---
- name: Unidirectional Access Diagnosis
  hosts: pve_cluster
  gather_facts: yes
  tasks:
    - name: Check PVE proxy binding configuration
      command: ss -tlnp | grep :8006
      register: pve_proxy_binding

    - name: Display PVE proxy binding
      debug:
        msg: "{{ pve_proxy_binding.stdout_lines }}"

    - name: Check PVE firewall status
      command: pve-firewall status
      register: firewall_status

    - name: Display firewall status
      debug:
        msg: "{{ firewall_status.stdout_lines }}"

    - name: Check PVE firewall rules
      command: pve-firewall show
      register: firewall_rules
      ignore_errors: yes

    - name: Display firewall rules
      debug:
        msg: "{{ firewall_rules.stdout_lines }}"
      when: firewall_rules.rc == 0

    - name: Check iptables rules
      command: iptables -L -n
      register: iptables_rules
      ignore_errors: yes

    - name: Display iptables rules
      debug:
        msg: "{{ iptables_rules.stdout_lines }}"
      when: iptables_rules.rc == 0

    - name: Check PVE proxy configuration
      stat:
        path: /etc/pveproxy.conf
      register: proxy_config_stat

    - name: Display proxy config status
      debug:
        msg: "Proxy config exists: {{ proxy_config_stat.stat.exists }}"

    - name: Check PVE proxy logs
      command: journalctl -u pveproxy -n 20 --no-pager
      register: proxy_logs
      ignore_errors: yes

    - name: Display proxy logs
      debug:
        msg: "{{ proxy_logs.stdout_lines }}"
      when: proxy_logs.rc == 0

    - name: Test local access to PVE web
      uri:
        url: "https://localhost:8006"
        method: GET
        validate_certs: no
        timeout: 10
      register: local_access
      ignore_errors: yes

    - name: Display local access result
      debug:
        msg: "Local access: {{ 'SUCCESS' if local_access.status == 200 else 'FAILED' }}"

    - name: Test access from other nodes to PVE
      uri:
        url: "https://pve:8006"
        method: GET
        validate_certs: no
        timeout: 10
      register: remote_access
      ignore_errors: yes
      when: inventory_hostname != 'pve'

    - name: Display remote access result
      debug:
        msg: "{{ inventory_hostname }} -> pve: {{ 'SUCCESS' if remote_access.status == 200 else 'FAILED' }}"
      when: inventory_hostname != 'pve' and remote_access is defined

    - name: Check PVE cluster communication
      command: pvecm status
      register: cluster_status
      ignore_errors: yes

    - name: Display cluster status
      debug:
        msg: "{{ cluster_status.stdout_lines }}"
      when: cluster_status.rc == 0

    - name: Check network interfaces
      command: ip addr show
      register: network_interfaces

    - name: Display network interfaces
      debug:
        msg: "{{ network_interfaces.stdout_lines }}"

    - name: Check routing table
      command: ip route show
      register: routing_table

    - name: Display routing table
      debug:
        msg: "{{ routing_table.stdout_lines }}"

    - name: Test connectivity from PVE to other nodes
      command: ping -c 3 {{ item }}
      loop: "{{ groups['pve_cluster'] }}"
      when: item != inventory_hostname
      register: ping_tests
      ignore_errors: yes

    - name: Display ping test results
      debug:
        msg: "{{ inventory_hostname }} -> {{ item.item }}: {{ 'SUCCESS' if item.rc == 0 else 'FAILED' }}"
      loop: "{{ ping_tests.results }}"
      when: ping_tests is defined

    - name: Check PVE proxy process details
      command: ps aux | grep pveproxy
      register: proxy_processes

    - name: Display proxy processes
      debug:
        msg: "{{ proxy_processes.stdout_lines }}"

    - name: Check PVE proxy configuration files
      find:
        paths: /etc/pve
        patterns: "*.conf"
        file_type: file
      register: pve_config_files

    - name: Display PVE config files
      debug:
        msg: "{{ pve_config_files.files | map(attribute='path') | list }}"