Skip entries not in cloud_domain

Adding a host without a domain or with a different domain caused failures with tls everywhere enabled. This patch checks if the domain ends with cloud_domain to determine if it should be managed by tripleo-ipa. Change-Id: I15d72e95705cc77e40b4b74fb9320478c3fa5188 Closes-Bug: #1889105 Resolves: rhbz#1869174
2020-11-04 13:03:16 +01:00 · 2020-11-04 13:03:16 +01:00 · 03f636c129
parent e65f11baed
commit 03f636c129
4 changed files with 88 additions and 46 deletions
--- a/tripleo_ipa/molecule/default/converge.yml
+++ b/tripleo_ipa/molecule/default/converge.yml
@ -152,6 +152,8 @@
      - 2001:0db8:85a3:0000:0000:8a2e:0370:7333 foo.ooo.test
      - 2001:0db8:85a3:0000:0000:8a2e:0370:7333 bar.ooo.test
      - 192.168.24.111 bar.ooo.test
+      - 192.168.24.10 baz
+      - 192.168.24.11 baz.different.domain
      - 192.168.24.1 undercloud.ctlplane.ooo.test undercloud.ctlplane
      - 192.168.24.115  overcloud.ctlplane.ooo.test
      - 10.0.0.135  overcloud.ooo.test
--- a/tripleo_ipa/molecule/default/molecule.yml
+++ b/tripleo_ipa/molecule/default/molecule.yml
@ -1,7 +1,6 @@
 ---
 driver:
  name: docker
-
 log: true

 platforms:
--- a/tripleo_ipa/molecule/default/tests/test_default.py
+++ b/tripleo_ipa/molecule/default/tests/test_default.py
@ -200,6 +200,17 @@ def test_dns(host, ip, name):
    assert 'record: {}'.format(ip) in result


+@pytest.mark.parametrize('ip, name', [
+    ('192.168.24.10', '.baz'),
+    ('192.168.24.11', 'baz.different.domain'),
+])
+def test_dns_absent(host, ip, name):
+    record_name, zone_name = name.split('.', 1)
+    host.run_expect(
+        [1, 2], 'ipa dnsrecord-find {} --name={}'.format(
+            zone_name, record_name))
+
+
@pytest.mark.parametrize('ip, name', [
    ('2001:0db8:85a3:0000:0000:8a2e:0370:7334', 'foo'),
    ('2001:0db8:85a3:0000:0000:8a2e:0370:7333', 'bar'),
@ -229,3 +240,15 @@ def test_reverse_dns(host, ip, name):
        'ipa dnsrecord-find {} --name={}'.format(
            zone, record))
    assert 'record: {}'.format(name) in result
+
+
+@pytest.mark.parametrize('ip, name', [
+    ('192.168.24.10', '.baz'),
+    ('192.168.24.11', 'baz.different.domain'),
+])
+def test_reverse_dns_absent(host, ip, name):
+    reverse = ipaddress.ip_address(ip).reverse_pointer
+    record, zone = reverse.split('.', 1)
+    host.run_expect(
+        [1, 2], 'ipa dnsrecord-find {} --name={}'.format(
+            zone, record))
--- a/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml
+++ b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml
@ -20,57 +20,75 @@
    record_value: "{{ item.split()[0] }}"
    record_name: "{{ item.split()[1].split('.', 1)[0] }}"
    zone_name: "{{ item.split()[1].split('.', 1)[1] }}"
+  when: item.split() | length >= 2 and item.split()[1].split('.') | length >= 2

- name: set record type
+- name: set alternative record values
  set_fact:
-    record_type: "{{ 'A' if record_value| ipv4 else 'AAAA' }}"
+    record_value: "no record value"
+    record_name: "no record name"
+    zone_name: "no record zone name provided"
+  when: item.split() | length < 2 or item.split()[1].split('.') | length < 2

- name: add dns zone
-  ipa_dnszone:
-    zone_name: "{{ zone_name }}"
-  become: true
+- name: Notify about not adding entries
+  debug:
+    msg: |
+      "{{ item }}" not added to DNS due to not being managed by us.
+      Entries with domains outside of cloud_domain are skipped.
+  when: not zone_name is match("^(|.+\.)" + cloud_domain + "$")

- name: add forward dns record
-  ipa_dnsrecord:
-    zone_name: "{{ zone_name }}"
-    record_name: "{{ record_name }}"
-    record_type: "{{ record_type }}"
-    record_value: "{{ record_value }}"
-  become: true
+- name: add entries
+  block:
+    - name: set record type
+      set_fact:
+        record_type: "{{ 'A' if record_value| ipv4 else 'AAAA' }}"

- name: get reverse record data
-  set_fact:
-    reverse_addr: "{{ record_value | ipaddr('revdns') }}"
+    - name: add dns zone
+      ipa_dnszone:
+        zone_name: "{{ zone_name }}"
+      become: true

- name: set reverse record entries for ipv4
-  set_fact:
-    reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4|int)[-1] }}"
-    reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4|int)[:-1]) }}"
-  when: record_type == 'A'
+    - name: add forward dns record
+      ipa_dnsrecord:
+        zone_name: "{{ zone_name }}"
+        record_name: "{{ record_name }}"
+        record_type: "{{ record_type }}"
+        record_value: "{{ record_value }}"
+      become: true

- name: set reverse record entries for ipv6
-  set_fact:
-    reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6|int)[-1] }}"
-    reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6|int)[:-1]) }}"
-  when: record_type == 'AAAA'
+    - name: get reverse record data
+      set_fact:
+        reverse_addr: "{{ record_value | ipaddr('revdns') }}"

- name: add reverse record dns zone
-  ipa_dnszone:
-    zone_name: "{{ reverse_record_zone }}"
-  register: reverse_zone_result
-  failed_when:
-    - "'zone' not in reverse_zone_result"
-    - "'already exists in DNS' not in reverse_zone_result.msg"
-  become: true
+    - name: set reverse record entries for ipv4
+      set_fact:
+        reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4|int)[-1] }}"
+        reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4|int)[:-1]) }}"
+      when: record_type == 'A'

- name: add reverse dns record
-  ipa_dnsrecord:
-    zone_name: "{{ reverse_record_zone }}"
-    record_name: "{{ reverse_record_name }}"
-    record_value: "{{ record_name }}.{{ zone_name }}."
-    record_type: "PTR"
-  register: reverse_record_result
-  failed_when:
-    - "'record' not in reverse_record_result"
-    - "'DNS zone not found' not in reverse_record_result.msg"
-  become: true
+    - name: set reverse record entries for ipv6
+      set_fact:
+        reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6|int)[-1] }}"
+        reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6|int)[:-1]) }}"
+      when: record_type == 'AAAA'
+
+    - name: add reverse record dns zone
+      ipa_dnszone:
+        zone_name: "{{ reverse_record_zone }}"
+      register: reverse_zone_result
+      failed_when:
+        - "'zone' not in reverse_zone_result"
+        - "'already exists in DNS' not in reverse_zone_result.msg"
+      become: true
+
+    - name: add reverse dns record
+      ipa_dnsrecord:
+        zone_name: "{{ reverse_record_zone }}"
+        record_name: "{{ reverse_record_name }}"
+        record_value: "{{ record_name }}.{{ zone_name }}."
+        record_type: "PTR"
+      register: reverse_record_result
+      failed_when:
+        - "'record' not in reverse_record_result"
+        - "'DNS zone not found' not in reverse_record_result.msg"
+      become: true
+  when: zone_name is match("^(|.+\.)" + cloud_domain + "$")