From 331d8e0133b06cea770e1e84994e85c2fedf5aea Mon Sep 17 00:00:00 2001 From: Grzegorz Grasza Date: Thu, 2 Apr 2020 14:56:25 +0200 Subject: [PATCH] Add tripleo_ipa_dns role The new role adds DNS entries, using TripleO's hosts_entry var, which contains host entries in a format similar to /etc/hosts. Change-Id: I91b8d1e67f381da8abe2317f62327e8a5ed4a367 --- requirements.txt | 1 + tox.ini | 1 + tripleo_ipa/molecule/default/converge.yml | 60 +++++++++++++++++ .../molecule/default/tests/test_default.py | 61 +++++++++++++++++ .../roles/tripleo_ipa_dns/defaults/main.yml | 23 +++++++ .../roles/tripleo_ipa_dns/meta/main.yml | 44 ++++++++++++ .../roles/tripleo_ipa_dns/tasks/dns.yaml | 67 +++++++++++++++++++ .../roles/tripleo_ipa_dns/tasks/main.yml | 36 ++++++++++ 8 files changed, 293 insertions(+) create mode 100644 tripleo_ipa/roles/tripleo_ipa_dns/defaults/main.yml create mode 100644 tripleo_ipa/roles/tripleo_ipa_dns/meta/main.yml create mode 100644 tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml create mode 100644 tripleo_ipa/roles/tripleo_ipa_dns/tasks/main.yml diff --git a/requirements.txt b/requirements.txt index 1f16c01..cbe0a9d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ six>=1.10.0 # MIT PyYAML>=3.12 # MIT +netaddr>=0.7.18 # BSD diff --git a/tox.ini b/tox.ini index 920b311..db9b764 100644 --- a/tox.ini +++ b/tox.ini @@ -23,6 +23,7 @@ setenv = ANSIBLE_LIBRARY={toxinidir}/tripleo_ipa/roles.galaxy/config_template/library:{toxinidir}/tripleo_ipa/ansible_plugins/modules ANSIBLE_ROLES_PATH={toxinidir}/tripleo_ipa/roles.galaxy:{toxinidir}/tripleo_ipa/roles deps = + -r {toxinidir}/requirements.txt -r {toxinidir}/molecule-requirements.txt changedir = {toxinidir}/tripleo_ipa commands = molecule test --all diff --git a/tripleo_ipa/molecule/default/converge.yml b/tripleo_ipa/molecule/default/converge.yml index 0ae0d4a..fd1fa21 100644 --- a/tripleo_ipa/molecule/default/converge.yml +++ b/tripleo_ipa/molecule/default/converge.yml @@ -141,3 +141,63 @@ IPA_USER: admin IPA_HOST: ipa.example.test IPA_PASS: password123 + + +- name: Converge - add dns entries + hosts: all + vars: + cloud_domain: ooo.test + hosts_entry: '2001:0db8:85a3:0000:0000:8a2e:0370:7334 foo.ooo.test + + 2001:0db8:85a3:0000:0000:8a2e:0370:7333 foo.ooo.test + + 2001:0db8:85a3:0000:0000:8a2e:0370:7333 bar.ooo.test + + 192.168.24.111 bar.ooo.test + + 192.168.24.1 undercloud.ctlplane.ooo.test undercloud.ctlplane + + 192.168.24.115 overcloud.ctlplane.ooo.test + + 10.0.0.135 overcloud.ooo.test + + 172.17.0.15 overcloud.internalapi.ooo.test + + 172.18.0.231 overcloud.storage.ooo.test + + 172.19.0.164 overcloud.storagemgmt.ooo.test + + 172.17.0.46 overcloud-controller-0.ooo.test overcloud-controller-0 + + 10.0.0.116 overcloud-controller-0.external.ooo.test overcloud-controller-0.external + + 172.17.0.46 overcloud-controller-0.internalapi.ooo.test overcloud-controller-0.internalapi + + 172.18.0.185 overcloud-controller-0.storage.ooo.test overcloud-controller-0.storage + + 172.19.0.107 overcloud-controller-0.storagemgmt.ooo.test overcloud-controller-0.storagemgmt + + 172.16.0.72 overcloud-controller-0.tenant.ooo.test overcloud-controller-0.tenant + + 192.168.24.122 overcloud-controller-0.ctlplane.ooo.test overcloud-controller-0.ctlplane + + + 172.17.0.110 overcloud-novacompute-0.ooo.test overcloud-novacompute-0 + + 172.17.0.110 overcloud-novacompute-0.internalapi.ooo.test overcloud-novacompute-0.internalapi + + 172.18.0.243 overcloud-novacompute-0.storage.ooo.test