From 8c634d536d17f0a8414b0a2bc7b2f924ea565222 Mon Sep 17 00:00:00 2001
From: Piotr Magalski <piotr.magalski@orange.com>
Date: Thu, 13 Jun 2019 16:01:25 +0200
Subject: [PATCH] Playbooks to check traffic on PKG and SINK

Issue-ID: APPC-1466
Signed-off-by: Piotr Magalski <piotr.magalski@orange.com>
Change-Id: I25fabb5387ac8a108620a81e8ed2e2b52745b55b
(cherry picked from commit be033e311832f82c26658022d3d44735fad8cd40)
---
 .../latest/ansible/distributetrafficcheck/site.yml |  95 +++++++++++++
 .../latest/ansible/distributetrafficcheck/site.yml | 151 +++++++++++++++++++++
 2 files changed, 246 insertions(+)

diff --git a/tutorials/vFWDT/playbooks/vfw-sink/latest/ansible/distributetrafficcheck/site.yml b/tutorials/vFWDT/playbooks/vfw-sink/latest/ansible/distributetrafficcheck/site.yml
index e69de29b..04c80ea1 100644
--- a/tutorials/vFWDT/playbooks/vfw-sink/latest/ansible/distributetrafficcheck/site.yml
+++ b/tutorials/vFWDT/playbooks/vfw-sink/latest/ansible/distributetrafficcheck/site.yml
@@ -0,0 +1,95 @@
+---
+- hosts: vfw-sink
+  gather_facts: no
+  remote_user: ubuntu
+  vars:
+    time_measure: 30
+  tasks:
+
+  - name: Install grepcidr
+    apt:
+      name: grepcidr
+    become: yes
+
+  - include_vars: "{{ ConfigFileName }}"
+  - debug: var="trafficpresence"
+    failed_when: "'trafficpresence' is not defined"
+
+  - name: Get fw interface
+    shell: |
+      IP_PPNET=$(cat /etc/network/interfaces |grep address | awk '{print $2}' | grepcidr -f /opt/config/protected_private_net_cidr.txt)
+      cat /etc/network/interfaces | grep $IP_PPNET -B1 | grep iface | awk '{print $2}'
+    register: fw_ppnet_iface
+
+  - name: Traffic check if trafficpresence is TRUE
+    when:  trafficpresence == true
+    block:
+    - name: Traffic check if trafficpresence is TRUE
+      raw: |
+        #!/bin/bash
+        COL=$(netstat -i|grep lo |awk '{print NF}')
+        if [ $COL -eq 11 ] ; then NCOL=7
+          elif [  $COL -eq 12 ] ; then NCOL=8
+          else echo "bad NETSTAT version"
+        fi
+        TXOK_INITIAL=$(netstat -i | fgrep "{{ fw_ppnet_iface.stdout }}" | awk -v col=$NCOL '{print $col}')
+        sleep 0.1
+        for i in {1..{{ time_measure }}}
+        do
+          TXOK_CURRENT=$(netstat -i | fgrep "{{ fw_ppnet_iface.stdout }}" | awk -v col=$NCOL '{print $col}')
+          if [ $TXOK_CURRENT -gt $TXOK_INITIAL ] ; then
+            echo 'traffic present'
+            break
+          fi
+          sleep 1
+          echo $TXOK_CURRENT
+        done
+        if [ $TXOK_CURRENT -eq $TXOK_INITIAL ] ; then
+          echo 'traffic absent'
+          exit 1
+        fi
+      register: traffic_check
+      ignore_errors: yes
+    - debug:
+        msg: 'traffic absent {{ traffic_check.stdout_lines }} '
+      when: traffic_check.rc == 1
+      failed_when: traffic_check.rc == 1
+    - debug:
+        msg: 'traffic present {{ traffic_check.stdout_lines }} '
+      when: traffic_check.rc == 0
+
+  - name: Traffic check if trafficpresence is FALSE
+    when:  trafficpresence == false
+    block:
+    - name: Traffic check trafficpresence is FALSE
+      raw: |
+        #!/bin/bash
+        COL=$(netstat -i|grep lo |awk '{print NF}')
+        if [ $COL -eq 11 ] ; then NCOL=7
+        elif [  $COL -eq 12 ] ; then NCOL=8
+          else echo "bad NETSTAT version"
+        fi
