Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upSupport one to many A records in nsupdate module #25620
Conversation
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
ansibot
added
affects_2.4
community_review
feature_pull_request
module
needs_triage
net_tools
labels
Jun 12, 2017
bcoca
removed
the
needs_triage
label
Jun 12, 2017
ansibot
added
stale_ci
support:community
labels
Jun 23, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
andreaso
Jul 7, 2017
Contributor
First of all, I'm all for the value parameter being a list, it mapping much better to the DNS concept of RRsets.
That said; I think the implementation could benefit from some improvement, given how it now repeats itself network wise.
Assuming the following task.
- nsupdate:
key_name: corrino-halleck
key_secret: ...
server: halleck.arrakis.se.
zone: vag.arrakis.se.
record: p3t
state: present
value: ['127.0.53.2', '127.0.53.3', '127.0.53.4']This is what the DNS master sees.
key corrino-halleck: signer "corrino-halleck" approved
key corrino-halleck: updating zone 'vag.arrakis.se/IN': update unsuccessful: p3t.vag.arrakis.se/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
key corrino-halleck: updating zone 'vag.arrakis.se/IN': update unsuccessful: p3t.vag.arrakis.se/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
key corrino-halleck: updating zone 'vag.arrakis.se/IN': update unsuccessful: p3t.vag.arrakis.se/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
key corrino-halleck: signer "corrino-halleck" approved
key corrino-halleck: updating zone 'vag.arrakis.se/IN': deleting rrset at 'p3t.vag.arrakis.se' A
key corrino-halleck: updating zone 'vag.arrakis.se/IN': adding an RR at 'p3t.vag.arrakis.se' A 127.0.53.2
key corrino-halleck: signer "corrino-halleck" approved
key corrino-halleck: updating zone 'vag.arrakis.se/IN': deleting rrset at 'p3t.vag.arrakis.se' A
key corrino-halleck: updating zone 'vag.arrakis.se/IN': adding an RR at 'p3t.vag.arrakis.se' A 127.0.53.2
key corrino-halleck: updating zone 'vag.arrakis.se/IN': adding an RR at 'p3t.vag.arrakis.se' A 127.0.53.3
key corrino-halleck: signer "corrino-halleck" approved
key corrino-halleck: updating zone 'vag.arrakis.se/IN': deleting rrset at 'p3t.vag.arrakis.se' A
key corrino-halleck: updating zone 'vag.arrakis.se/IN': adding an RR at 'p3t.vag.arrakis.se' A 127.0.53.2
key corrino-halleck: updating zone 'vag.arrakis.se/IN': adding an RR at 'p3t.vag.arrakis.se' A 127.0.53.3
key corrino-halleck: updating zone 'vag.arrakis.se/IN': adding an RR at 'p3t.vag.arrakis.se' A 127.0.53.4
Depending on timing factors, how the DNS master is configured, etc this also has the potential of triggering multiple zone transfers.
|
First of all, I'm all for the That said; I think the implementation could benefit from some improvement, given how it now repeats itself network wise. Assuming the following task. - nsupdate:
key_name: corrino-halleck
key_secret: ...
server: halleck.arrakis.se.
zone: vag.arrakis.se.
record: p3t
state: present
value: ['127.0.53.2', '127.0.53.3', '127.0.53.4']This is what the DNS master sees. Depending on timing factors, how the DNS master is configured, etc this also has the potential of triggering multiple zone transfers. |
ansibot
added
support:core
and removed
community_review
module
labels
Jul 7, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
rafi
Jul 11, 2017
Nicely done!
In the EXAMPLES & RETURN variables, the value should be set as a list.
rafi
commented
Jul 11, 2017
|
Nicely done! |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
dcritch
Jul 13, 2017
Contributor
Thanks!
I've updated the EXAMPLES and RETURNS section.
@andreaso any suggestions on how I could improve it and not trigger all the updates?
|
Thanks! I've updated the EXAMPLES and RETURNS section. @andreaso any suggestions on how I could improve it and not trigger all the updates? |
ansibot
added
community_review
module
and removed
stale_ci
labels
Jul 13, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
nerzhul
Jul 15, 2017
Contributor
sounds interesting. Does the regular behaviour using a string instead of a list works or does this converts myvalue to [m,y,v,a,l,u,e] ?
|
sounds interesting. Does the regular behaviour using a string instead of a list works or does this converts myvalue to [m,y,v,a,l,u,e] ? |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
dcritch
Jul 16, 2017
Contributor
Yes, the regular behaviour is still there so if you give it just one string, its just a one element list.
|
Yes, the regular behaviour is still there so if you give it just one string, its just a one element list. |
ansibot
added
the
stale_ci
label
Jul 24, 2017
| self.module.fail_json(msg='value needed when state=present') | ||
| except dns.exception.SyntaxError: | ||
| self.module.fail_json(msg='Invalid/malformed value') | ||
| response = self.__do_update(update) |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
andreaso
Aug 15, 2017
Contributor
Here we have the cause of the repetition problem I complained about in a previous comment.
