Set install of ipa packages to false - use local forwarder

multinode-ipa job has been failing spordically on package installs during the run of the undercloud-ipa-install.yaml playbook. These package installs should not be required as dependencies for TLS are installed earlier. This patch sets the package installs to false to avoid the sporadic failures. This package also gets the local cloud DNS forwarder rather than using 1.1.1.1 for all cases. Change-Id: I729982744a029e16b210c3db9021ccbfe583cbbb Related-Bug: #1884570
2020-07-14 15:12:44 -04:00 · 2020-07-14 15:12:44 -04:00 · d4f462dc8d
commit d4f462dc8d
parent 6193d699e0
3 changed files with 36 additions and 1 deletions
--- a/roles/ipa-multinode/defaults/main.yml
+++ b/roles/ipa-multinode/defaults/main.yml
@ -28,3 +28,4 @@ ipa_packages:
  - ipa-server-dns
  - curl
  - iptables
+forwarder_address: 1.1.1.1
--- a/roles/ipa-multinode/tasks/ipaserver-subnode-install.yml
+++ b/roles/ipa-multinode/tasks/ipaserver-subnode-install.yml
@ -45,6 +45,34 @@
      sed -i "1i{{ subnode_1_ip }} {{ ipa_nameserver }}" /etc/hosts
  become: true

+- name: check if unbound was in use
+  stat:
+    path: /etc/unbound/forwarding.conf
+  register: unbound_forwarding
+
+- when: unbound_forwarding.stat.exists == true
+  block:
+    - name: get forwarding addresses if unbound is used
+      become: true
+      shell:
+        "cat /etc/unbound/forwarding.conf | grep -o 'forward-addr: .*' | cut -f2- -d' '"
+      register: forwarder_addresses_output
+
+    - name: print out forwarder addresses
+      debug:
+        msg: "{{ forwarder_addresses_output.stdout_lines[0] }}"
+
+    # some forwarders have format xxxx:xxxx:xxxx::xxxx
+    # In those cases, use the default 1.1.1.1
+    - name: set forwarder_address
+      set_fact:
+        forwarder_address: >-
+          {% if not '::' in forwarder_addresses_output.stdout_lines[0] -%}
+          "{{ forwarder_addresses_output.stdout_lines[0] }}"
+          {%- else -%}
+          "{{ forwarder_address }}"
+          {%- endif -%}
+
 - name: configure FreeIPA
  shell: >
    ipa-server-install --realm {{ ipa_realm }}
@ -52,7 +80,7 @@
    --admin-password {{ freeipa_admin_password }}
    --hostname {{ ipa_nameserver }}
    --setup-dns
-    --forwarder {{ job.public_name_server|default('1.1.1.1') }}
+    --forwarder {{ job.public_name_server|default(forwarder_address) }}
    --unattended
    --ip-address {{ subnode_1_ip }}
  become: true
--- a/roles/ipa-multinode/tasks/ipaserver-undercloud-setup.yml
+++ b/roles/ipa-multinode/tasks/ipaserver-undercloud-setup.yml
@ -68,6 +68,11 @@
    - ansible_os_family == 'RedHat'
    - ansible_lsb.major_release is version(8, '>=')

+- name: cat out resolv.conf to see original DNS config
+  become: true
+  debug:
+    msg: "Content of resolv.conf before modifications: {{ lookup('file', '/etc/resolv.conf') }}"
+
 - name: remove any existing entries from the resolv.conf file
  become: true
  lineinfile:
@ -100,6 +105,7 @@
    ansible-playbook -vvv
    --ssh-extra-args "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
    -e ipaclient_hostname="{{ undercloud_hostname }}"
+    -e tripleo_ipa_client_install_packages=false
    /usr/share/ansible/tripleo-playbooks/undercloud-ipa-install.yaml
    | tee undercloud-ipa-install.log
  environment: