summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--tutorials/vFWDT/playbooks/vfw-sink/latest/ansible/distributetrafficcheck/site.yml95
-rw-r--r--tutorials/vFWDT/playbooks/vpgn/latest/ansible/distributetrafficcheck/site.yml151
2 files changed, 246 insertions, 0 deletions
diff --git a/tutorials/vFWDT/playbooks/vfw-sink/latest/ansible/distributetrafficcheck/site.yml b/tutorials/vFWDT/playbooks/vfw-sink/latest/ansible/distributetrafficcheck/site.yml
index e69de29b..04c80ea1 100644
--- a/tutorials/vFWDT/playbooks/vfw-sink/latest/ansible/distributetrafficcheck/site.yml
+++ b/tutorials/vFWDT/playbooks/vfw-sink/latest/ansible/distributetrafficcheck/site.yml
@@ -0,0 +1,95 @@
+---
+- hosts: vfw-sink
+ gather_facts: no
+ remote_user: ubuntu
+ vars:
+ time_measure: 30
+ tasks:
+
+ - name: Install grepcidr
+ apt:
+ name: grepcidr
+ become: yes
+
+ - include_vars: "{{ ConfigFileName }}"
+ - debug: var="trafficpresence"
+ failed_when: "'trafficpresence' is not defined"
+
+ - name: Get fw interface
+ shell: |
+ IP_PPNET=$(cat /etc/network/interfaces |grep address | awk '{print $2}' | grepcidr -f /opt/config/protected_private_net_cidr.txt)
+ cat /etc/network/interfaces | grep $IP_PPNET -B1 | grep iface | awk '{print $2}'
+ register: fw_ppnet_iface
+
+ - name: Traffic check if trafficpresence is TRUE
+ when: trafficpresence == true
+ block:
+ - name: Traffic check if trafficpresence is TRUE
+ raw: |
+ #!/bin/bash
+ COL=$(netstat -i|grep lo |awk '{print NF}')
+ if [ $COL -eq 11 ] ; then NCOL=7
+ elif [ $COL -eq 12 ] ; then NCOL=8
+ else echo "bad NETSTAT version"
+ fi
+ TXOK_INITIAL=$(netstat -i | fgrep "{{ fw_ppnet_iface.stdout }}" | awk -v col=$NCOL '{print $col}')
+ sleep 0.1
+ for i in {1..{{ time_measure }}}
+ do
+ TXOK_CURRENT=$(netstat -i | fgrep "{{ fw_ppnet_iface.stdout }}" | awk -v col=$NCOL '{print $col}')
+ if [ $TXOK_CURRENT -gt $TXOK_INITIAL ] ; then
+ echo 'traffic present'
+ break
+ fi
+ sleep 1
+ echo $TXOK_CURRENT
+ done
+ if [ $TXOK_CURRENT -eq $TXOK_INITIAL ] ; then
+ echo 'traffic absent'
+ exit 1
+ fi
+ register: traffic_check
+ ignore_errors: yes
+ - debug:
+ msg: 'traffic absent {{ traffic_check.stdout_lines }} '
+ when: traffic_check.rc == 1
+ failed_when: traffic_check.rc == 1
+ - debug:
+ msg: 'traffic present {{ traffic_check.stdout_lines }} '
+ when: traffic_check.rc == 0
+
+ - name: Traffic check if trafficpresence is FALSE
+ when: trafficpresence == false
+ block:
+ - name: Traffic check trafficpresence is FALSE
+ raw: |
+ #!/bin/bash
+ COL=$(netstat -i|grep lo |awk '{print NF}')
+ if [ $COL -eq 11 ] ; then NCOL=7
+ elif [ $COL -eq 12 ] ; then NCOL=8
+ else echo "bad NETSTAT version"
+ fi
+ for i in {1..{{ time_measure }}}
+ do
+ TXOK_INITIAL=$(netstat -i | fgrep "{{ fw_ppnet_iface.stdout }}" | awk -v col=$NCOL '{print $col}')
