Perhaps you are looking at this problem with a wrong approach. You would use configuration management systems(like Ansible) to make changes to your system, but you would use something like Serverspec to ensure that correct processes are listening on correct ports. Furthermore, your playbooks should be constructed in such a way that you are never in an ambiguous situation where different services could be listening on the same ports.

There are a couple of ways of interpreting your question, so I'm going to try to answer them both:

Verifying a network service

If your goal is to verify that a particular port is serving a particular application protocol, I would check this by running an appropriate client.

• For checking Apache and Tomcat, I would GET a specific url and check the result code. For example:

  - name: check if apache is running
    command: curl -sf http://webserver/check_url
  

  And similarly for Tomcat.

• For checking MySQL, I would use the MySQL client:

  - name: check if mysql is running
    command: mysql -h dbhost -P dbport -e 'select 1'
  

Verifying what process owns a socket

If you actually wanted to see what process was holding a particular port open, I guess you could combine ss and grep, but that seems weird and unnecessary. Something like:

    - name: check if httpd has port 80 open
      shell: ss -tp state listening sport = :80 | grep httpd

If you want to check a particular process id, you could so something similar with lsof:

    - name: check that pid {{apache_pid}} is listening on port 80
      shell: lsof -p 1036 -P | grep 'TCP \*:80'

But again, I don't necessarily find these options particularly useful. The service checks in the earlier section seem to be more appropriate.

There's no built-in module in ansible that will verify a combination of a port and a service. What you will likely need to do is figure out an appropriate call to a command like netstat and invoke that via the command or shell modules. For example on a linux box the following command will show you what process is listening on port 80:

$ netstat -tunlp | grep ":80 " | sed -e 's/.*\///'
httpd

So from Ansible you'd probably want to do something like this:

- name: Get service on port 80
  shell: netstat -tunlp | grep ":80 " | sed -e 's/.*\///'
  register: results

- name: See what netstat returned
  debug: var=results

If you want to be a bit fancier you could write a shell script that encapsulates the netstat call and does some more detailed parsing/validation of the output before returning the results to ansible. But then you'd need to install that script prior to invoking it.

AFAIK there is no built-in module that does this. Probably it is trivial to do it using the shell module or writing a small shell command that performs all checks.

You can use the fuser command to check what process is listening at a given TCP port:

$ sudo fuser -n tcp 80
80/tcp:              20031 20080 20081

You can use ps to see the name of the process:

$ ps hp 20031,20080,20081 -o comm
apache2
apache2
apache2

Combining everything:

$ ps hp `fuser -n tcp 80 2> /dev/null | cut -d ' ' -f 2` -o comm
apache2

$ ps hp `fuser -n tcp 80 2> /dev/null | cut -d ' ' -f 2` -o comm | grep apache2 -q
$ echo $?  # should be 0 if apache2 is listening on port 80
0