It's all about the indention level. You want to trigger the update outside the loop, after the full changeset has been generated. Just like it's being done in the create_record method, which does work as intended.
Sorry about taking so long in getting back to you.
andreaso
Aug 15, 2017
Contributor
Here we have the cause of the repetition problem I complained about in a previous comment.
It's all about the indention level. You want to trigger the update outside the loop, after the full changeset has been generated. Just like it's being done in the create_record method, which does work as intended.
Sorry about taking so long in getting back to you.
ansibot
removed
the
support:core
label
Aug 23, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
dcritch
Aug 30, 2017
Contributor
@andreaso thanks! I see it and have made the change. And my apologies for the delay on my side, was on vacation for a bit :)
|
@andreaso thanks! I see it and have made the change. And my apologies for the delay on my side, was on vacation for a bit :) |
ansibot
removed
the
stale_ci
label
Aug 30, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
andreaso
Aug 31, 2017
Contributor
@dcritch Yepp, that fixed that issue!
Taking a closer look at the patch I see that the same indentation fix also should be applied to these two lines, taking them out of the for loop.
https://github.com/dcritch/ansible/blob/ae7a64e/lib/ansible/modules/net_tools/nsupdate.py#L324-L325
|
@dcritch Yepp, that fixed that issue! Taking a closer look at the patch I see that the same indentation fix also should be applied to these two lines, taking them out of the for loop. https://github.com/dcritch/ansible/blob/ae7a64e/lib/ansible/modules/net_tools/nsupdate.py#L324-L325 |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
nerzhul
Aug 31, 2017
Contributor
@andreaso we missed the 2.4 window merge, sorry for the delay i was a little bit too busy these days to make this PR merged :( (and i need it too)
|
@andreaso we missed the 2.4 window merge, sorry for the delay i was a little bit too busy these days to make this PR merged :( (and i need it too) |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
andreaso
Aug 31, 2017
Contributor
Seems like all of us involved in this ticket have been a bit busy/slow :-)
|
Seems like all of us involved in this ticket have been a bit busy/slow :-) |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
dcritch
Aug 31, 2017
Contributor
@andreaso yup... my understanding of the python dns module was a little naive, but it all makes sense now. Change has been made. Thanks!
|
@andreaso yup... my understanding of the python dns module was a little naive, but it all makes sense now. Change has been made. Thanks! |
ansibot
added
the
stale_ci
label
Sep 9, 2017
andreaso
referenced this pull request
Sep 10, 2017
Open
Add `append` as state to nsupdate module #28993
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
shipit |
nerzhul
approved these changes
Sep 13, 2017
Tested on Debian 9 works great, nice job
test cases:
- new record
- record + 1 entry
- record - 1 entry
- record + 2 entries
- modify entry 2
- record - 2 entries
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
rebuild_merge |
ansibot
removed
the
stale_ci
label
Sep 13, 2017
ansibot
merged commit e462e3b
into
ansible:devel
Sep 13, 2017
1 check passed
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Awesome. Thanks everyone for the feedback and getting it merged! |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
nerzhul
Sep 14, 2017
Contributor
No problem i will try to be more reactive especially before a RC feature freeze :p
|
No problem i will try to be more reactive especially before a RC feature freeze :p |
pushed a commit
to prasadkatti/ansible
that referenced
this pull request
Oct 1, 2017
added a commit
to BondAnthony/ansible
that referenced
this pull request
Oct 5, 2017
pushed a commit
to KMK-ONLINE/ansible
that referenced
this pull request
Oct 6, 2017
dcritch commentedJun 12, 2017
•
edited
Updating the nsupdate module to accept a list for 'value' instead
of a string. This is to allow manipulating 1:many DNS records.
A string can still be supplied so it should be backwards compatible.
Addresses issue #25554
SUMMARY
There are certain use cases where one would want a one to many mapping of A records. For instance, in a kubernetes or OpenShift environment with a load balanced router, a wildcard DNS entry is required.
The current version of the module will overwrite entries rather than manage this type of record.
Fixes #25554
ISSUE TYPE
COMPONENT NAME
nsupdate
ANSIBLE VERSION
ADDITIONAL INFORMATION
I've tested the module successfully. An example play would be: