-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CNAMES and Mutli-IP entries not working after recent commit #32
Comments
Hi @gergnz, Can you provide examples of what was working, and what is no longer working. In the various test runs I have attempted, I can't find an issue with the commit you mentioned... Regards, |
Hi @blofeldthefish, Playbook: - hosts: s2s-certbot-01
gather_facts: yes
become: yes
roles:
- bertvv.bind vars: ---
bind_zone_master_server_ip: 172.17.7.13
bind_zone_name: foobar.com.au
bind_recursion: yes
bind_zone_networks:
- 172.17.7
bind_listen_ipv4:
- 'any'
bind_allow_query:
- 'any'
bind_zone_mail_servers:
- name: mail-01
preference: 5
bind_zone_hosts:
- name: s2s-certbot-01
ip:
172.17.7.13
- name: time
ip:
- 172.17.7.3
- 172.17.7.4
- name: ghs.google.com.
aliases:
- mail Ansible and Python Details ansible 2.3.0.0
config file = /Users/gregc/Scratch/dev/s2s/ansible/ansible.cfg
configured module search path = Default w/o overrides
python version = 2.7.13 (default, Dec 17 2016, 23:03:43) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.42.1)] Error: failed: [s2s-certbot-01] (item=172.17.7) => {"failed": true, "item": "172.17.7", "msg": "AnsibleError: Unexpected templating type error occurred on ({#\n # First create a dict holding the entire zone information and create a hash\n # from it, that it can be compared with subsequent task executions. In this\n # way the serial will only be updated if there are some content changes.\n #}\n{% set _zone_data = {} %}\n{% set _ = _zone_data.update({'ttl': bind_zone_ttl}) %}\n{% set _ = _zone_data.update({'domain': bind_zone_name }) %}\n{% set _ = _zone_data.update({'mname': bind_zone_name_servers}) %}\n{% set _ = _zone_data.update({'aname': bind_other_name_servers}) %}\n{% set _ = _zone_data.update({'rname': (( bind_zone_hostmaster_email)) + ('' if (bind_zone_hostmaster_email | search('\\.')) else ('.' + _zone_data['domain']))}) %}\n{% set _ = _zone_data.update({'refresh': bind_zone_time_to_refresh}) %}\n{% set _ = _zone_data.update({'retry': bind_zone_time_to_retry}) %}\n{% set _ = _zone_data.update({'expire': bind_zone_time_to_expire}) %}\n{% set _ = _zone_data.update({'minimum': bind_zone_minimum_ttl}) %}\n{% set _ = _zone_data.update({'hosts': bind_zone_hosts | selectattr('ip', 'search', '^'+item) | list }) %} \n{% set _ = _zone_data.update({'revip': ('.'.join(item.replace(item+'.','').split('.')[::-1])) }) %}\n{#\n # Compare the zone file hash with the current zone data hash and set serial\n # accordingly\n #}\n{% set _zone = {'hash': _zone_data | string | hash('md5')} %}\n{% for _result in reverse_hashes.results %}\n{% if (item in _result.item ) %}\n{% set _hash_serial = _result.stdout.split(' ')[2:] %}\n{% if _hash_serial and _hash_serial[0] == _zone['hash'] %}\n{% set _ = _zone.update({'serial': _hash_serial[1]}) %}\n{% else %}\n{% set _ = _zone.update({'serial': timestamp.stdout}) %}\n{% endif %}\n{% endif %}\n{% endfor %}\n{#\n # Eventually output the zone data\n #}\n; Hash: {{ _zone['hash'] }} {{ _zone['serial'] }}\n; Reverse zone file for {{ _zone_data['domain'] }}\n; {{ ansible_managed }}\n; vi: ft=bindzone\n\n$TTL {{ _zone_data['ttl'] }}\n$ORIGIN {{ ('.'.join(item.replace(item+'.','').split('.')[::-1])) }}.in-addr.arpa.\n\n{% if _zone_data['mname']|length > 0 %}\n@ IN SOA {{ _zone_data['mname']|first }}.