CNAMES and Mutli-IP entries not working after recent commit

[gergnz]

Looks like this commit: 9e1eebb no longer allows CNAMES or multiple IP addresses to work.

[blofeldthefish]

Hi @gergnz,

Can you provide examples of what was working, and what is no longer working. In the various test runs I have attempted, I can't find an issue with the commit you mentioned...

Regards,

[gergnz]

Hi @blofeldthefish,
Thanks for taking the time to look.

Playbook:

  - hosts: s2s-certbot-01
    gather_facts: yes
    become: yes
    roles:
      - bertvv.bind

vars:

---
bind_zone_master_server_ip: 172.17.7.13
bind_zone_name: foobar.com.au
bind_recursion: yes
bind_zone_networks:
  - 172.17.7
bind_listen_ipv4:
  - 'any'
bind_allow_query:
  - 'any'
bind_zone_mail_servers:
  - name: mail-01
    preference: 5
bind_zone_hosts:
  - name: s2s-certbot-01
    ip:
      172.17.7.13
  - name: time
    ip:
      - 172.17.7.3
      - 172.17.7.4
  - name: ghs.google.com.
    aliases:
      - mail

Ansible and Python Details

ansible 2.3.0.0
  config file = /Users/gregc/Scratch/dev/s2s/ansible/ansible.cfg
  configured module search path = Default w/o overrides
  python version = 2.7.13 (default, Dec 17 2016, 23:03:43) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.42.1)]

Error:

