From 22d8784da29dcfede0744ef6b691b4506eae5deb Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 20 Feb 2020 12:58:11 +0100
Subject: [PATCH] ipahost: Do not fail on missing DNS or zone when no IP
address given
If no IP address is given and either DNS is not configured or if the zone is
not found then ipahost may not fail in dnsrecord_find.
The error happened for example by ensuring the absence of a host that is not
part of the domain or for a host that has been added with force and is using
a domain that is not served by the DNS server in the domain. It also
happened if there was no DNS server in the domain at all.
A new test case has been added to test_host_ipaddresses.yml
The fix requires ipalib_errors provided by ansible_freeipa_module.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1804838
---
plugins/modules/ipahost.py | 17 +++++++++++++++--
tests/host/test_host_ipaddresses.yml | 9 +++++++++
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/plugins/modules/ipahost.py b/plugins/modules/ipahost.py
index 558560e..062f768 100644
--- a/plugins/modules/ipahost.py
+++ b/plugins/modules/ipahost.py
@@ -409,7 +409,7 @@
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
module_params_get, gen_add_del_lists, encode_certificate, api_get_realm, \
- is_ipv4_addr, is_ipv6_addr
+ is_ipv4_addr, is_ipv6_addr, ipalib_errors
import six
@@ -871,7 +871,20 @@ def main():
# Make sure host exists
res_find = find_host(ansible_module, name)
- res_find_dnsrecord = find_dnsrecord(ansible_module, name)
+ try:
+ res_find_dnsrecord = find_dnsrecord(ansible_module, name)
+ except ipalib_errors.NotFound as e:
+ msg = str(e)
+ if ip_address is None and \
+ ("DNS is not configured" in msg or \
+ "DNS zone not found" in msg):
+ # IP address(es) not given and no DNS support in IPA
+ # -> Ignore failure
+ # IP address(es) not given and DNS zone is not found
+ # -> Ignore failure
+ res_find_dnsrecord = None
+ else:
+ ansible_module.fail_json(msg="%s: %s" % (host, msg))
# Create command
if state == "present":
diff --git a/tests/host/test_host_ipaddresses.yml b/tests/host/test_host_ipaddresses.yml
index 0a97dd5..136a610 100644
--- a/tests/host/test_host_ipaddresses.yml
+++ b/tests/host/test_host_ipaddresses.yml
@@ -301,6 +301,15 @@
register: result
failed_when: result.changed
+ - name: Absent host01.ihavenodns.info test
+ ipahost:
+ ipaadmin_password: MyPassword123
+ hosts:
+ - name: host01.ihavenodns.info
+ state: absent
+ register: result
+ failed_when: result.changed
+
- name: Host absent
ipahost:
ipaadmin_password: MyPassword123
From 4d94cb09a9fb09dd2576223b9be7f77d515202fb Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 20 Feb 2020 12:54:32 +0100
Subject: [PATCH] ansible_freeipa_module: Import ipalib.errors as ipalib_errors
For beeing able to catch ipalib.errors.NotFound errors in ipahost it is
needed to import ipalib.errors. ipalib.errors is now imported as
ipalib_errors to not have name conflicts with the errors list used in some
of the modules.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1804838
---
plugins/module_utils/ansible_freeipa_module.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index 6acdbef..5066de3 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -28,6 +28,7 @@
import gssapi
from datetime import datetime
from ipalib import api
+from ipalib import errors as ipalib_errors
from ipalib.config import Env
from ipalib.constants import DEFAULT_CONFIG, LDAP_GENERALIZED_TIME_FORMAT
try: