Browse Source

Skip entries not in cloud_domain

Adding a host without a domain or with a different domain
caused failures with tls everywhere enabled. This patch
checks if the domain ends with cloud_domain to determine if
it should be managed by tripleo-ipa.

Change-Id: I15d72e95705cc77e40b4b74fb9320478c3fa5188
Closes-Bug: #1889105
Resolves: rhbz#1869174
changes/98/761398/15
Grzegorz Grasza 6 months ago
parent
commit
03f636c129
4 changed files with 88 additions and 46 deletions
  1. +2
    -0
      tripleo_ipa/molecule/default/converge.yml
  2. +0
    -1
      tripleo_ipa/molecule/default/molecule.yml
  3. +23
    -0
      tripleo_ipa/molecule/default/tests/test_default.py
  4. +63
    -45
      tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml

+ 2
- 0
tripleo_ipa/molecule/default/converge.yml View File

@ -152,6 +152,8 @@
- 2001:0db8:85a3:0000:0000:8a2e:0370:7333 foo.ooo.test
- 2001:0db8:85a3:0000:0000:8a2e:0370:7333 bar.ooo.test
- 192.168.24.111 bar.ooo.test
- 192.168.24.10 baz
- 192.168.24.11 baz.different.domain
- 192.168.24.1 undercloud.ctlplane.ooo.test undercloud.ctlplane
- 192.168.24.115 overcloud.ctlplane.ooo.test
- 10.0.0.135 overcloud.ooo.test


+ 0
- 1
tripleo_ipa/molecule/default/molecule.yml View File

@ -1,7 +1,6 @@
---
driver:
name: docker
log: true
platforms:


+ 23
- 0
tripleo_ipa/molecule/default/tests/test_default.py View File

@ -200,6 +200,17 @@ def test_dns(host, ip, name):
assert 'record: {}'.format(ip) in result
@pytest.mark.parametrize('ip, name', [
('192.168.24.10', '.baz'),
('192.168.24.11', 'baz.different.domain'),
])
def test_dns_absent(host, ip, name):
record_name, zone_name = name.split('.', 1)
host.run_expect(
[1, 2], 'ipa dnsrecord-find {} --name={}'.format(
zone_name, record_name))
@pytest.mark.parametrize('ip, name', [
('2001:0db8:85a3:0000:0000:8a2e:0370:7334', 'foo'),
('2001:0db8:85a3:0000:0000:8a2e:0370:7333', 'bar'),
@ -229,3 +240,15 @@ def test_reverse_dns(host, ip, name):
'ipa dnsrecord-find {} --name={}'.format(
zone, record))
assert 'record: {}'.format(name) in result
@pytest.mark.parametrize('ip, name', [
('192.168.24.10', '.baz'),
('192.168.24.11', 'baz.different.domain'),
])
def test_reverse_dns_absent(host, ip, name):
reverse = ipaddress.ip_address(ip).reverse_pointer
record, zone = reverse.split('.', 1)
host.run_expect(
[1, 2], 'ipa dnsrecord-find {} --name={}'.format(
zone, record))

+ 63
- 45
tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml View File

@ -20,57 +20,75 @@
record_value: "{{ item.split()[0] }}"
record_name: "{{ item.split()[1].split('.', 1)[0] }}"
zone_name: "{{ item.split()[1].split('.', 1)[1] }}"
when: item.split() | length >= 2 and item.split()[1].split('.') | length >= 2
- name: set record type
- name: set alternative record values
set_fact:
record_type: "{{ 'A' if record_value| ipv4 else 'AAAA' }}"
record_value: "no record value"
record_name: "no record name"
zone_name: "no record zone name provided"
when: item.split() | length < 2 or item.split()[1].split('.') | length < 2
- name: add dns zone
ipa_dnszone:
zone_name: "{{ zone_name }}"
become: true
- name: Notify about not adding entries
debug:
msg: |
"{{ item }}" not added to DNS due to not being managed by us.
Entries with domains outside of cloud_domain are skipped.
when: not zone_name is match("^(|.+\.)" + cloud_domain + "$")
- name: add forward dns record
ipa_dnsrecord:
zone_name: "{{ zone_name }}"
record_name: "{{ record_name }}"
record_type: "{{ record_type }}"
record_value: "{{ record_value }}"
become: true
- name: add entries
block:
- name: set record type
set_fact:
record_type: "{{ 'A' if record_value| ipv4 else 'AAAA' }}"
- name: get reverse record data
set_fact:
reverse_addr: "{{ record_value | ipaddr('revdns') }}"
- name: add dns zone
ipa_dnszone:
zone_name: "{{ zone_name }}"
become: true
- name: set reverse record entries for ipv4
set_fact:
reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4|int)[-1] }}"
reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4|int)[:-1]) }}"
when: record_type == 'A'
- name: add forward dns record
ipa_dnsrecord:
zone_name: "{{ zone_name }}"
record_name: "{{ record_name }}"
record_type: "{{ record_type }}"
record_value: "{{ record_value }}"
become: true
- name: set reverse record entries for ipv6
set_fact:
reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6|int)[-1] }}"
reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6|int)[:-1]) }}"
when: record_type == 'AAAA'
- name: get reverse record data
set_fact:
reverse_addr: "{{ record_value | ipaddr('revdns') }}"
- name: set reverse record entries for ipv4
set_fact:
reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4|int)[-1] }}"
reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4|int)[:-1]) }}"
when: record_type == 'A'
- name: set reverse record entries for ipv6
set_fact:
reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6|int)[-1] }}"
reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6|int)[:-1]) }}"
when: record_type == 'AAAA'
- name: add reverse record dns zone
ipa_dnszone:
zone_name: "{{ reverse_record_zone }}"
register: reverse_zone_result
failed_when:
- "'zone' not in reverse_zone_result"
- "'already exists in DNS' not in reverse_zone_result.msg"
become: true
- name: add reverse record dns zone
ipa_dnszone:
zone_name: "{{ reverse_record_zone }}"
register: reverse_zone_result
failed_when:
- "'zone' not in reverse_zone_result"
- "'already exists in DNS' not in reverse_zone_result.msg"
become: true
- name: add reverse dns record
ipa_dnsrecord:
zone_name: "{{ reverse_record_zone }}"
record_name: "{{ reverse_record_name }}"
record_value: "{{ record_name }}.{{ zone_name }}."
record_type: "PTR"
register: reverse_record_result
failed_when:
- "'record' not in reverse_record_result"
- "'DNS zone not found' not in reverse_record_result.msg"
become: true
- name: add reverse dns record
ipa_dnsrecord:
zone_name: "{{ reverse_record_zone }}"
record_name: "{{ reverse_record_name }}"
record_value: "{{ record_name }}.{{ zone_name }}."
record_type: "PTR"
register: reverse_record_result
failed_when:
- "'record' not in reverse_record_result"
- "'DNS zone not found' not in reverse_record_result.msg"
become: true
when: zone_name is match("^(|.+\.)" + cloud_domain + "$")

Loading…
Cancel
Save