+ sleep 1
+ TXOK_CURRENT=$(netstat -i | fgrep "{{ fw_ppnet_iface.stdout }}" | awk -v col=$NCOL '{print $col}')
+ if [ $TXOK_CURRENT -eq $TXOK_INITIAL ] ; then
+ echo 'traffic absent'
+ break
+ fi
+ done
+ if [ $TXOK_CURRENT -gt $TXOK_INITIAL ] ; then
+ echo 'traffic present'
+ exit 1
+ fi
+ register: traffic_check
+ ignore_errors: yes
+ - debug:
+ msg: 'traffic absent {{ traffic_check.stdout_lines }} '
+ when: traffic_check.rc == 0
+ - debug:
+ msg: 'traffic present {{ traffic_check.stdout_lines }} '
+ when: traffic_check.rc == 1
+ failed_when: traffic_check.rc == 1
+
diff --git a/tutorials/vFWDT/playbooks/vpgn/latest/ansible/distributetrafficcheck/site.yml b/tutorials/vFWDT/playbooks/vpgn/latest/ansible/distributetrafficcheck/site.yml
index e69de29b..c6845dce 100644
--- a/tutorials/vFWDT/playbooks/vpgn/latest/ansible/distributetrafficcheck/site.yml
+++ b/tutorials/vFWDT/playbooks/vpgn/latest/ansible/distributetrafficcheck/site.yml
@@ -0,0 +1,151 @@
+---
+- hosts: vpgn
+ gather_facts: no
+ remote_user: ubuntu
+ tasks:
+
+ - name: Install tcpdump, grepcidr
+ apt:
+ name: "{{ packages }}"
+ vars:
+ packages:
+ - tcpdump
+ - grepcidr
+ become: true
+
+
+ - include_vars: "{{ ConfigFileName }}"
+ - debug: var="trafficpresence"
+ failed_when: "'trafficpresence' is not defined"
+
+ - name: Get all Interfaces
+ set_fact:
+ interfaces: "{{destinations[0].vservers | map(attribute='l-interfaces') | list}}"
+ - name: Interfaces vserver 1
+ set_fact:
+ vserver1_interfaces: "{{destinations[0].vservers[0]['l-interfaces'] | list}}"
+ - name: Interfaces vserver 2
+ set_fact:
+ vserver2_interfaces: "{{destinations[0].vservers[1]['l-interfaces'] | list}}"
+ - block:
+ - name: length interfaces vserver1
+ set_fact:
+ length1: "{{ vserver1_interfaces |length }}"
+ - name: length interfaces vserver2
+ set_fact:
+ length2: "{{ vserver2_interfaces |length }}"
+ - block:
+ - name: adress 1 vserver
+ set_fact:
+ sink_addresses:
+ - "{{destinations[0].vservers[0]['l-interfaces'][0]['ipv4-addresses'][0]}}"
+ - "{{destinations[0].vservers[0]['l-interfaces'][1]['ipv4-addresses'][0]}}"
+ - "{{destinations[0].vservers[0]['l-interfaces'][2]['ipv4-addresses'][0]}}"
+ - name: adress 2 vserver
+ set_fact:
+ fw_addresses:
+ - "{{destinations[0].vservers[1]['l-interfaces'][0]['ipv4-addresses'][0]}}"
+ - "{{destinations[0].vservers[1]['l-interfaces'][1]['ipv4-addresses'][0]}}"
+ - "{{destinations[0].vservers[1]['l-interfaces'][2]['ipv4-addresses'][0]}}"
+ - "{{destinations[0].vservers[1]['l-interfaces'][3]['ipv4-addresses'][0]}}"
+ when:
+ - length1 == "3"
+ - length2 == "4"
+ - block:
+ - name: adress 1 vserver
+ set_fact:
+ fw_addresses:
+ - "{{destinations[0].vservers[0]['l-interfaces'][0]['ipv4-addresses'][0]}}"
+ - "{{destinations[0].vservers[0]['l-interfaces'][1]['ipv4-addresses'][0]}}"
