OSP director operator TLSe CI jobs are failing with a "DNS zone not found" error from ansible-freeipa (https://issues.redhat.com/browse/OSPK8-698) when adding A records with PTR:
2023-06-14 14:43:40.669860 | 0a580a83-0030-d673-b475-00000000506a | TIMING | tripleo_ipa_dns : set create_reverse to false for elements of no_reverse_ips | undercloud | 0:09:11.057666 | 0.66s
2023-06-14 14:43:40.679187 | 0a580a83-0030-d673-b475-00000000506b | TASK | add dns forward and reverse records
2023-06-14 14:43:50.672417 | 0a580a83-0030-d673-b475-00000000506b | FATAL | add dns forward and reverse records | undercloud | error={"changed": false, "msg": "dnsrecord_add: 22.172.in-addr.arpa.: 22.172.in-addr.arpa.: DNS zone not found"}
2023-06-14 14:43:50.675843 | 0a580a83-0030-d673-b475-00000000506b | TIMING | tripleo_ipa_dns : add dns forward and reverse records | undercloud | 0:09:21.063635 | 10.00s
I expect this was introduced to https://bugzilla.redhat.com/show_bug.cgi?id=2172534 which re-implemented the logic in tripleo-ipa.
The root cause seems to be an issue in ansible-freeipa where ipadnszone and ipadnsrecord disagree on the zone to use. I can reproduce with a simple playbook:
- hosts: Undercloud
name: ansible-freeipa test
become: true
tasks:
- block:
- name: add reverse zone
ipadnszone:
name_from_ip: 192.168.0.1
- name: add dns forward and reverse records
ipadnsrecord:
records:
- record_name: foo
zone_name: ctlplane.osptest.test.metalkube.org
record_type: A
create_reverse: true
a_rec: 192.168.0.1
environment:
IPA_HOST: freeipa.test.metalkube.org
IPA_USER: nova/{{ ansible_facts['fqdn'] }}
KRB5CCNAME: /etc/novajoin/krb5.cache
KRB5_CLIENT_KTNAME: FILE:/etc/novajoin/krb5.keytab
sh-5.1$ ansible-playbook -i tripleo-ansible-inventory.yaml test.yaml
PLAY [ansible-freeipa test] *****************************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************************************
ok: [undercloud]
TASK [add reverse zone] *********************************************************************************************************************************************************************************************
ok: [undercloud]
TASK [add dns forward and reverse records] **************************************************************************************************************************************************************************
fatal: [undercloud]: FAILED! => {"changed": false, "msg": "dnsrecord_add: 168.192.in-addr.arpa.: 168.192.in-addr.arpa.: DNS zone not found"}
PLAY RECAP **********************************************************************************************************************************************************************************************************
undercloud : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
[root@freeipa /]# ipa dnszone-find | grep 'Zone name' | grep 192
Zone name: 0.168.192.in-addr.arpa.
i.e ipadnsrecord tries to add the PTR to the 168.192.in-addr.arpa. zone while ipadnszone created 0.168.192.in-addr.arpa.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHEA-2023:4577
Comment 19Red Hat Bugzilla
2023-12-15 04:26:21 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days