<===
2026-01-06 07:34:02
- name: Check firewalld for port 9100
hosts: targets
gather_facts: false
become: true
vars:
check_port: 9100
tasks:
- name: Show firewalld public zone config
ansible.builtin.command: >
firewall-cmd --zone=public --list-all
register: firewalld_public
changed_when: false
- name: Debug firewalld output
ansible.builtin.debug:
var: firewalld_public.stdout
- name: Check if port {{ check_port }} is in firewalld public zone
ansible.builtin.shell: >
firewall-cmd --zone=public --list-all | grep {{ check_port }}/tcp
register: firewalld_grep
failed_when: firewalld_grep.rc != 0
changed_when: false
=======================================
---
- name: Check port 9100 via ss and firewalld
hosts: targets
gather_facts: false
become: true
vars:
check_port: 9100
tasks:
# 1. Проверяем, что порт 9100 слушается на целевом хосте (TCP)
- name: Check if port {{ check_port }} is listening via ss
ansible.builtin.shell: >
ss -nltp | grep ":{{ check_port }} "
register: ss_result
changed_when: false
- name: Show ss result
ansible.builtin.debug:
var: ss_result.stdout
- name: Fail if port {{ check_port }} is not listening
ansible.builtin.fail:
msg: "TCP port {{ check_port }} is NOT in LISTEN state on {{ inventory_hostname }}"
when: ss_result.rc != 0
# 2. Проверяем firewalld (public zone) на наличие порта 9100/tcp
- name: Show firewalld public zone config
ansible.builtin.command: >
firewall-cmd --zone=public --list-all
register: firewalld_public
changed_when: false
- name: Debug firewalld public zone config
ansible.builtin.debug:
var: firewalld_public.stdout
- name: Check if port {{ check_port }} is in firewalld public zone
ansible.builtin.shell: >
firewall-cmd --zone=public --list-all | grep {{ check_port }}/tcp
register: firewalld_grep
failed_when: firewalld_grep.rc != 0
changed_when: false
- name: Debug message if port {{ check_port }} is allowed in firewalld
ansible.builtin.debug:
msg: "Port {{ check_port }}/tcp is allowed in firewalld public zone on {{ inventory_hostname }}"