search

ansible-collections / community.windows

Windows community collection for Ansible
https://galaxy.ansible.com/community/windows
GNU General Public License v3.0
205 stars 160 forks source link

win_dns_record: state changed but nothing is done when adding record #564

Open ySp-chld opened 6 months ago

ySp-chld commented 6 months ago
SUMMARY

Trying to add record to DNS using win_dns_record : 

  tasks:
   - name: Create DNS record
     community.windows.win_dns_record:
       name: "thisisatestrecord"
       zone: "domain.lan"
       type: "A"
       value: "10.4.95.70"
       computer_name: "DNS-SERVER.domain.lan"
     delegate_to: bastion-machine

WinRM Connection works, I can run thos command from a powershell session myself. the status I get is Changed.
However being adding a record or editing a record do not do anything.

ISSUE TYPE
COMPONENT NAME

win_dns_record

ANSIBLE VERSION
ansible [core 2.15.8]
  config file = None
  configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.18 (main, Jan  4 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] (/usr/bin/python3)
  jinja version = 3.1.3
  libyaml = True
COLLECTION VERSION
amazon.aws              7.2.0
ansible.netcommon       6.0.0
ansible.posix           1.5.4
ansible.utils           3.0.0
ansible.windows         2.2.0
awx.awx                 23.6.0
azure.azcollection      2.1.1
chocolatey.chocolatey   1.5.1
cloud.common            3.0.0
community.general       8.2.0
community.mongodb       1.4.2
community.vmware        4.0.1
community.windows       2.1.0
datadog.dd              5.0.1
f5networks.f5_modules   1.27.1
google.cloud            1.3.0
kubernetes.core         3.0.0
openstack.cloud         2.2.0
ovirt.ovirt             3.2.0
redhatinsights.insights 1.2.2
theforeman.foreman      4.0.0
vmware.vmware_rest      3.0.0
EXPECTED RESULTS

DNS record is updated or added.

ACTUAL RESULTS

Everything seems OK but nothing happen on the DNS server.
No modification, no new record either.

Using module file /usr/share/ansible/collections/ansible_collections/community/windows/plugins/modules/win_dns_record.ps1
Pipelining is enabled.
<bastion-machine.DOMAIN.LAN> ESTABLISH WINRM CONNECTION FOR USER: ADMIN@DOMAIN.LAN on PORT 5985 TO bastion-machine.DOMAIN.LAN
creating Kerberos CC at /tmp/tmpl0w0iyc3
calling kinit with pexpect for principal ADMIN@DOMAIN.LAN
kinit succeeded for principal ADMIN@DOMAIN.LAN
<bastion-machine.DOMAIN.LAN> WINRM CONNECT: transport=kerberos endpoint=http://bastion-machine.DOMAIN.LAN:5985/wsman
<bastion-machine.DOMAIN.LAN> WINRM OPEN SHELL: 06AF7DF0-4E52-4037-8726-A8B0FBDBEB3B
EXEC (via pipeline wrapper)
<bastion-machine.DOMAIN.LAN> WINRM EXEC 'PowerShell' ['-NoProfile', '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', '[TRUNCATED]']
<bastion-machine.DOMAIN.LAN> WINRM RESULT '<Response code 0, out "{"changed":true,"inv", err "#< CLIXML\\r\\n<Objs Ver">'
<bastion-machine.DOMAIN.LAN> WINRM CLOSE SHELL: 06AF7DF0-4E52-4037-8726-A8B0FBDBEB3B

<bastion-machine.domain.lan> WINRM CLOSE SHELL: 06AF7DF0-4E52-4037-8726-A8B0FBDBEB3B
changed: [machine -> bastion-machine.domain.lan] => {
    "changed": true,
    "debug_splat_args": {
        "A": true,
        "IPv4Address": "10.4.95.70"
    },
    "invocation": {
        "module_args": {
            "aging": false,
            "computer_name": "DNS-SERVER.domain.lan",
            "name": "thisisatestrecord",
            "port": null,
            "priority": null,
            "state": "present",
            "ttl": 3600,
            "type": "A",
            "value": [
                "10.4.95.70"
            ],
            "weight": null,
            "zone": "domain.lan",
            "zone_scope": null
        }
    }
}

Truncated part convert to that output (using base64 -d twice gices that: 

&chcp.com 65001 > $null
if ($PSVersionTable.PSVersion -lt [Version]"3.0") {
'{"failed":true,"msg":"Ansible requires PowerShell v3.0 or newer"}'
exit 1
}
$exec_wrapper_str = $input | Out-String
$split_parts = $exec_wrapper_str.Split(@("`0`0`0`0"), 2, [StringSplitOptions]::RemoveEmptyEntries)
If (-not $split_parts.Length -eq 2) { throw "invalid payload" }
Set-Variable -Name json_raw -Value $split_parts[1]
$exec_wrapper = [ScriptBlock]::Create($splbase64: invalid input
rhounsell commented 5 months ago

We are experiencing similar behaviour when trying to add a CNAME to a DNS forward lookup table using community.windows.win_dns_record. Occasionally, the CNAME will simply not be present when examining the DNS configuration in the DNS Manager dialog of the Server Manager tool. No error indication of any kind.

Ansible [core 2.16.7] python version 3.10.12 jinja version 3.1.4 libyaml = true

community.windows 2.2.0

qgmathieu commented 3 months ago

Same here, we tried adding type A records. The module is showing state changed with no errors, and if we replay it, it's green with OK state. However no DNS entry was created in our DNS server.

Here is how we use the module :

- name: Create a DNS record
  community.windows.win_dns_record:
    name: "mytest.mydomain.com"
    computer_name: "{{ my_dns_server_private_ip }}"
    type: "A"
    value: "{{ mytest_private_ip }} "
    zone: "mydomain.com"
  delegate_to: "{{ my_windows_server }}
  vars:
    ansible_user: {{ my_user }}
    ansible_password: "{{ my_password }}"
    ansible_connection: winrm
    ansible_port: 5986
    ansible_winrm_transport: credssp
    ansible_winrm_server_cert_validation: ignore

ansible [core 2.15.8] python version = 3.9.19 jinja version = 3.1.4 libyaml = True community.windows 2.2.0

qgmathieu commented 3 months ago

We found what our issue was. It turns out that when creating a type A record, you MUST remove the domain from the "name" field (similarly to CNAME records), contrary to what the example in the official documentation says :

The official doc example : 

- name: Create database server record
  community.windows.win_dns_record:
    name: "cgyl1404p.amer.example.com"    --->  Does not work
    type: "A"
    value: "10.1.1.1"
    zone: "amer.example.com"

What you should do instead :

 - name: Create database server record
   community.windows.win_dns_record:
    name: "cgyl1404p"        ---> Works
    type: "A"
    value: "10.1.1.1"
    zone: "amer.example.com"

Leaving this here in case it helps someone.