Geek Answers Handbook

Ansible: check if the service is listening on a specific port

How can you use Ansible to confirm if a service is running on a specific port?

For example:

  • Does Apache work on port 80?
  • Does MySQL serve on port 3912?
  • Does Tomcat serve on port 8080?

I understand that there are service and wait_for commands that individually check if the service is running, and if the port is in use, but I have not found anything yet to verify listening on a specific port. service and wait_for will indicate the service and port there, but there is no guarantee that the port will be accepted by this particular service - this can be accepted by anyone. wait_for , as I understand it, just checks to see if it is being used.

There is a regex_search parameter in regex_search that mentions a search in the socket connection for a specific string, but as I understand it, it is just reading any information that comes on this socket, and not any access to what is sending this information.

How can we do this?

+8
linux ansible
source share
4 answers

There are several ways to interpret your question, so I will try to answer both of them:

Network Service Check

If your goal is to verify that a specific port is serving a specific application protocol, I would verify this by running the appropriate client.

  • To test Apache and Tomcat, I would use a GET specific URL and check the result code. For example:

     - name: check if apache is running command: curl -sf http://webserver/check_url

    And similarly for Tomcat.

  • To test MySQL, I would use the MySQL client:

     - name: check if mysql is running command: mysql -h dbhost -P dbport -e 'select 1'

Checking the process to which the socket belongs

If you really wanted to see which process keeps a particular port open, I think you could combine ss and grep , but that seems weird and unnecessary. Something like:

  - name: check if httpd has port 80 open shell: ss -tp state listening sport = :80 | grep httpd

If you want to check for a specific process id, you can do something similar with lsof :

  - name: check that pid {{apache_pid}} is listening on port 80 shell: lsof -p 1036 -P | grep 'TCP \*:80'

But then again, I do not necessarily find these options particularly useful. The service checks in the previous section seem more appropriate.

+5
source share

There is no built-in module that will check the combination of port and service. What you most likely need to do is determine the appropriate invocation of a command, such as netstat, and invoke it through command or shell . For example, in the linux window, the following command will show you which process is listening on port 80:

 $ netstat -tunlp | grep ":80 " | sed -e 's/.*\///' httpd

So, from Ansible, you probably want to do something like this:

 - name: Get service on port 80 shell: netstat -tunlp | grep ":80 " | sed -e 's/.*\///' register: results - name: See what netstat returned debug: var=results

If you want to be a little optimistic, you can write a shell script that encapsulates the netstat call and does more detailed parsing / checking of the output before returning the results to impossible ones. But then you will need to install this script before calling it.

+2
source share

AFAIK does not have a built-in module that does this. It may be trivial to do this with the shell module or write a small shell command that performs all the checks.

You can use the fuser command to check which process is listening on a given TCP port:

 $ sudo fuser -n tcp 80 80/tcp: 20031 20080 20081

You can use ps to view the process name:

 $ ps hp 20031,20080,20081 -o comm apache2 apache2 apache2

The combination of all:

 $ ps hp `fuser -n tcp 80 2> /dev/null | cut -d ' ' -f 2` -o comm apache2 $ ps hp `fuser -n tcp 80 2> /dev/null | cut -d ' ' -f 2` -o comm | grep apache2 -q $ echo $? # should be 0 if apache2 is listening on port 80 0
+2
source share

Perhaps you are considering this problem with the wrong approach. You should use configuration management systems (e.g. Ansible) to make changes to your system, but you would use something like Serverspec to make sure that the correct processes are listening on the correct ports. In addition, your textbooks should be designed so that you are never in an ambiguous situation where different services can be tapped on the same ports.

+1
source share

More articles:


All Articles