Merge pull request #1340 from t-woerner/dns_over_tls_hotfix

ipa* deployment roles: Hotfix for dns_over_tls (Freeipa#7343)

plugins/module_utils/ansible_freeipa_module.py

@@ -33,7 +33,7 @@ __all__ = ["DEBUG_COMMAND_ALL", "DEBUG_COMMAND_LIST",
            "paths", "tasks", "get_credentials_if_valid", "Encoding",
            "DNSName", "getargspec", "certificate_loader",
            "write_certificate_list", "boolean", "template_str",
-           "urlparse", "normalize_sshpubkey", "Email"]
+           "urlparse", "normalize_sshpubkey"]
 
 DEBUG_COMMAND_ALL = 0b1111
 # Print the while command list:
@@ -116,7 +116,6 @@ try:
     from ipalib.krb_utils import get_credentials_if_valid
     from ipapython.dnsutil import DNSName
     from ipapython import kerberos
-    from ipapython.ipavalidate import Email
 
     try:
         from ipalib.x509 import Encoding

plugins/modules/ipaconfig.py

@@ -344,7 +344,7 @@ config:
 
 
 from ansible.module_utils.ansible_freeipa_module import \
-    IPAAnsibleModule, compare_args_ipa, ipalib_errors, Email
+    IPAAnsibleModule, compare_args_ipa, ipalib_errors
 
 
 def config_show(module):
@@ -515,13 +515,6 @@ def main():
                 msg="Argument '%s' must be between %d and %d."
                     % (arg, minimum, maximum))
 
-    # verify email domain
-    emaildomain = params.get("ipadefaultemaildomain", None)
-    if emaildomain:
-        if not Email("test@{0}".format(emaildomain)):
-            ansible_module.fail_json(
-                msg="Invalid 'emaildomain' value: %s" % emaildomain)
-
     changed = False
     exit_args = {}
 

roles/ipaclient/library/ipaclient_setup_nss.py

@@ -279,6 +279,7 @@ def main():
     options.no_sssd = False
     options.sssd = not options.no_sssd
     options.no_ac = False
+    options.dns_over_tls = False
     nosssd_files = module.params.get('nosssd_files')
     selinux_works = module.params.get('selinux_works')
     krb_name = module.params.get('krb_name')
@@ -376,7 +377,12 @@ def main():
             ssh_config_dir = paths.SSH_CONFIG_DIR
         else:
             ssh_config_dir = services.knownservices.sshd.get_config_dir()
-        update_ssh_keys(hostname, ssh_config_dir, options.create_sshfp)
+        argspec_update_ssh_keys = getargspec(update_ssh_keys)
+        # Hotfix for https://github.com/freeipa/freeipa/pull/7343
+        if "options" in argspec_update_ssh_keys.args:
+            update_ssh_keys(hostname, ssh_config_dir, options, cli_server[0])
+        else:
+            update_ssh_keys(hostname, ssh_config_dir, options.create_sshfp)
 
         try:
             os.remove(CCACHE_FILE)

roles/ipareplica/module_utils/ansible_ipa_replica.py

@@ -331,6 +331,13 @@ options.add_agents = False
 # ServerReplicaInstall
 options.subject_base = None
 options.ca_subject = None
+
+# Hotfix for https://github.com/freeipa/freeipa/pull/7343
+options.dns_over_tls = False
+options.dns_over_tls_key = None
+options.dns_over_tls_cert = None
+options.dot_forwarders = None
+options.dns_policy = None
 # pylint: enable=attribute-defined-outside-init
 
 

roles/ipaserver/module_utils/ansible_ipa_server.py

@@ -354,6 +354,13 @@ options.add_agents = False
 # no_msdcs is deprecated
 options.no_msdcs = False
 
+# Hotfix for https://github.com/freeipa/freeipa/pull/7343
+options.dns_over_tls = False
+options.dns_over_tls_key = None
+options.dns_over_tls_cert = None
+options.dot_forwarders = None
+options.dns_policy = None
+
 # For pylint
 options.external_cert_files = None
 options.dirsrv_cert_files = None

tests/config/test_config.yml

@@ -34,16 +34,6 @@
           ipaapi_context: "{{ ipa_context | default(omit) }}"
           emaildomain: ipa.test
 
-      - name: Ensure the default e-mail domain cannot be set to an invalid email domain.
-        ipaconfig:
-          ipaadmin_password: SomeADMINpassword
-          ipaapi_context: "{{ ipa_context | default(omit) }}"
-          emaildomain: invalid@emaildomain
-        register: invalid_emaildomain
-        failed_when:
-          invalid_emaildomain.changed
-          or not (invalid_emaildomain.failed and "Invalid 'emaildomain' value:" in invalid_emaildomain.msg)
-
       - name: Set default shell to '/bin/sh'
         ipaconfig:
           ipaadmin_password: SomeADMINpassword