+        for i in {1..{{ time_measure }}}
+        do
+          TXOK_INITIAL=$(netstat -i | fgrep "{{ fw_ppnet_iface.stdout }}" | awk -v col=$NCOL '{print $col}')
+          sleep 1
+          TXOK_CURRENT=$(netstat -i | fgrep "{{ fw_ppnet_iface.stdout }}" | awk -v col=$NCOL '{print $col}')
+          if [ $TXOK_CURRENT -eq $TXOK_INITIAL ] ; then
+            echo 'traffic absent'
+            break
+          fi
+        done
+        if [ $TXOK_CURRENT -gt $TXOK_INITIAL ] ; then
+          echo 'traffic present'
+          exit 1
+        fi
+      register: traffic_check
+      ignore_errors: yes
+    - debug:
+        msg: 'traffic absent {{ traffic_check.stdout_lines }} '
+      when: traffic_check.rc == 0
+    - debug:
+        msg: 'traffic present {{ traffic_check.stdout_lines }} '
+      when: traffic_check.rc == 1
+      failed_when: traffic_check.rc == 1
+
diff --git a/tutorials/vFWDT/playbooks/vpgn/latest/ansible/distributetrafficcheck/site.yml b/tutorials/vFWDT/playbooks/vpgn/latest/ansible/distributetrafficcheck/site.yml
index e69de29b..c6845dce 100644
--- a/tutorials/vFWDT/playbooks/vpgn/latest/ansible/distributetrafficcheck/site.yml
+++ b/tutorials/vFWDT/playbooks/vpgn/latest/ansible/distributetrafficcheck/site.yml
@@ -0,0 +1,151 @@
+---
+- hosts: vpgn
+  gather_facts: no
+  remote_user: ubuntu
+  tasks:
+
+  - name: Install tcpdump, grepcidr
+    apt:
+      name: "{{ packages }}"
+    vars:
+      packages:
+      - tcpdump
+      - grepcidr
+    become: true
+
+
+  - include_vars: "{{ ConfigFileName }}"
+  - debug: var="trafficpresence"
+    failed_when: "'trafficpresence' is not defined"
+
+  - name: Get all Interfaces
+    set_fact:
+      interfaces: "{{destinations[0].vservers | map(attribute='l-interfaces') | list}}"
+  - name: Interfaces vserver 1
+    set_fact:
+      vserver1_interfaces: "{{destinations[0].vservers[0]['l-interfaces'] | list}}"
+  - name: Interfaces vserver 2
+    set_fact:
+      vserver2_interfaces: "{{destinations[0].vservers[1]['l-interfaces'] | list}}"
+  - block:
+     - name: length interfaces vserver1
+       set_fact:
+         length1: "{{ vserver1_interfaces |length }}"
+     - name: length interfaces vserver2
+       set_fact:
+         length2: "{{ vserver2_interfaces |length }}"
+  - block:
+     - name: adress 1 vserver
+       set_fact:
+         sink_addresses:
+           - "{{destinations[0].vservers[0]['l-interfaces'][0]['ipv4-addresses'][0]}}"
+           - "{{destinations[0].vservers[0]['l-interfaces'][1]['ipv4-addresses'][0]}}"
+           - "{{destinations[0].vservers[0]['l-interfaces'][2]['ipv4-addresses'][0]}}"
+     - name: adress 2 vserver
+       set_fact:
+         fw_addresses:
+           - "{{destinations[0].vservers[1]['l-interfaces'][0]['ipv4-addresses'][0]}}"
+           - "{{destinations[0].vservers[1]['l-interfaces'][1]['ipv4-addresses'][0]}}"
+           - "{{destinations[0].vservers[1]['l-interfaces'][2]['ipv4-addresses'][0]}}"
+           - "{{destinations[0].vservers[1]['l-interfaces'][3]['ipv4-addresses'][0]}}"
+    when:
+      - length1 == "3"
+      - length2 == "4"
+  - block:
+     - name: adress 1 vserver
+       set_fact:
+         fw_addresses:
+           - "{{destinations[0].vservers[0]['l-interfaces'][0]['ipv4-addresses'][0]}}"
+           - "{{destinations[0].vservers[0]['l-interfaces'][1]['ipv4-addresses'][0]}}"