failed: [s2s-certbot-01] (item=172.17.7) => {"failed": true, "item": "172.17.7", "msg": "AnsibleError: Unexpected templating type error occurred on ({#\n #  First create a dict holding the entire zone information and create a hash\n #  from it, that it can be compared with subsequent task executions. In this\n #  way the serial will only be updated if there are some content changes.\n #}\n{% set _zone_data = {} %}\n{% set _ = _zone_data.update({'ttl': bind_zone_ttl}) %}\n{% set _ = _zone_data.update({'domain': bind_zone_name }) %}\n{% set _ = _zone_data.update({'mname': bind_zone_name_servers}) %}\n{% set _ = _zone_data.update({'aname': bind_other_name_servers}) %}\n{% set _ = _zone_data.update({'rname': (( bind_zone_hostmaster_email)) + ('' if (bind_zone_hostmaster_email | search('\\.')) else ('.' + _zone_data['domain']))}) %}\n{% set _ = _zone_data.update({'refresh': bind_zone_time_to_refresh}) %}\n{% set _ = _zone_data.update({'retry': bind_zone_time_to_retry}) %}\n{% set _ = _zone_data.update({'expire': bind_zone_time_to_expire}) %}\n{% set _ = _zone_data.update({'minimum': bind_zone_minimum_ttl}) %}\n{% set _ = _zone_data.update({'hosts': bind_zone_hosts | selectattr('ip', 'search', '^'+item) | list }) %} \n{% set _ = _zone_data.update({'revip': ('.'.join(item.replace(item+'.','').split('.')[::-1])) }) %}\n{#\n #  Compare the zone file hash with the current zone data hash and set serial\n #  accordingly\n #}\n{% set _zone = {'hash': _zone_data | string | hash('md5')} %}\n{% for _result in reverse_hashes.results %}\n{%   if (item in _result.item ) %}\n{%     set _hash_serial = _result.stdout.split(' ')[2:] %}\n{%     if _hash_serial and _hash_serial[0] == _zone['hash'] %}\n{%       set _ = _zone.update({'serial': _hash_serial[1]}) %}\n{%     else %}\n{%       set _ = _zone.update({'serial': timestamp.stdout}) %}\n{%     endif %}\n{%   endif %}\n{% endfor %}\n{#\n #  Eventually output the zone data\n #}\n; Hash: {{ _zone['hash'] }} {{ _zone['serial'] }}\n; Reverse zone file for {{ _zone_data['domain'] }}\n; {{ ansible_managed }}\n; vi: ft=bindzone\n\n$TTL {{ _zone_data['ttl'] }}\n$ORIGIN {{ ('.'.join(item.replace(item+'.','').split('.')[::-1])) }}.in-addr.arpa.\n\n{% if _zone_data['mname']|length > 0 %}\n@ IN SOA {{ _zone_data['mname']|first }}.{{ _zone_data['domain'] }}. {{ _zone_data['rname'] }}. (\n{% else %}\n@ IN SOA {{ ansible_hostname }}.{{ _zone_data['domain'] }}. {{ _zone_data['rname'] }}. (\n{% endif %}\n  {{ _zone['serial'] }}\n  {{ _zone_data['refresh'] }}\n  {{ _zone_data['retry'] }}\n  {{ _zone_data['expire'] }}\n  {{ _zone_data['minimum'] }} )\n\n{% if _zone_data['mname']|length > 0 %}\n{% for ns in _zone_data['mname'] %}\n                 IN  NS   {{ ns }}.{{ _zone_data['domain'] }}.\n{% endfor %}\n{% else %}\n                 IN  NS   {{ ansible_hostname }}.{{ _zone_data['domain'] }}.\n{% endif %}\n{% for ns in _zone_data['aname'] %}\n                 IN  NS   {{ ns }}.\n{% endfor %}\n\n{% if _zone_data['hosts']|length > 0 %}\n{% for host in _zone_data['hosts'] %}\n{% if host.ip is defined %}\n{% if host.ip == item %}\n@                IN  PTR  {{ host.name }}.{{ _zone_data['domain'] }}.\n{% else %}\n{% if host.ip is string and host.ip.startswith(item) %}\n{% if host.name == '@' %}\n{{ ('.'.join(host.ip.replace(item+'.','').split('.')[::-1])).ljust(16) }} IN  PTR  {{ _zone_data['domain'] }}.\n{% else %}\n{{ ('.'.join(host.ip.replace(item+'.','').split('.')[::-1])).ljust(16) }} IN  PTR  {{ host.name }}.{{ _zone_data['domain'] }}.\n{% endif %}\n{% else %}\n{% for ip in host.ip %}\n{% if ip.startswith(item) %}\n{{ ('.'.join(ip.replace(item+'.','').split('.')[::-1])).ljust(16) }} IN  PTR  {{ _zone_data['domain'] }}.\n{% if host.name == '@' %}\n{% else %}\n{{ ('.'.join(ip.replace(item+'.','').split('.')[::-1])).ljust(16) }} IN  PTR  {{ host.name }}.{{ _zone_data['domain'] }}.\n{% endif %}\n{% endif %}\n{% endfor %}\n{% endif %}\n{% endif %}\n{% endif %}\n{% endfor %}\n{% else %}\n{{ ('.'.join(ansible_default_ipv4.address.replace(item+'.','').split('.')[::-1])).ljust(16) }} IN  PTR  {{ ansible_hostname }}.{{ _zone_data['domain'] }}.\n{% endif %}\n{# vim: ft=text\n#}\n): expected string or buffer"}

Target system is RHEL7

If I change:

{% set _ = _zone_data.update({'hosts': bind_zone_hosts | selectattr('ip', 'search', '^'+item) | list }) %} 

back to:

{% set _ = _zone_data.update({'hosts': bind_zone_hosts %}

the yaml vars file works and we get a reverse_zone file.

Let me know if there's something else I can help with or test.

[gergnz]

Hi @blofeldthefish,

If I change the line to this (e.g. add a test for defined and type string) it works. Would you like a PR?

{% set _ = _zone_data.update({'hosts': bind_zone_hosts | selectattr('ip', 'defined') | selectattr('ip', 'string') | selectattr('ip', 'search', '^'+item) | list }) %} 

[blofeldthefish]

Hi @gergnz

Thanks for looking at this further. I am only a contributor to this role, I don't have ownership/write permissions. I am happy for you to do a PR for your change (I have a PR in with @bertvv from when I found a similar issue with IPv6 reverse zones...). I obviously need to expand my own test suite somewhat ;-), but refactoring for completely idempotent zone files , has meant some additional issues have crept in... (still working on an additional fix so that when aliases/cnames are adjusted, reverse zone files don't get re-generated if there are no other changes) I will hopefully be able to do a PR, when time allows to continue working on it!

Thanks.