Bug 2215623 - RHOSP 17.1 [TLS] ansible-freeipa fails to add PTR record with "DNS zone not found" error
Summary: RHOSP 17.1 [TLS] ansible-freeipa fails to add PTR record with "DNS zone not ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: ansible-tripleo-ipa
Version: 17.1 (Wallaby)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ga
: 17.1
Assignee: Ade Lee
QA Contact: Marian Krcmarik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-06-16 19:10 UTC by Ollie Walsh
Modified: 2023-12-15 04:26 UTC (History)
9 users (show)

Fixed In Version: ansible-tripleo-ipa-0.3.1-1.20230519140960.el9ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-08-16 01:15:43 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 886726 0 None NEW Fix errors with dns records 2023-06-28 08:55:18 UTC
OpenStack gerrit 886727 0 None MERGED Add DNS record module 2023-06-28 08:55:20 UTC
Red Hat Issue Tracker OSP-25858 0 None None None 2023-06-16 19:12:49 UTC
Red Hat Product Errata RHEA-2023:4577 0 None None None 2023-08-16 01:16:19 UTC

Description Ollie Walsh 2023-06-16 19:10:31 UTC 
OSP director operator TLSe CI jobs are failing with a "DNS zone not found" error from ansible-freeipa (https://issues.redhat.com/browse/OSPK8-698) when adding A records with PTR:

    2023-06-14 14:43:40.669860 | 0a580a83-0030-d673-b475-00000000506a |     TIMING | tripleo_ipa_dns : set create_reverse to false for elements of no_reverse_ips | undercloud | 0:09:11.057666 | 0.66s
    2023-06-14 14:43:40.679187 | 0a580a83-0030-d673-b475-00000000506b |       TASK | add dns forward and reverse records
    2023-06-14 14:43:50.672417 | 0a580a83-0030-d673-b475-00000000506b |      FATAL | add dns forward and reverse records | undercloud | error={"changed": false, "msg": "dnsrecord_add: 22.172.in-addr.arpa.: 22.172.in-addr.arpa.: DNS zone not found"}
    2023-06-14 14:43:50.675843 | 0a580a83-0030-d673-b475-00000000506b |     TIMING | tripleo_ipa_dns : add dns forward and reverse records | undercloud | 0:09:21.063635 | 10.00s

I expect this was introduced to https://bugzilla.redhat.com/show_bug.cgi?id=2172534 which re-implemented the logic in tripleo-ipa.

The root cause seems to be an issue in ansible-freeipa where ipadnszone and ipadnsrecord disagree on the zone to use. I can reproduce with a simple playbook:

    - hosts: Undercloud
      name: ansible-freeipa test
      become: true
      tasks:
        - block:
          - name: add reverse zone
            ipadnszone:
              name_from_ip: 192.168.0.1
          - name: add dns forward and reverse records
            ipadnsrecord:
              records:
                - record_name: foo
                  zone_name: ctlplane.osptest.test.metalkube.org
                  record_type: A
                  create_reverse: true
                  a_rec: 192.168.0.1
          environment:
            IPA_HOST: freeipa.test.metalkube.org
            IPA_USER: nova/{{ ansible_facts['fqdn'] }}
            KRB5CCNAME: /etc/novajoin/krb5.cache
            KRB5_CLIENT_KTNAME: FILE:/etc/novajoin/krb5.keytab


sh-5.1$ ansible-playbook -i tripleo-ansible-inventory.yaml test.yaml 

PLAY [ansible-freeipa test] *****************************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************************************
ok: [undercloud]

TASK [add reverse zone] *********************************************************************************************************************************************************************************************
ok: [undercloud]

TASK [add dns forward and reverse records] **************************************************************************************************************************************************************************
fatal: [undercloud]: FAILED! => {"changed": false, "msg": "dnsrecord_add: 168.192.in-addr.arpa.: 168.192.in-addr.arpa.: DNS zone not found"}

PLAY RECAP **********************************************************************************************************************************************************************************************************
undercloud                 : ok=2    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   


[root@freeipa /]# ipa dnszone-find | grep 'Zone name' | grep 192
  Zone name: 0.168.192.in-addr.arpa.

i.e ipadnsrecord tries to add the PTR to the 168.192.in-addr.arpa. zone while ipadnszone created 0.168.192.in-addr.arpa.
Comment 1 Ollie Walsh 2023-06-16 19:14:39 UTC 
Ansible host rpms:
ansible-tripleo-ipa-0.3.1-1.20230519140956.d172570.el9ost.noarch
ansible-freeipa-1.9.2-2.el9_2.noarch

Freeipa server is latest quay.io/freeipa/freeipa-server:centos-8-stream container image.
Comment 8 Ade Lee 2023-06-29 15:19:07 UTC 
Setting QE contact to mkrcmari

This should be tested by director operator, and also in an environment where etcd/dcn is configured.
Comment 18 errata-xmlrpc 2023-08-16 01:15:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:4577
Comment 19 Red Hat Bugzilla 2023-12-15 04:26:21 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days
Note You need to log in before you can comment on or make changes to this bug.