sorry one correction in the above The rule that worked is *source ip= public ip address *of the service node (looking at the tcpdump you can understand why; pubic ip is the 18 address)
The EC2 node has one virtual interface and that is the private ip address so the source = private ip address is not needed. Only the source ip=public ip address is needed. Edit is below in red: "Yet with the ansible traffic (being generated from my Cloud9 IDE where Jenkins is installed) in the tcpdump I see the traffic from ansible.builtin.uri *coming in to the private ip address and I assume the ubuntu internally loopbacks that to the public ip address (?)*. I don't really know, but I do know that this access list resolved the issue of ansible.builtin.uri being sent to the public ip address of the service nodes: Source =* public ip address *of the service node Allow On Tue, Aug 22, 2023 at 1:55 PM Dick Visser <[email protected]> wrote: > I see a mix of terraform, "ip addresses", browsers, EC2 nodes, "apps", > Granfana, Granana, prometheus, Cloud9, "pretty much open" access rules, and > a little Jenkins sprinkled on top as well. > From your story, I get that you are to be able to access publicly > accessible URLs from the internet. > And the ansible playbook fails. The uri tasks appear to be running on the > host that runs the service. > So you cannot access the URLs from the server itself, a timeout means that > there is something blocking the HTTP request and/or response. > That can be caused by any of the mentioned infrastructure bits... > Essentially, the uri module just reports that it can't reach a URL from > the host that you're targeting, which isn't an ansible problem, but rather > a network/filtering/etc problem. > > > On Tue, 22 Aug 2023 at 21:31, dmastrop <[email protected]> wrote: > >> hi all >> >> I am running a very very simple test with the ansible.builtin.uri and it >> is failing. >> >> This is in a development setup and the terraform infra and the apps are >> all made to be up and running before this simple test. >> >> *I verify that the apps are running on EC2 with a browser hit to each of >> the ip addresses (I know is its redirecting because url changes in browser)* >> There are 2 EC2 nodes up each running an ansible installed Granfana and >> prometheus app on a terraform infra. >> >> *I also verified from my IDE (Cloud9 instance) that a wget on each of the >> Urls is returning the 302.* >> >> The access rules on the EC2 nodes are pretty much open >> >> >> When I run the ansible playbook I am seeing these errors (I replaced >> public IPs with XXXX and YYYY) >> I am running the ansible playbook from the same Cloud9 IDE where I tested >> the wget that works with a returned 302. >> >> The url looks to be correctly formed. The correct ip addresses are >> pulled from inventory >> >> My simple playbook that I wanted to append to the main playbook is below. >> I am not getting any syntax errors. >> >> warm regards >> Dave >> ========== >> >> >> dave:~/environment/mtc-terraform-ansible-jenkins (Jenkins_development) $ >> ansible-playbook -i aws_hosts --key-file /home/ubuntu/.ssh/mtckey >> playbooks/node-test.yml --limit >> @/home/ubuntu/environment/mtc-terraform-ansible-jenkins/.ansible-retry/node-test.retry >> >> PLAY [Test for Granana and Prometheus access] >> *************************************************************************************************** >> >> TASK [Grafana] >> ********************************************************************************************************************************** >> fatal: [XXXX]: FAILED! => {"ansible_facts": >> {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, >> "content": "", "elapsed": 30, "msg": *"Status code was -1 and not [302]*: >> Request failed: <urlopen error timed out>", "redirected": false, "status": >> -1, "url": "http://XXXX:3000"} >> fatal: [YYYY]: FAILED! => {"ansible_facts": >> {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, >> "content": "", "elapsed": 30, "msg": "Status code was -1 and not [302]: >> Request failed: <urlopen error timed out>", "redirected": false, "status": >> -1, "url": "http://YYYY:3000"} >> to retry, use: --limit >> @/home/ubuntu/environment/mtc-terraform-ansible-jenkins/.ansible-retry/node-test.retry >> >> PLAY RECAP >> ************************************************************************************************************************************** >> XXXX : ok=0 changed=0 unreachable=0 failed=1 >> skipped=0 rescued=0 ignored=0 >> YYYY : ok=0 changed=0 unreachable=0 failed=1 >> skipped=0 rescued=0 ignored=0 >> >> >> ======= >> >> *playbook for this test:* >> >> --- >> - name: Test for Granana and Prometheus access >> hosts: main >> gather_facts: no >> tasks: >> # >> https://docs.ansible.com/ansible/latest/collections/ansible/builtin/uri_module.html >> - name: Grafana >> ansible.builtin.uri: >> url: http://{{ inventory_hostname }}:3000 >> follow_redirects: none >> status_code: [302] >> >> - name: Prometheus >> ansible.builtin.uri: >> url: http://{{ inventory_hostname }}:9090 >> follow_redirects: none >> status_code: [302] >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/afa91f36-4e80-43b6-9610-136eb002a25en%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/afa91f36-4e80-43b6-9610-136eb002a25en%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAF8BbLZs7T5KgmsPM2Ex7TH4pQAUPocWpXLhFceimnPwsB4-Sg%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAF8BbLZs7T5KgmsPM2Ex7TH4pQAUPocWpXLhFceimnPwsB4-Sg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAM6yaGXBz78bZ1j6W6o_tkVn1wBFR7q%2BM5z-%3DyB%3DedF10%3DeniA%40mail.gmail.com.