{{ _zone_data['domain'] }}. {{ _zone_data['rname'] }}. (\n{% else %}\n@ IN SOA {{ ansible_hostname }}.{{ _zone_data['domain'] }}. {{ _zone_data['rname'] }}. (\n{% endif %}\n {{ _zone['serial'] }}\n {{ _zone_data['refresh'] }}\n {{ _zone_data['retry'] }}\n {{ _zone_data['expire'] }}\n {{ _zone_data['minimum'] }} )\n\n{% if _zone_data['mname']|length > 0 %}\n{% for ns in _zone_data['mname'] %}\n IN NS {{ ns }}.{{ _zone_data['domain'] }}.\n{% endfor %}\n{% else %}\n IN NS {{ ansible_hostname }}.{{ _zone_data['domain'] }}.\n{% endif %}\n{% for ns in _zone_data['aname'] %}\n IN NS {{ ns }}.\n{% endfor %}\n\n{% if _zone_data['hosts']|length > 0 %}\n{% for host in _zone_data['hosts'] %}\n{% if host.ip is defined %}\n{% if host.ip == item %}\n@ IN PTR {{ host.name }}.{{ _zone_data['domain'] }}.\n{% else %}\n{% if host.ip is string and host.ip.startswith(item) %}\n{% if host.name == '@' %}\n{{ ('.'.join(host.ip.replace(item+'.','').split('.')[::-1])).ljust(16) }} IN PTR {{ _zone_data['domain'] }}.\n{% else %}\n{{ ('.'.join(host.ip.replace(item+'.','').split('.')[::-1])).ljust(16) }} IN PTR {{ host.name }}.{{ _zone_data['domain'] }}.\n{% endif %}\n{% else %}\n{% for ip in host.ip %}\n{% if ip.startswith(item) %}\n{{ ('.'.join(ip.replace(item+'.','').split('.')[::-1])).ljust(16) }} IN PTR {{ _zone_data['domain'] }}.\n{% if host.name == '@' %}\n{% else %}\n{{ ('.'.join(ip.replace(item+'.','').split('.')[::-1])).ljust(16) }} IN PTR {{ host.name }}.{{ _zone_data['domain'] }}.\n{% endif %}\n{% endif %}\n{% endfor %}\n{% endif %}\n{% endif %}\n{% endif %}\n{% endfor %}\n{% else %}\n{{ ('.'.join(ansible_default_ipv4.address.replace(item+'.','').split('.')[::-1])).ljust(16) }} IN PTR {{ ansible_hostname }}.{{ _zone_data['domain'] }}.\n{% endif %}\n{# vim: ft=text\n#}\n): expected string or buffer"} Target system is RHEL7 If I change: {% set _ = _zone_data.update({'hosts': bind_zone_hosts | selectattr('ip', 'search', '^'+item) | list }) %} back to: {% set _ = _zone_data.update({'hosts': bind_zone_hosts %} the yaml vars file works and we get a reverse_zone file. Let me know if there's something else I can help with or test. |
Hi @blofeldthefish, If I change the line to this (e.g. add a test for defined and type string) it works. Would you like a PR? {% set _ = _zone_data.update({'hosts': bind_zone_hosts | selectattr('ip', 'defined') | selectattr('ip', 'string') | selectattr('ip', 'search', '^'+item) | list }) %} |
Hi @gergnz Thanks for looking at this further. I am only a contributor to this role, I don't have ownership/write permissions. I am happy for you to do a PR for your change (I have a PR in with @bertvv from when I found a similar issue with IPv6 reverse zones...). I obviously need to expand my own test suite somewhat ;-), but refactoring for completely idempotent zone files , has meant some additional issues have crept in... (still working on an additional fix so that when aliases/cnames are adjusted, reverse zone files don't get re-generated if there are no other changes) I will hopefully be able to do a PR, when time allows to continue working on it! Thanks. |
improve tests for ip, resolves issue #32
Looks like this commit: 9e1eebb no longer allows CNAMES or multiple IP addresses to work.
The text was updated successfully, but these errors were encountered: