search

freeipa / ansible-freeipa

Ansible roles and modules for FreeIPA
GNU General Public License v3.0
482 stars 230 forks source link

ipadnszone non-idempotent #1165

Closed adalsa91 closed 9 months ago

adalsa91 commented 9 months ago

First execution works fine, subsequent runs fail unless you make changes to any of the variables. I found an issue that I think is related (#862). I understand that the expected result should be that if there are no changes in the definition of the zone, the task returns an OK.

FreeIPA 4.10.1 ansible-freeipa v1.11.0

Code:

---
- name: Configure DNS zones
  hosts: all
  vars:
    ipaapi_context: client
  tasks:
  - name: Create reverse DNS zones
    ipadnszone:
      ipaadmin_password: "{{ipaadmin_password}}"
      name_from_ip: "192.168.0.1/24"
      allow_sync_ptr: true
      dynamic_update: true
      state: present

Error:

TASK [Create reverse DNS zones] ************************************************************************************************************************************************************
failed: [host] (item={'network': '192.168.1.0/24'}) => {"ansible_loop_var": "item", "changed": false, "item": {"network": "192.168.1.0/24"}, "msg": "dnszone_mod: 1.168.192.in-addr.arpa.: no modifications to be performed"}
rjeffman commented 9 months ago

The name_from_ip attribute can only be used if the zone does not exist. This parameter is known to be not idempotent, and this will not be fixed anytime soon.

For idempotent behavior use the resulting zone name instead of name_from_ip.

t-woerner commented 9 months ago

@adalsa91 are you really using ansible-freeipa v1.11.0? I am only able to reproduce the issue with up to v1.8.0. Starting with v1.8.1 the issue is fixed for me.