How to put the iptables issues into the playbook?

[agstephens]

We, and others using our playbooks, will be confused if the services are failing after the playbook has succeeded.

We need to include a check or some flag for the deployer to set that will explain the ports issue.

E.g.:

check_ports_are_open = true

This would at least bring the issue to the attention of the deployer.

We should document it clearly in the READMEs as well.

[agstephens]

Could upload and run this script, or similar:

# test-connections.py

import socket

required = {
    'wps1': [80, 5432, 6817],
    'batch1': [6818],
    'batch2': [6818],
    'batch3': [6818],
}

def test_connection(host, port):
    a_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    socket.setdefaulttimeout(3)

    location = (host, port)
    result_of_check = a_socket.connect_ex(location)

    print(f'Testing: {location}', end=' --> ')
    if result_of_check == 0:
        print("Port is open")
    else:
        print("Port is not open")

    a_socket.close()


def test_all():
    for host, ports in required.items():
        host = f'test-{host}'

        for port in ports:
            test_connection(host, port)


if __name__ == '__main__':

    test_all()

[cehbrecht]

We can use netcat:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_delegation.html

There is a playbook for this task:
https://ryandaniels.ca/blog/ansible-role-test-network-connectivity/

... but executed on the ansible host ... are ports open to the ansible host?

We could use post_tasks and delegate_to to run task on specific node:
https://docs.ansible.com/ansible/latest/reference_appendices/test_strategies.html#integrating-testing-with-rolling-updates