internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-06 13:23:14 +00:00
Code Issues Projects Releases Wiki Activity

ipareplica: Fix DNS setup issues

Browse Source 
The configuration of DNS failed because of missing DNS settings in the
ipareplica_prepare and ipareplica_setup_dns.

Some fixed settings for use with DNSInstallInterface have been added
to ansible_ipa_replica:

options.dnssec_master = False
options.disable_dnssec_master = False
options.kasp_db_file = None
options.force = False

Fixes: #58 (install-replica fails: reverse_zones seems to be empty)
Fixes: #63 (ipareplica_setup_dns fails)
This commit is contained in:
Thomas Woerner
2019-04-03 18:03:16 +02:00
parent f33d234d5a
commit 44ce7263de
4 changed files with 45 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
roles/ipareplica/library/ipareplica_prepare.py
View File

@@ -172,8 +172,17 @@ def main():
no_dns_sshfp=dict(required=False, type='bool'),
### certificate system ###
#subject_base=dict(required=False),
no_dnssec_validation=dict(required=False, type='bool'),
### dns ###
allow_zone_overlap=dict(required=False, type='bool', default=False),
reverse_zones=dict(required=False,type='list',default=[]),
no_reverse=dict(required=False, type='bool', default=False),
auto_reverse=dict(required=False, type='bool', default=False),
forwarders=dict(required=False, type='list', default=[]),
no_forwarders=dict(required=False, type='bool', default=False),
auto_forwarders=dict(required=False, type='bool', default=False),
forward_policy=dict(default=None, choices=['first', 'only']),
no_dnssec_validation=dict(required=False, type='bool',
default=False),
### ad trust ###
### additional ###
server=dict(required=True),
@@ -224,6 +233,7 @@ def main():
#options.ca_subject = ansible_module.params.get('ca_subject')
options.no_dnssec_validation = ansible_module.params.get('no_dnssec_validation')
### dns ###
options.allow_zone_overlap = ansible_module.params.get('allow_zone_overlap')
options.reverse_zones = ansible_module.params.get('reverse_zones')
options.no_reverse = ansible_module.params.get('no_reverse')
options.auto_reverse = ansible_module.params.get('auto_reverse')
@@ -231,6 +241,8 @@ def main():
options.no_forwarders = ansible_module.params.get('no_forwarders')
options.auto_forwarders = ansible_module.params.get('auto_forwarders')
options.forward_policy = ansible_module.params.get('forward_policy')
options.no_dnssec_validation = ansible_module.params.get(
'no_dnssec_validationdnssec_validation')
### additional ###
#options._host_name_overridden = ansible_module.params.get(
@@ -666,6 +678,7 @@ def main():
ccache=ccache,
installer_ccache=installer._ccache,
subject_base=str(config.subject_base),
forward_policy=options.forward_policy,
_ca_enabled=ca_enabled,
_ca_subject=str(options._ca_subject),
_subject_base=str(options._subject_base) if options._subject_base is not None else None,

12
roles/ipareplica/library/ipareplica_setup_dns.py
View File

@@ -79,6 +79,12 @@ def main():
setup_dns=dict(required=False, type='bool'),
### certificate system ###
subject_base=dict(required=True),
### dns ###
zonemgr=dict(required=False),
forwarders=dict(required=False, type='list', default=[]),
forward_policy=dict(default=None, choices=['first', 'only']),
no_dnssec_validation=dict(required=False, type='bool',
default=False),
### additional ###
ccache=dict(required=True),
_top_dir = dict(required=True),
@@ -101,6 +107,12 @@ def main():
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
### dns ###
options.zonemgr = ansible_module.params.get('zonemgr')
options.forwarders = ansible_module.params.get('forwarders')
options.forward_policy = ansible_module.params.get('forward_policy')
options.no_dnssec_validation = ansible_module.params.get(
'no_dnssec_validationdnssec_validation')
### additional ###
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache

6
roles/ipareplica/module_utils/ansible_ipa_replica.py
View File

@@ -211,6 +211,12 @@ class installer_obj(object):
installer = installer_obj()
options = installer
# DNSInstallInterface
options.dnssec_master = False
options.disable_dnssec_master = False
options.kasp_db_file = None
options.force = False
def api_Backend_ldap2(host_name, setup_ca, connect=False):
# we are sure we have the configuration file ready.

14
roles/ipareplica/tasks/install.yml
View File

@@ -148,8 +148,15 @@
no_sshd: no
no_dns_sshfp: no
### dns ###
no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
allow_zone_overlap: "{{ ipareplica_allow_zone_overlap }}"
reverse_zones: "{{ ipareplica_reverse_zones | default([]) }}"
no_reverse: "{{ ipareplica_no_reverse }}"
auto_reverse: "{{ ipareplica_auto_reverse }}"
forwarders: "{{ ipareplica_forwarders | default([]) }}"
no_forwarders: "{{ ipareplica_no_forwarders }}"
auto_forwarders: "{{ ipareplica_auto_forwarders }}"
forward_policy: "{{ ipareplica_forward_policy | default(omit) }}"
no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
### ad trust ###
netbios_name: "{{ ipareplica_netbios_name | default(omit) }}"
rid_base: "{{ ipareplica_rid_base | default(omit) }}"
@@ -573,6 +580,11 @@
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
### certificate system ###
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
### dns ###
zonemgr: "{{ ipareplica_zonemgr | default(omit) }}"
forwarders: "{{ ipareplica_forwarders | default([]) }}"
forward_policy: "{{ result_ipareplica_prepare.forward_policy }}"
no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
### additional ###
ccache: "{{ result_ipareplica_prepare.ccache }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"