Bug 1876896

Summary: modify dnszone with serial fails when it used with refresh, retry, expire.
Product: Red Hat Enterprise Linux 8 Reporter: anuja <amore>
Component: ansible-freeipaAssignee: Rafael Jeffman <rjeffman>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.3CC: mvarun, rjeffman, twoerner
Target Milestone: rcKeywords: Triaged
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ansible-freeipa-0.3.0-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-18 15:51:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description anuja 2020-09-08 13:13:47 UTC 
Description of problem:
modify dnszone with serial fails when it used with refresh, retry, expire.

Version-Release number of selected component (if applicable):
ansible-freeipa-0.1.12-6.el8.noarch
ipa-server-4.8.7-10.module+el8.3.0+7702+ced5f219.x86_64


```
---
- name: Playbook to ensure modify serial numbers.
  hosts: ipaserver
  become: true
 
  tasks:
  - ipadnszone:
      ipaadmin_password: Secret123
      name: modszone.test
      serial: 4567
      refresh: 70
      retry: 89
      expire: 200
```
Actual results:
[root@master ~]# ipa dnszone-find modszone.test | grep "SOA serial:"
  SOA serial: 1599560600
[root@master ~]#

Expected results:
DNS zone should be modified with given SOA serial 

Additional info:
Usig CLI:
[root@master ~]# ipa dnszone-mod clizone.test --serial=4567 --refresh=70 --retry=89 --expire=200 | grep "SOA serial:"
  SOA serial: 4567
Comment 1 Rafael Jeffman 2020-09-08 22:47:37 UTC 
This is the same behavior I am having with the command line.

```
[root@cos81 ~]# ipa dnszone-mod ttllone.test --serial=4567  --expire 201 --retry 87 --refresh 72
  Zone name: ttllone.test.
  Active zone: TRUE
  Authoritative nameserver: cos81.ipa.test.
  Administrator e-mail address: hostmaster
  SOA serial: 1599604817
  SOA refresh: 72
  SOA retry: 87
  SOA expire: 201
  SOA minimum: 3600
  Allow query: any;
  Allow transfer: none;
```

In the command-line, it seems that the `serial` cannot be changed if other values are also changed.

Your example might have worked because the other values did not change, so the `serial` could be set.

I agree that the ansible-freeipa module might not be correct, but it is the same as the command line one.
Comment 2 Rafael Jeffman 2020-09-08 23:09:17 UTC 
Here is the FreeIPA upstream issue for the CLI command: https://pagure.io/freeipa/issue/8489
Comment 5 Rafael Jeffman 2020-11-19 22:18:59 UTC 
To circunvent this issue, ipadnszone module can set the SOA serial attribute in a later call to dnszone_mod.

A patch with this workaround is avilable upstream: https://github.com/freeipa/ansible-freeipa/pull/449
Comment 9 Varun Mylaraiah 2020-12-11 11:01:59 UTC 
Verified
ansible-freeipa-0.3.1-1.el8.noarch


ansible_freeipa_tests/dns_module.py::TestDNSZone::test_dnszone_soa_serial_mod_with_other_attr 
2020-12-11T08:15:27+0000 -------------------------------- live log call ---------------------------------
2020-12-11T08:15:27+0000 [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO RUN ['/usr/bin/rpm', '-q', 'ansible-freeipa']
2020-12-11T08:15:27+0000 [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO WRITE inventory/dns.hosts
2020-12-11T08:15:28+0000 [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO PUT dns_module.yml
2020-12-11T08:15:28+0000 [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/dns.hosts', 'dns_module.yml']
2020-12-11T08:15:33+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['kinit', 'admin']
2020-12-11T08:15:33+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['ipa', 'dnszone-find', 'serialzoneattr.test', '--all']
2020-12-11T08:15:34+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['kdestroy', '-A']
2020-12-11T08:15:35+0000 [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO WRITE inventory/dns.hosts
2020-12-11T08:15:35+0000 [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO PUT dns_module.yml
2020-12-11T08:15:35+0000 [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/dns.hosts', 'dns_module.yml']
2020-12-11T08:15:40+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['kinit', 'admin']
2020-12-11T08:15:41+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['ipa', 'dnszone-find', 'serialzoneattr.test', '--all']
2020-12-11T08:15:42+0000 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['kdestroy', '-A']
2020-12-11T08:15:42+0000 PASSED              


Based on the test result, marking the bug VERIFIED.
Comment 11 errata-xmlrpc 2021-05-18 15:51:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:1860