search

freeipa / ansible-freeipa

Ansible roles and modules for FreeIPA
GNU General Public License v3.0
504 stars 231 forks source link

ipa_dnsrecord no modifications to be performed when record already exists. #1296

Open patrickstump opened 2 months ago

patrickstump commented 2 months ago

Description

When updating dns records for a zone, host, or dns record, if the record already exists without changes, it fails the task with "no modifications to be performed."

This is also reported in the community project, but never fixed.

Version information

ansible-freeipa collection : 1.13.2

ansible [core 2.15.1]
  config file = /ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
  ansible collection location = /ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.12 (main, Sep 11 2024, 15:47:36) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Affected (that I have tested)

Example task

    - name: Add DNS Zones
      tags:
        - zones
      freeipa.ansible_freeipa.ipadnszone:
        ipaadmin_principal: admin
        ipaadmin_password: "{{ ipaserver_admin_password }}"
        state: present
        name: "example.lan"
        allow_sync_ptr: true
        dynamic_update: false
        allow_transfer:
          - "192.168.1.3"
        skip_nameserver_check: true
        skip_overlap_check: true

     - name: Add hosts to ipa inventory
      freeipa.ansible_freeipa.ipahost:
        ipaadmin_principal: admin
        ipaadmin_password: "{{ ipaserver_admin_password }}"
        name: "host1.example.lan"
        description: ""
        ip_address: "192.168.4.5"
        state: present
        update_dns: true
        reverse: true
      loop: "{{ inventory_hosts }}"

Example output

failed: [ipa-1.example.lan] (item=example.lan) => {"ansible_loop_var": "item", "changed": false, "item": "example.lan", "msg": "dnszone_mod: example.lan: no modifications to be performed"}

failed: [ipa-1.example.lan] (item=host1.example.lan) => {"ansible_loop_var": "item", "changed": false, "item": "host1.example.lan", "msg": "host_mod: host1.example.lan: no modifications to be performed"}

Expected behavior

If record already exists return changed: false but do not error.

Workaround

Set ignore_errors to true. However you need to watch each line to make sure the errors are actually the modification error and not another error.

kitos9112 commented 1 month ago

I see the same behaviour with the ipahost module when there are no pending changes.

I normally offload the idempotency to the Ansible module. Other modules work in this way, they'd make changes if needed.