overcloud-novacompute-0.storage + + 172.16.0.195 overcloud-novacompute-0.tenant.ooo.test overcloud-novacompute-0.tenant + + 192.168.24.128 overcloud-novacompute-0.ctlplane.ooo.test overcloud-novacompute-0.ctlplane + + + + ' + roles: + - name: tripleo_ipa_dns + environment: + IPA_USER: admin + IPA_HOST: ipa.example.test + IPA_PASS: password123 diff --git a/tripleo_ipa/molecule/default/tests/test_default.py b/tripleo_ipa/molecule/default/tests/test_default.py index c6a5f8c..8e7a2bd 100644 --- a/tripleo_ipa/molecule/default/tests/test_default.py +++ b/tripleo_ipa/molecule/default/tests/test_default.py @@ -1,3 +1,4 @@ +import ipaddress import os import pytest @@ -166,3 +167,63 @@ def test_services(host, service, subhost): 'Roles: Nova Host Manager' in result assert 'Managed by: test-0.{}.example.test, test-0.example.test'.format( subhost) in result + + +@pytest.mark.parametrize('ip, name', [ + ('2001:0db8:85a3:0000:0000:8a2e:0370:7333', 'foo'), + ('2001:0db8:85a3:0000:0000:8a2e:0370:7333', 'bar'), + ('192.168.24.111', 'bar'), + ('192.168.24.1', 'undercloud.ctlplane'), + ('192.168.24.115', 'overcloud.ctlplane'), + ('10.0.0.135', 'overcloud'), + ('172.17.0.15', 'overcloud.internalapi'), + ('172.18.0.231', 'overcloud.storage'), + ('172.19.0.164', 'overcloud.storagemgmt'), + ('172.17.0.46', 'overcloud-controller-0'), + ('10.0.0.116', 'overcloud-controller-0.external'), + ('172.17.0.46', 'overcloud-controller-0.internalapi'), + ('172.18.0.185', 'overcloud-controller-0.storage'), + ('172.19.0.107', 'overcloud-controller-0.storagemgmt'), + ('172.16.0.72', 'overcloud-controller-0.tenant'), + ('192.168.24.122', 'overcloud-controller-0.ctlplane'), + ('172.17.0.110', 'overcloud-novacompute-0'), + ('172.17.0.110', 'overcloud-novacompute-0.internalapi'), + ('172.18.0.243', 'overcloud-novacompute-0.storage'), + ('172.16.0.195', 'overcloud-novacompute-0.tenant'), + ('192.168.24.128', 'overcloud-novacompute-0.ctlplane')]) +def test_dns(host, ip, name): + result = host.check_output( + 'ipa dnsrecord-find ooo.test --name={}'.format( + name)) + assert 'record: {}'.format(ip) in result + + +@pytest.mark.parametrize('ip, name', [ + ('2001:0db8:85a3:0000:0000:8a2e:0370:7334', 'foo'), + ('2001:0db8:85a3:0000:0000:8a2e:0370:7333', 'bar'), + ('192.168.24.111', 'bar'), + ('192.168.24.1', 'undercloud.ctlplane'), + ('192.168.24.115', 'overcloud.ctlplane'), + ('10.0.0.135', 'overcloud'), + ('172.17.0.15', 'overcloud.internalapi'), + ('172.18.0.231', 'overcloud.storage'), + ('172.19.0.164', 'overcloud.storagemgmt'), + ('172.17.0.46', 'overcloud-controller-0'), + ('10.0.0.116', 'overcloud-controller-0.external'), + ('172.17.0.46', 'overcloud-controller-0.internalapi'), + ('172.18.0.185', 'overcloud-controller-0.storage'), + ('172.19.0.107', 'overcloud-controller-0.storagemgmt'), + ('172.16.0.72', 'overcloud-controller-0.tenant'), + ('192.168.24.122', 'overcloud-controller-0.ctlplane'), + ('172.17.0.110', 'overcloud-novacompute-0'), + ('172.17.0.110', 'overcloud-novacompute-0.internalapi'), + ('172.18.0.243', 'overcloud-novacompute-0.storage'), + ('172.16.0.195', 'overcloud-novacompute-0.tenant'), + ('192.168.24.128', 'overcloud-novacompute-0.ctlplane')]) +def test_reverse_dns(host, ip, name): + reverse = ipaddress.ip_address(ip).reverse_pointer + record, zone = reverse.split('.', 1) + result = host.check_output( + 'ipa dnsrecord-find {} --name={}'.format( + zone, record)) + assert 'record: {}'.format(name) in result diff --git a/tripleo_ipa/roles/tripleo_ipa_dns/defaults/main.yml b/tripleo_ipa/roles/tripleo_ipa_dns/defaults/main.yml new file mode 100644 index 0000000..a24b7b9 --- /dev/null +++ b/tripleo_ipa/roles/tripleo_ipa_dns/defaults/main.