mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
Merge pull request #449 from rjeffman/ipadnszone_fix_serial_change
ipadnszone: Fix modification o SOA serial with other attributes.
This commit is contained in:
Varun Mylaraiah
GitHub
@@ -214,6 +214,7 @@ from ansible.module_utils.ansible_freeipa_module import (
|
|||||||
is_ipv6_addr,
|
is_ipv6_addr,
|
||||||
is_valid_port,
|
is_valid_port,
|
||||||
) # noqa: E402
|
) # noqa: E402
|
||||||
|
import ipalib.errors
|
||||||
import netaddr
|
import netaddr
|
||||||
import six
|
import six
|
||||||
|
|
||||||
@@ -404,13 +405,14 @@ class DNSZoneModule(FreeIPABaseModule):
|
|||||||
|
|
||||||
def get_zone(self, zone_name):
|
def get_zone(self, zone_name):
|
||||||
get_zone_args = {"idnsname": zone_name, "all": True}
|
get_zone_args = {"idnsname": zone_name, "all": True}
|
||||||
response = self.api_command("dnszone_find", args=get_zone_args)
|
|
||||||
|
|
||||||
zone = None
|
try:
|
||||||
is_zone_active = False
|
response = self.api_command("dnszone_show", args=get_zone_args)
|
||||||
|
except ipalib.errors.NotFound:
|
||||||
if response["count"] == 1:
|
zone = None
|
||||||
zone = response["result"][0]
|
is_zone_active = False
|
||||||
|
else:
|
||||||
|
zone = response["result"]
|
||||||
is_zone_active = zone.get("idnszoneactive") == ["TRUE"]
|
is_zone_active = zone.get("idnszoneactive") == ["TRUE"]
|
||||||
|
|
||||||
return zone, is_zone_active
|
return zone, is_zone_active
|
||||||
@@ -448,7 +450,10 @@ class DNSZoneModule(FreeIPABaseModule):
|
|||||||
# Look for existing zone in IPA
|
# Look for existing zone in IPA
|
||||||
zone, is_zone_active = self.get_zone(zone_name)
|
zone, is_zone_active = self.get_zone(zone_name)
|
||||||
args = self.get_ipa_command_args(zone=zone)
|
args = self.get_ipa_command_args(zone=zone)
|
||||||
just_added = False
|
set_serial = self.ipa_params.serial is not None
|
||||||
|
|
||||||
|
if set_serial:
|
||||||
|
del args["idnssoaserial"]
|
||||||
|
|
||||||
if self.ipa_params.state in ["present", "enabled", "disabled"]:
|
if self.ipa_params.state in ["present", "enabled", "disabled"]:
|
||||||
if not zone:
|
if not zone:
|
||||||
@@ -456,7 +461,7 @@ class DNSZoneModule(FreeIPABaseModule):
|
|||||||
# with given args
|
# with given args
|
||||||
self.add_ipa_command("dnszone_add", zone_name, args)
|
self.add_ipa_command("dnszone_add", zone_name, args)
|
||||||
is_zone_active = True
|
is_zone_active = True
|
||||||
just_added = True
|
# just_added = True
|
||||||
|
|
||||||
else:
|
else:
|
||||||
# Zone already exist so we need to verify if given args
|
# Zone already exist so we need to verify if given args
|
||||||
@@ -464,22 +469,24 @@ class DNSZoneModule(FreeIPABaseModule):
|
|||||||
if self.require_ipa_attrs_change(args, zone):
|
if self.require_ipa_attrs_change(args, zone):
|
||||||
self.add_ipa_command("dnszone_mod", zone_name, args)
|
self.add_ipa_command("dnszone_mod", zone_name, args)
|
||||||
|
|
||||||
if self.ipa_params.state == "enabled" and not is_zone_active:
|
if self.ipa_params.state == "enabled" and not is_zone_active:
|
||||||
self.add_ipa_command("dnszone_enable", zone_name)
|
self.add_ipa_command("dnszone_enable", zone_name)
|
||||||
|
|
||||||
if self.ipa_params.state == "disabled" and is_zone_active:
|
if self.ipa_params.state == "disabled" and is_zone_active:
|
||||||
self.add_ipa_command("dnszone_disable", zone_name)
|
self.add_ipa_command("dnszone_disable", zone_name)
|
||||||
|
|
||||||
if self.ipa_params.state == "absent":
|
if self.ipa_params.state == "absent" and zone is not None:
|
||||||
if zone:
|
self.add_ipa_command("dnszone_del", zone_name)
|
||||||
self.add_ipa_command("dnszone_del", zone_name)
