From 22d8784da29dcfede0744ef6b691b4506eae5deb Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Thu, 20 Feb 2020 12:58:11 +0100 Subject: [PATCH] ipahost: Do not fail on missing DNS or zone when no IP address given If no IP address is given and either DNS is not configured or if the zone is not found then ipahost may not fail in dnsrecord_find. The error happened for example by ensuring the absence of a host that is not part of the domain or for a host that has been added with force and is using a domain that is not served by the DNS server in the domain. It also happened if there was no DNS server in the domain at all. A new test case has been added to test_host_ipaddresses.yml The fix requires ipalib_errors provided by ansible_freeipa_module. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1804838 --- plugins/modules/ipahost.py | 17 +++++++++++++++-- tests/host/test_host_ipaddresses.yml | 9 +++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/plugins/modules/ipahost.py b/plugins/modules/ipahost.py index 558560e..062f768 100644 --- a/plugins/modules/ipahost.py +++ b/plugins/modules/ipahost.py @@ -409,7 +409,7 @@ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \ temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \ module_params_get, gen_add_del_lists, encode_certificate, api_get_realm, \ - is_ipv4_addr, is_ipv6_addr + is_ipv4_addr, is_ipv6_addr, ipalib_errors import six @@ -871,7 +871,20 @@ def main(): # Make sure host exists res_find = find_host(ansible_module, name) - res_find_dnsrecord = find_dnsrecord(ansible_module, name) + try: + res_find_dnsrecord = find_dnsrecord(ansible_module, name) + except ipalib_errors.NotFound as e: + msg = str(e) + if ip_address is None and \ + ("DNS is not configured" in msg or \ + "DNS zone not found" in msg): + # IP address(es) not given and no DNS support in IPA + # -> Ignore failure + # IP address(es) not given and DNS zone is not found + # -> Ignore failure + res_find_dnsrecord = None + else: + ansible_module.fail_json(msg="%s: %s" % (host, msg)) # Create command if state == "present": diff --git a/tests/host/test_host_ipaddresses.yml b/tests/host/test_host_ipaddresses.yml index 0a97dd5..136a610 100644 --- a/tests/host/test_host_ipaddresses.yml +++ b/tests/host/test_host_ipaddresses.yml @@ -301,6 +301,15 @@ register: result failed_when: result.changed + - name: Absent host01.ihavenodns.info test + ipahost: + ipaadmin_password: MyPassword123 + hosts: + - name: host01.ihavenodns.info + state: absent + register: result + failed_when: result.changed + - name: Host absent ipahost: ipaadmin_password: MyPassword123 From 4d94cb09a9fb09dd2576223b9be7f77d515202fb Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Thu, 20 Feb 2020 12:54:32 +0100 Subject: [PATCH] ansible_freeipa_module: Import ipalib.errors as ipalib_errors For beeing able to catch ipalib.errors.NotFound errors in ipahost it is needed to import ipalib.errors. ipalib.errors is now imported as ipalib_errors to not have name conflicts with the errors list used in some of the modules. Related: https://bugzilla.redhat.com/show_bug.cgi?id=1804838 --- plugins/module_utils/ansible_freeipa_module.py | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py index 6acdbef..5066de3 100644 --- a/plugins/module_utils/ansible_freeipa_module.py +++ b/plugins/module_utils/ansible_freeipa_module.py @@ -28,6 +28,7 @@ import gssapi from datetime import datetime from ipalib import api +from ipalib import errors as ipalib_errors from ipalib.config import Env from ipalib.constants import DEFAULT_CONFIG, LDAP_GENERALIZED_TIME_FORMAT try: