Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1843829

Summary: [ansible-freeipa] Not able to modify forward policy from the existing DNS forward zone in the Dnsforwardzone module
Product: Red Hat Enterprise Linux 8 Reporter: Varun Mylaraiah <mvarun>
Component: ansible-freeipaAssignee: Rafael Jeffman <rjeffman>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.3CC: amore, rjeffman, twoerner
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ansible-freeipa-0.1.12-2.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 02:46:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Varun Mylaraiah 2020-06-04 09:13:57 UTC
Description of problem:
Not able to modify forward policy from the existing DNS forward zone in the ansible-freeipa Dnsforwardzone module.

Version-Release number of selected component (if applicable):
ansible-freeipa-0.1.10-1.el8.noarch

Steps to Reproduce:

[root@master ~]# ipa dnsforwardzone-show newfzone.com --all
  dn: idnsname=newfzone.com.,cn=dns,dc=ipadomain,dc=test
  Zone name: newfzone.com.
  Active zone: TRUE
  Zone forwarders: 1.22.33.1
  Forward policy: first
  objectclass: top, idnsforwardzone

[root@ansible ~]# cat dnsfrwzone02.test
---
- name: Test dnsforwardzone
  hosts: ipaserver
  become: true
  gather_facts: false

  tasks:
  - name: ensure forwardzone test
    ipadnsforwardzone:
      ipaadmin_password: <xxxxx>
      name: newfzone.com
      forwardpolicy: only

[root@ansible ~]# ansible-playbook -vv -i inventory/server.hosts dnsfrwzone02.test
ansible-playbook 2.9.9
  config file = /root/ansible.cfg
  configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 3.6.8 (default, Apr  3 2020, 16:09:51) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
Using /root/ansible.cfg as config file

PLAYBOOK: dnsfrwzone02.test ***********************************************************************************************************
1 plays in dnsfrwzone02.test

PLAY [Test dnsforwardzone] ************************************************************************************************************
META: ran handlers

TASK [ensure forwardzone test] ********************************************************************************************************
task path: /root/dnsfrwzone02.test:8
ok: [master.ipadomain.test] => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "changed": false, "dnsforwardzone": {}}
META: ran handlers
META: ran handlers

PLAY RECAP ****************************************************************************************************************************
master.ipadomain.test      : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[root@master ~]# ipa dnsforwardzone-show newfzone.com --all
  dn: idnsname=newfzone.com.,cn=dns,dc=ipadomain,dc=test
  Zone name: newfzone.com.
  Active zone: TRUE
  Zone forwarders: 1.22.33.1
  Forward policy: first
  objectclass: top, idnsforwardzone


Actual results:


Expected results:
[root@master ~]# ipa dnsforwardzone-mod newfzone.com --forward-policy=only
  Zone name: newfzone.com.
  Active zone: TRUE
  Zone forwarders: 1.1.1.1
  Forward policy: only

Comment 1 Rafael Jeffman 2020-06-16 02:51:26 UTC
There is an upstream PR available: https://github.com/freeipa/ansible-freeipa/pull/304

Comment 3 Thomas Woerner 2020-06-29 10:28:16 UTC
The PR has been merged upstream.

Comment 9 anuja 2020-07-28 11:00:58 UTC
Verified Using: Test from downstream ansible-freeipa-tests/ansible_freeipa_tests/dns_module.py::TestDNSForwardZone::()::test_modify_policy
Using version: 
ansible-freeipa-0.1.12-5.el8.noarch
ipa-server-common-4.8.7-7.module+el8.3.0+7376+c83e4fcd.noarch


Verified using :
------------------------------ Captured log call -------------------------------
channel.py                1212 DEBUG    [chan 64] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 64] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 64 opened.
transport.py               318 INFO     RUN ['kinit', 'admin']
transport.py               519 DEBUG    RUN ['kinit', 'admin']
channel.py                1212 DEBUG    [chan 64] Sesch channel 64 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Password for admin: 
channel.py                1212 DEBUG    [chan 64] EOF received (64)
channel.py                1212 DEBUG    [chan 64] EOF sent (64)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 65] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 65] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 65 opened.
transport.py               318 INFO     RUN ['ipa', 'dnsforwardzone-add', 'policyzone.com', '--forward-policy=first', '--forwarder=192.1.22.2']
transport.py               519 DEBUG    RUN ['ipa', 'dnsforwardzone-add', 'policyzone.com', '--forward-policy=first', '--forwarder=192.1.22.2']
channel.py                1212 DEBUG    [chan 65] Sesch channel 65 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Server will check DNS forwarder(s).
transport.py               563 DEBUG    This may take some time, please wait ...
transport.py               563 DEBUG      Zone name: policyzone.com.
transport.py               563 DEBUG      Active zone: TRUE
transport.py               563 DEBUG      Zone forwarders: 192.1.22.2
transport.py               563 DEBUG      Forward policy: first
transport.py               563 DEBUG    ipa: WARNING: DNS server 192.1.22.2: query 'policyzone.com. SOA': The DNS operation timed out after 10.000895261764526 seconds.
channel.py                1212 DEBUG    [chan 65] EOF received (65)
channel.py                1212 DEBUG    [chan 65] EOF sent (65)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 66] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 66] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 66 opened.
transport.py               318 INFO     RUN ['kinit', 'admin']
transport.py               519 DEBUG    RUN ['kinit', 'admin']
channel.py                1212 DEBUG    [chan 66] Sesch channel 66 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Password for admin: 
channel.py                1212 DEBUG    [chan 66] EOF received (66)
channel.py                1212 DEBUG    [chan 66] EOF sent (66)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 67] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 67] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 67 opened.
transport.py               318 INFO     RUN ['ipa', 'dnsforwardzone-show', 'policyzone.com']
transport.py               519 DEBUG    RUN ['ipa', 'dnsforwardzone-show', 'policyzone.com']
channel.py                1212 DEBUG    [chan 67] Sesch channel 67 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG      Zone name: policyzone.com.
transport.py               563 DEBUG      Active zone: TRUE
transport.py               563 DEBUG      Zone forwarders: 192.1.22.2
transport.py               563 DEBUG      Forward policy: first
channel.py                1212 DEBUG    [chan 67] EOF received (67)
channel.py                1212 DEBUG    [chan 67] EOF sent (67)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 68] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 68] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 68 opened.
transport.py               318 INFO     RUN ['kdestroy', '-A']
transport.py               519 DEBUG    RUN ['kdestroy', '-A']
channel.py                1212 DEBUG    [chan 68] Sesch channel 68 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py                1212 DEBUG    [chan 68] EOF received (68)
channel.py                1212 DEBUG    [chan 68] EOF sent (68)
transport.py               217 DEBUG    Exit code: 0
transport.py               293 INFO     WRITE inventory/dns.hosts
sftp.py                    158 DEBUG    [chan 0] open(b'inventory/dns.hosts', 'wb')
sftp.py                    158 DEBUG    [chan 0] open(b'inventory/dns.hosts', 'wb') -> 00000000
sftp.py                    158 DEBUG    [chan 0] close(00000000)
transport.py               329 INFO     PUT dns_module.yml
sftp.py                    158 DEBUG    [chan 0] open(b'dns_module.yml', 'wb')
sftp.py                    158 DEBUG    [chan 0] open(b'dns_module.yml', 'wb') -> 00000000
sftp.py                    158 DEBUG    [chan 0] close(00000000)
sftp.py                    158 DEBUG    [chan 0] stat(b'dns_module.yml')
channel.py                1212 DEBUG    [chan 14] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 14] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 14 opened.
transport.py               318 INFO     RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/dns.hosts', 'dns_module.yml']
transport.py               519 DEBUG    RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/dns.hosts', 'dns_module.yml']
channel.py                1212 DEBUG    [chan 14] Sesch channel 14 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    ansible-playbook 2.9.11
transport.py               563 DEBUG      config file = /root/ansible.cfg
transport.py               563 DEBUG      configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules']
transport.py               563 DEBUG      ansible python module location = /usr/lib/python3.6/site-packages/ansible
transport.py               563 DEBUG      executable location = /usr/bin/ansible-playbook
transport.py               563 DEBUG      python version = 3.6.8 (default, Jun 26 2020, 12:10:09) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
transport.py               563 DEBUG    Using /root/ansible.cfg as config file
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAYBOOK: dns_module.yml *******************************************************
transport.py               563 DEBUG    1 plays in dns_module.yml
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAY [Playbook to modify forward policy from the existing DNS forward zone] ****
transport.py               563 DEBUG    
transport.py               563 DEBUG    TASK [Gathering Facts] *********************************************************
transport.py               563 DEBUG    task path: /root/dns_module.yml:2
transport.py               563 DEBUG    ok: [master.ipadomain.test]
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    
transport.py               563 DEBUG    TASK [ipadnsforwardzone] *******************************************************
transport.py               563 DEBUG    task path: /root/dns_module.yml:7
transport.py               563 DEBUG    changed: [master.ipadomain.test] => {"changed": true, "dnsforwardzone": {}}
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    META: ran handlers
transport.py               563 DEBUG    
transport.py               563 DEBUG    PLAY RECAP *********************************************************************
transport.py               563 DEBUG    master.ipadomain.test      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
transport.py               563 DEBUG    
channel.py                1212 DEBUG    [chan 14] EOF received (14)
channel.py                1212 DEBUG    [chan 14] EOF sent (14)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 69] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 69] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 69 opened.
transport.py               318 INFO     RUN ['kinit', 'admin']
transport.py               519 DEBUG    RUN ['kinit', 'admin']
channel.py                1212 DEBUG    [chan 69] Sesch channel 69 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Password for admin: 
channel.py                1212 DEBUG    [chan 69] EOF received (69)
channel.py                1212 DEBUG    [chan 69] EOF sent (69)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 70] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 70] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 70 opened.
transport.py               318 INFO     RUN ['ipa', 'dnsforwardzone-show', 'policyzone.com']
transport.py               519 DEBUG    RUN ['ipa', 'dnsforwardzone-show', 'policyzone.com']
channel.py                1212 DEBUG    [chan 70] Sesch channel 70 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG      Zone name: policyzone.com.
transport.py               563 DEBUG      Active zone: TRUE
transport.py               563 DEBUG      Zone forwarders: 192.1.22.2
transport.py               563 DEBUG      Forward policy: only
channel.py                1212 DEBUG    [chan 70] EOF received (70)
channel.py                1212 DEBUG    [chan 70] EOF sent (70)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 71] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 71] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 71 opened.
transport.py               318 INFO     RUN ['kdestroy', '-A']
transport.py               519 DEBUG    RUN ['kdestroy', '-A']
channel.py                1212 DEBUG    [chan 71] Sesch channel 71 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py                1212 DEBUG    [chan 71] EOF received (71)
channel.py                1212 DEBUG    [chan 71] EOF sent (71)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 72] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 72] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 72 opened.
transport.py               318 INFO     RUN ['kinit', 'admin']
transport.py               519 DEBUG    RUN ['kinit', 'admin']
channel.py                1212 DEBUG    [chan 72] Sesch channel 72 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    Password for admin: 
channel.py                1212 DEBUG    [chan 72] EOF received (72)
channel.py                1212 DEBUG    [chan 72] EOF sent (72)
transport.py               217 DEBUG    Exit code: 0
channel.py                1212 DEBUG    [chan 73] Max packet in: 32768 bytes
channel.py                1212 DEBUG    [chan 73] Max packet out: 32768 bytes
transport.py              1819 DEBUG    Secsh channel 73 opened.
transport.py               318 INFO     RUN ['ipa', 'dnsforwardzone-del', 'policyzone.com']
transport.py               519 DEBUG    RUN ['ipa', 'dnsforwardzone-del', 'policyzone.com']
channel.py                1212 DEBUG    [chan 73] Sesch channel 73 request ok
transport.py               563 DEBUG    -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py               563 DEBUG    -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py               563 DEBUG    ------------------------------------------
transport.py               563 DEBUG    Deleted DNS forward zone "policyzone.com."
transport.py               563 DEBUG    ------------------------------------------
channel.py                1212 DEBUG    [chan 73] EOF received (73)
channel.py                1212 DEBUG    [chan 73] EOF sent (73)
transport.py               217 DEBUG    Exit code: 0

Comment 12 errata-xmlrpc 2020-11-04 02:46:35 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:4663