ipaserver: Fix DNS installation forward policy and DNSSEC validation

forward_policy needs to be None for the DNS check for proper initialization if the user is not providing another forward_policy value. forward_policy will be set in the DNS check. no_dnssec_validation is enabled in the DNS check if the forwarders do not provide DNSSEC validation. Therefore this needs to be handed over to the dns installation later on. New return values for forward_policy and no_dnssec_validation have been added to the ipaserver_test module.
2026-05-06 13:23:14 +00:00 · 2018-01-30 10:25:56 +01:00
parent 80d503a21c
commit ecdbcea1e8
2 changed files with 7 additions and 5 deletions
--- a/roles/ipaserver/library/ipaserver_test.py
+++ b/roles/ipaserver/library/ipaserver_test.py
@@ -108,7 +108,7 @@ def main():
            forwarders=dict(required=False, type='list', default=[]),
            no_forwarders=dict(required=False, type='bool', default=False),
            auto_forwarders=dict(required=False, type='bool', default=False),
-            forward_policy=dict(default='first', choices=['first', 'only']),
+            forward_policy=dict(default=None, choices=['first', 'only']),
            no_dnssec_validation=dict(required=False, type='bool',
                                      default=False),
            ### ad trust ###
@@ -766,7 +766,9 @@ def main():
                             _ca_subject=options._ca_subject,
                             ### dns ###
                             reverse_zones=options.reverse_zones,
+                             forward_policy=options.forward_policy,
                             forwarders=options.forwarders,
+                             no_dnssec_validation=options.no_dnssec_validation,
                             ### additional ###
                             _installation_cleanup=_installation_cleanup,
                             domainlevel=options.domainlevel,
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -131,7 +131,7 @@
      no_reverse: "{{ ipaserver_no_reverse }}"
      auto_reverse: "{{ ipaserver_auto_reverse }}"
      auto_forwarders: "{{ ipaserver_auto_forwarders }}"
-      no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
+      no_dnssec_validation: "{{ result_ipaserver_test.no_dnssec_validation }}"
      ### additional ###
      setup_ca: "{{ result_ipaserver_test.setup_ca }}"
      _hostname_overridden: "{{ result_ipaserver_test._hostname_overridden }}"
@@ -282,10 +282,10 @@
      hostname: "{{ result_ipaserver_test.hostname }}"
      setup_ca: "{{ result_ipaserver_test.setup_ca }}"
      setup_dns: "{{ ipaserver_setup_dns }}"
-      forwarders: "{{ result_ipaserver_test.forwarders | default(omit) }}"
-      forward_policy: "{{ ipaserver_forward_policy | default(omit) }}"
+      forwarders: "{{ result_ipaserver_test.forwarders }}"
+      forward_policy: "{{ result_ipaserver_test.forward_policy }}"
      zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
-      no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
+      no_dnssec_validation: "{{ result_ipaserver_test.no_dnssec_validation }}"
      ### additional ###
      dns_ip_addresses: "{{ result_ipaserver_test.dns_ip_addresses }}"
      dns_reverse_zones: "{{ result_ipaserver_test.dns_reverse_zones }}"