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should place placed in this file. + +# All variables within this role should have a prefix of "tripleo_ipa" + +tripleo_ipa_ptr_zone_split_ipv4: 1 +tripleo_ipa_ptr_zone_split_ipv6: 1 diff --git a/tripleo_ipa/roles/tripleo_ipa_dns/meta/main.yml b/tripleo_ipa/roles/tripleo_ipa_dns/meta/main.yml new file mode 100644 index 0000000..53c0186 --- /dev/null +++ b/tripleo_ipa/roles/tripleo_ipa_dns/meta/main.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo_ipa_dns + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml new file mode 100644 index 0000000..b5f0987 --- /dev/null +++ b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml @@ -0,0 +1,67 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: set record_value and record_name + set_fact: + record_value: "{{ item.split()[0] }}" + record_name: "{{ item.split()[1]|regex_replace('(.*).' + cloud_domain + '$', '\\1') }}" + +- name: set record type + set_fact: + record_type: "{{ 'A' if record_value| ipv4 else 'AAAA' }}" + +- name: get reverse record data + set_fact: + reverse_addr: "{{ record_value | ipaddr('revdns') }}" + +- name: set reverse record entries for ipv4 + set_fact: + reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4)[-1] }}" + reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4)[:-1]) }}" + when: record_type == 'A' + +- name: set reverse record entries for ipv6 + set_fact: + reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6)[-1] }}" + reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6)[:-1]) }}" + when: record_type == 'AAAA' + +- name: add forward dns record + ipa_dnsrecord: + zone_name: "{{ cloud_domain }}" + record_name: "{{ record_name }}" + record_type: "{{ record_type }}" + record_value: "{{ record_value }}" + +- name: add reverse record dns zone + ipa_dnszone: + zone_name: "{{ reverse_record_zone }}" + register: reverse_zone_result + failed_when: + - "'zone' not in reverse_zone_result" + - "'already exists in DNS' not in reverse_zone_result.msg" + +- name: add reverse dns record + ipa_dnsrecord: + zone_name: "{{ reverse_record_zone }}" + record_name: "{{ reverse_record_name }}" + record_value: "{{ record_name }}.{{ cloud_domain }}." + record_type: "PTR" + register: reverse_record_result + failed_when: + - "'record' not in reverse_record_result" + - "'DNS zone not found' not in reverse_record_result.msg" diff --git a/tripleo_ipa/roles/tripleo_ipa_dns/tasks/main.yml b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/main.yml new file mode 100644 index 0000000..6250c0a --- /dev/null +++ b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/main.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# This role adds a host entries to FreeIPA, as defined in the host_entry variable. +# +# The following variables are required: +# - cloud_domain (Base domain, eg. example.com) +# - host_entry (host entries string, in a format similar to /etc/hosts) + + +- name: split host entries + set_fact: + hosts_entries_list: "{{ hosts_entry.splitlines() }}" + +- name: add cloud_domain dns zone + ipa_dnszone: + zone_name: "{{ cloud_domain }}" + +- name: add dns records + include_tasks: + file: dns.yaml + loop: "{{ hosts_entries_list }}" + when: item != ''