|
|
||||||
|
|
||||||
# Due to a bug in FreeIPA dnszone-add won't set
|
# Due to a bug in FreeIPA dnszone-add won't set
|
||||||
# SOA Serial. The good news is that dnszone-mod does the job.
|
# SOA Serial in the creation of a zone, or if
|
||||||
# See: https://pagure.io/freeipa/issue/8227
|
# another field is modified along with it.
|
||||||
# Because of that, if the zone was just added with a given serial
|
# As a workaround, we set only the SOA serial,
|
||||||
# we run mod just after to workaround the bug
|
# with dnszone-mod, after other changes.
|
||||||
if just_added and self.ipa_params.serial is not None:
|
# See:
|
||||||
|
# - https://pagure.io/freeipa/issue/8227
|
||||||
|
# - https://pagure.io/freeipa/issue/8489
|
||||||
|
if set_serial:
|
||||||
args = {
|
args = {
|
||||||
"idnssoaserial": self.ipa_params.serial,
|
"idnssoaserial": self.ipa_params.serial,
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -11,6 +11,80 @@
|
|||||||
include_tasks: env_setup.yml
|
include_tasks: env_setup.yml
|
||||||
|
|
||||||
# Tests
|
# Tests
|
||||||
|
- name: Verify if zone can be created with a specific SOA serial.
|
||||||
|
block:
|
||||||
|
- name: Create zone with serial, refresh, retry and expire.
|
||||||
|
ipadnszone:
|
||||||
|
ipaadmin_password: SomeADMINpassword
|
||||||
|
name: testzone.local
|
||||||
|
serial: 4567
|
||||||
|
refresh: 70
|
||||||
|
retry: 89
|
||||||
|
expire: 200
|
||||||
|
|
||||||
|
- name: Verify zone was created with correct values.
|
||||||
|
shell: |
|
||||||
|
echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
|
||||||
|
KRB5CCNAME={{ KRB5CCNAME }} ipa dnszone-show testzone.local
|
||||||
|
kdestroy -A -q -c {{ KRB5CCNAME }}
|
||||||
|
register: result
|
||||||
|
failed_when: |
|
||||||
|
result.failed or not (
|
||||||
|
"serial: 4567" in result.stdout
|
||||||
|
and "refresh: 70" in result.stdout
|
||||||
|
and "retry: 89" in result.stdout
|
||||||
|
and "expire: 200" in result.stdout
|
||||||
|
)
|
||||||
|
|
||||||
|
- name: Remove test zone.
|
||||||
|
ipadnszone:
|
||||||
|
ipaadmin_password: SomeADMINpassword
|
||||||
|
name: testzone.local
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
vars:
|
||||||
|
KRB5CCNAME: verify_bz_1876896
|
||||||
|
|
||||||
|
- name: Verify if a zone can have the the SOA serial modified to a specific value.
|
||||||
|
block:
|
||||||
|
- name: Create zone.
|
||||||
|
ipadnszone:
|
||||||
|
ipaadmin_password: SomeADMINpassword
|
||||||
|
name: testzone.local
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Modify zone with serial, refresh, retry and expire.
|
||||||
|
ipadnszone:
|
||||||
|
ipaadmin_password: SomeADMINpassword
|
||||||
|
name: testzone.local
|
||||||
|
serial: 4567
|
||||||
|
refresh: 70
|
||||||
|
retry: 89
|
||||||
|
expire: 200
|
||||||
|
|
||||||
|
- name: Verify zone was modified to the correct values
|
||||||
|
shell: |
|
||||||
|
echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
|
||||||
|
KRB5CCNAME={{ KRB5CCNAME }} ipa dnszone-show testzone.local
|
||||||
|
kdestroy -A -q -c {{ KRB5CCNAME }}
|
||||||
|
register: result
|
||||||
|
failed_when: |
|
||||||
|
result.failed or not (
|
||||||
|
"serial: 4567" in result.stdout
|
||||||
|
and "refresh: 70" in result.stdout
|
||||||
|
and "retry: 89" in result.stdout
|
||||||
|
and "expire: 200" in result.stdout
|
||||||
|
)
|
||||||
|
|
||||||
|
- name: Remove test zone.
|
||||||
|
ipadnszone:
|
||||||
|
ipaadmin_password: SomeADMINpassword
|
||||||
|
name: testzone.local
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
vars:
|
||||||
|
KRB5CCNAME: verify_bz_1876896
|
||||||
|
|
||||||
- name: Ensure zone is present.
|
- name: Ensure zone is present.
|
||||||
ipadnszone:
|
ipadnszone:
|
||||||
ipaadmin_password: SomeADMINpassword
|
ipaadmin_password: SomeADMINpassword
|
||||||
|
|||||||
Reference in New Issue
Block a user