result
 142       register: traffic_check
 143       ignore_errors: yes
 144     - debug:
 145         msg: 'traffic absent {{ traffic_check.stdout_lines }} traffic_check.rc {{ traffic_check.rc }}'
 146       when: traffic_check.rc == 124
 147     - debug:
 148         msg: 'traffic present {{ traffic_check.stdout_lines }} traffic_check.rc {{ traffic_check.rc }}'
 149       when: traffic_check.rc == 0
 150       failed_when: traffic_check.rc == 0