+           - "{{destinations[0].vservers[0]['l-interfaces'][2]['ipv4-addresses'][0]}}"
+           - "{{destinations[0].vservers[0]['l-interfaces'][3]['ipv4-addresses'][0]}}"
+     - name: adress 2 vserver
+       set_fact:
+         sink_addresses:
+           - "{{destinations[0].vservers[1]['l-interfaces'][0]['ipv4-addresses'][0]}}"
+           - "{{destinations[0].vservers[1]['l-interfaces'][1]['ipv4-addresses'][0]}}"
+           - "{{destinations[0].vservers[1]['l-interfaces'][2]['ipv4-addresses'][0]}}"
+    when:
+      - length1 == "4"
+      - length2 == "3"
+
+  - name: Concatenate sink_addresses
+    set_fact:
+      sink_addresses_conc: "{{ sink_addresses | join('\n') }}"
+
+  - name: Get sink IP fom json
+    shell: printf "{{ sink_addresses_conc }}" | grepcidr -f /opt/config/protected_net_cidr.txt
+    register: sink_ip
+
+  - debug: var=sink_ip.stdout
+
+  - name: Find interface name
+    shell:
+      cat /etc/network/interfaces | grep 255.255.255.0 -B2 | grep iface | awk '{print $2}'
+    register: interface_name
+
+  - name: Interface name
+    debug: msg='interface_name {{ interface_name.stdout }}'
+
+  - name: Traffic check if trafficpresence is TRUE
+    when:  trafficpresence == true
+    block:
+    - name: Traffic check if trafficpresence is TRUE
+      raw: |
+        #!/bin/bash
+        for i in {1..15}
+        do
+          sudo timeout 2 tcpdump -i {{ interface_name.stdout }} dst {{ sink_ip.stdout }} -c 10 > /dev/null 2>&1
+          timeout_result=$?
+            if [ $timeout_result == 0 ] ; then
+              echo 'traffic present'
+              break
+            fi
+        done
+        if [ $timeout_result == 124 ] ; then
+          echo 'traffic absent'
+        elif [ $timeout_result != 0 ] ; then
+          echo 'other error'
+        fi
+        exit $timeout_result
+      register: traffic_check
+      ignore_errors: yes
+    - debug:
+        msg: 'traffic absent {{ traffic_check.stdout_lines }} '
+      when: traffic_check.rc == 124
+      failed_when: traffic_check.rc == 124
+    - debug:
+        msg: 'traffic present {{ traffic_check.stdout_lines }} '
+      when: traffic_check.rc == 0
+
+  - name: Traffic check if trafficpresence is FALSE
+    when:  trafficpresence == false
+    block:
+    - name: Traffic check trafficpresence is FALSE
+      raw: |
+        #!/bin/bash
+        for i in {1..3}
+        do
+          sudo timeout 10  tcpdump -i {{ interface_name.stdout }} dst {{ sink_ip.stdout }} -c 1 > /dev/null 2>&1
+          timeout_result=$?
+            if [ $timeout_result == 124 ] ; then
+              echo 'traffic absent'
+              break
+            fi
+        done
+        if [ $timeout_result == 0 ] ; then
+          echo 'traffic present'
+         elif [ $timeout_result != 124 ] ; then
+          echo 'other error'
+        fi
+        exit $timeout_result
+      register: traffic_check
+      ignore_errors: yes
+    - debug:
+        msg: 'traffic absent {{ traffic_check.stdout_lines }} traffic_check.rc {{ traffic_check.rc }}'
+      when: traffic_check.rc == 124
+    - debug:
+        msg: 'traffic present {{ traffic_check.stdout_lines }} traffic_check.rc {{ traffic_check.rc }}'
+      when: traffic_check.rc == 0
+      failed_when: traffic_check.rc == 0
+
-- 
2.16.6