+ - "{{destinations[0].vservers[0]['l-interfaces'][2]['ipv4-addresses'][0]}}"
+ - "{{destinations[0].vservers[0]['l-interfaces'][3]['ipv4-addresses'][0]}}"
+ - name: adress 2 vserver
+ set_fact:
+ sink_addresses:
+ - "{{destinations[0].vservers[1]['l-interfaces'][0]['ipv4-addresses'][0]}}"
+ - "{{destinations[0].vservers[1]['l-interfaces'][1]['ipv4-addresses'][0]}}"
+ - "{{destinations[0].vservers[1]['l-interfaces'][2]['ipv4-addresses'][0]}}"
+ when:
+ - length1 == "4"
+ - length2 == "3"
+
+ - name: Concatenate sink_addresses
+ set_fact:
+ sink_addresses_conc: "{{ sink_addresses | join('\n') }}"
+
+ - name: Get sink IP fom json
+ shell: printf "{{ sink_addresses_conc }}" | grepcidr -f /opt/config/protected_net_cidr.txt
+ register: sink_ip
+
+ - debug: var=sink_ip.stdout
+
+ - name: Find interface name
+ shell:
+ cat /etc/network/interfaces | grep 255.255.255.0 -B2 | grep iface | awk '{print $2}'
+ register: interface_name
+
+ - name: Interface name
+ debug: msg='interface_name {{ interface_name.stdout }}'
+
+ - name: Traffic check if trafficpresence is TRUE
+ when: trafficpresence == true
+ block:
+ - name: Traffic check if trafficpresence is TRUE
+ raw: |
+ #!/bin/bash
+ for i in {1..15}
+ do
+ sudo timeout 2 tcpdump -i {{ interface_name.stdout }} dst {{ sink_ip.stdout }} -c 10 > /dev/null 2>&1
+ timeout_result=$?
+ if [ $timeout_result == 0 ] ; then
+ echo 'traffic present'
+ break
+ fi
+ done
+ if [ $timeout_result == 124 ] ; then
+ echo 'traffic absent'
+ elif [ $timeout_result != 0 ] ; then
+ echo 'other error'
+ fi
+ exit $timeout_result
+ register: traffic_check
+ ignore_errors: yes
+ - debug:
+ msg: 'traffic absent {{ traffic_check.stdout_lines }} '
+ when: traffic_check.rc == 124
+ failed_when: traffic_check.rc == 124
+ - debug:
+ msg: 'traffic present {{ traffic_check.stdout_lines }} '
+ when: traffic_check.rc == 0
+
+ - name: Traffic check if trafficpresence is FALSE
+ when: trafficpresence == false
+ block:
+ - name: Traffic check trafficpresence is FALSE
+ raw: |
+ #!/bin/bash
+ for i in {1..3}
+ do
+ sudo timeout 10 tcpdump -i {{ interface_name.stdout }} dst {{ sink_ip.stdout }} -c 1 > /dev/null 2>&1
+ timeout_result=$?
+ if [ $timeout_result == 124 ] ; then
+ echo 'traffic absent'
+ break
+ fi
+ done
+ if [ $timeout_result == 0 ] ; then
+ echo 'traffic present'
+ elif [ $timeout_result != 124 ] ; then
+ echo 'other error'
+ fi
+ exit $timeout_result
+ register: traffic_check
+ ignore_errors: yes
+ - debug:
+ msg: 'traffic absent {{ traffic_check.stdout_lines }} traffic_check.rc {{ traffic_check.rc }}'
+ when: traffic_check.rc == 124
+ - debug:
+ msg: 'traffic present {{ traffic_check.stdout_lines }} traffic_check.rc {{ traffic_check.rc }}'
+ when: traffic_check.rc == 0
+ failed_when: traffic_check.rc == 0
+