Ansible Role to Test Network Connectivity

Ansible is used to do so many things. And if you already use Ansible for your automation tasks then you already have it ready to go. So why not use Ansible to test network connectivity?

What if you need to test a bunch of IPs and ports from several different servers. You can actually use Ansible to test the connectivity from multiple servers (which could be in different regions), to multiple tools or services (using their IP and port). Ansible is such a flexible tool for automation!

Not sure what Ansible is all about? First, check out the Ansible getting started guide.

Problem

Sometimes you need to do a quick test from one server to a certain IP and port to make sure there is network connectivity. Or maybe from multiple servers to multiple IPs and ports.

Sometimes you need to do this only once (hopefully) to get a new firewall rule implemented. Or perhaps you want to run this every day to ensure network connectivity from multiple servers to a certain tool.

Ansible can help us with this!

How does it work?

The Ansible Role uses a few Linux utilities, mainly netcat (nc), to test the source server(s) can reach the destination IP(s) and port(s).
This works with TCP and UDP protocols.

In addition, if your Ansible host (source server) has multiple IPs, it uses the ip route get command to determine which IP to use. Note, if that is wrong and you need a custom route added to your host, that is something you will need to fix.

Linux distributions tested:

  • Ubuntu 18.04 and 16.04
  • CentOS and RHEL: 7.x, 6.5, 5.9

The Connectivity Test Ansible Role is on Ansible Galaxy and GitHub.

Ansible Connectivity Test Role

Setup

Add this Ansible Role to your Ansible control node (or Ansible Tower, or Jenkins, etc).

Configuration

Add the variables to your Ansible setup. For example, if you want to test a group of Ansible hosts add this to group_vars where connectivity_test_grp is your group:
group_vars/connectivity_test_grp/connectivity-test-vars.yml

---
connectivity_test_destinations:
  - { ip: 192.168.56.10, port: 22 }
  - { ip: 192.168.56.10, port: 5000 }
  - { ip: 192.168.1.2, port: 53, protocol: udp }

The TCP protocol is used by default so it doesn’t need to be specified. (But you can if you want).

The above configuration will test 3 IPs and ports from every Ansible host in the group connectivity_test_destinations.
The first two lines test the IP 192.168.56.10 on ports 22 and 5000 using the TCP protocol.
The last line will test the IP 192.168.1.2 on port 53 using the UDP protocol.

Next, add your Ansible Playbook connectivity-test.yml:

---
- hosts: '{{inventory}}'
  become: yes
  roles:
  - connectivity-test

Usage

Run the Ansible Playbook (where connectivity_test_grp is a group in your inventory (hosts) file:

ansible-playbook connectivity-test.yml --extra-vars "inventory=connectivity_test_grp" -i hosts

If the requirements are already installed on the Ansible hosts, you can speed up the playbook by skipping that part:

ansible-playbook connectivity-test.yml --extra-vars "inventory=connectivity_test_grp" -i hosts --skip-tags connectivity_install_pkg

To clarify, more details are in the GitHub readme.

Conclusion – Test Network Connectivity

In conclusion, you can now use Ansible to test network connectivity from one or many Ansible hosts, to one or many different IPs and ports!

This can be helpful for testing firewall issues. Or to ensure a certain tool is reachable from a certain location. If you want you could add this to Ansible Tower or Jenkins as a scheduled task. For example, if you want to know if your lab environment can’t reach an important tool.

What other interesting things can you do with Ansible? Manage users with Ansible, keep your servers up to date, and use Jenkins as a front-end with Ansible Vault.