From bd752a79c2559c493ee8eff5e6cf3af27af0a86d Mon Sep 17 00:00:00 2001
From: "Dave Wilde (d34dh0r53)" <cdwilde@gmail.com>
Date: Fri, 3 Apr 2020 13:38:19 -0500
Subject: [PATCH] Adjust dns zone data format and add perms

We're actually being given a list now so no need to splitlines.  This
also adds the correct permissions to the IPA server so that we can add
and modify the DNS zones.

Change-Id: Ic4bfba59b473252b7d905a16f933b8ac80798d9e
---
 tripleo_ipa/molecule/default/converge.yml     | 71 ++++++-------------
 .../roles/tripleo_ipa_dns/tasks/dns.yaml      |  8 +--
 .../roles/tripleo_ipa_dns/tasks/main.yml      |  7 +-
 .../roles/tripleo_ipa_setup/tasks/setup.yml   |  1 +
 4 files changed, 29 insertions(+), 58 deletions(-)

diff --git a/tripleo_ipa/molecule/default/converge.yml b/tripleo_ipa/molecule/default/converge.yml
index fd1fa21..3abba0e 100644
--- a/tripleo_ipa/molecule/default/converge.yml
+++ b/tripleo_ipa/molecule/default/converge.yml
@@ -147,54 +147,29 @@
   hosts: all
   vars:
     cloud_domain: ooo.test
-    hosts_entry: '2001:0db8:85a3:0000:0000:8a2e:0370:7334 foo.ooo.test
-
-  2001:0db8:85a3:0000:0000:8a2e:0370:7333 foo.ooo.test
-
-  2001:0db8:85a3:0000:0000:8a2e:0370:7333 bar.ooo.test
-
-  192.168.24.111 bar.ooo.test
-
-  192.168.24.1 undercloud.ctlplane.ooo.test undercloud.ctlplane
-
-  192.168.24.115  overcloud.ctlplane.ooo.test
-
-  10.0.0.135  overcloud.ooo.test
-
-  172.17.0.15  overcloud.internalapi.ooo.test
-
-  172.18.0.231  overcloud.storage.ooo.test
-
-  172.19.0.164  overcloud.storagemgmt.ooo.test
-
-  172.17.0.46 overcloud-controller-0.ooo.test overcloud-controller-0
-
-  10.0.0.116 overcloud-controller-0.external.ooo.test overcloud-controller-0.external
-
-  172.17.0.46 overcloud-controller-0.internalapi.ooo.test overcloud-controller-0.internalapi
-
-  172.18.0.185 overcloud-controller-0.storage.ooo.test overcloud-controller-0.storage
-
-  172.19.0.107 overcloud-controller-0.storagemgmt.ooo.test overcloud-controller-0.storagemgmt
-
-  172.16.0.72 overcloud-controller-0.tenant.ooo.test overcloud-controller-0.tenant
-
-  192.168.24.122 overcloud-controller-0.ctlplane.ooo.test overcloud-controller-0.ctlplane
-
-
-  172.17.0.110 overcloud-novacompute-0.ooo.test overcloud-novacompute-0
-
-  172.17.0.110 overcloud-novacompute-0.internalapi.ooo.test overcloud-novacompute-0.internalapi
-
-  172.18.0.243 overcloud-novacompute-0.storage.ooo.test overcloud-novacompute-0.storage
-
-  172.16.0.195 overcloud-novacompute-0.tenant.ooo.test overcloud-novacompute-0.tenant
-
-  192.168.24.128 overcloud-novacompute-0.ctlplane.ooo.test overcloud-novacompute-0.ctlplane
-
-
-
-    '
+    hosts_entry:
+      - 2001:0db8:85a3:0000:0000:8a2e:0370:7334 foo.ooo.test
+      - 2001:0db8:85a3:0000:0000:8a2e:0370:7333 foo.ooo.test
+      - 2001:0db8:85a3:0000:0000:8a2e:0370:7333 bar.ooo.test
+      - 192.168.24.111 bar.ooo.test
+      - 192.168.24.1 undercloud.ctlplane.ooo.test undercloud.ctlplane
+      - 192.168.24.115  overcloud.ctlplane.ooo.test
+      - 10.0.0.135  overcloud.ooo.test
+      - 172.17.0.15  overcloud.internalapi.ooo.test
+      - 172.18.0.231  overcloud.storage.ooo.test
+      - 172.19.0.164  overcloud.storagemgmt.ooo.test
+      - 172.17.0.46 overcloud-controller-0.ooo.test overcloud-controller-0
+      - 10.0.0.116 overcloud-controller-0.external.ooo.test overcloud-controller-0.external
+      - 172.17.0.46 overcloud-controller-0.internalapi.ooo.test overcloud-controller-0.internalapi
+      - 172.18.0.185 overcloud-controller-0.storage.ooo.test overcloud-controller-0.storage
+      - 172.19.0.107 overcloud-controller-0.storagemgmt.ooo.test overcloud-controller-0.storagemgmt
+      - 172.16.0.72 overcloud-controller-0.tenant.ooo.test overcloud-controller-0.tenant
+      - 192.168.24.122 overcloud-controller-0.ctlplane.ooo.test overcloud-controller-0.ctlplane
+      - 172.17.0.110 overcloud-novacompute-0.ooo.test overcloud-novacompute-0
+      - 172.17.0.110 overcloud-novacompute-0.internalapi.ooo.test overcloud-novacompute-0.internalapi
+      - 172.18.0.243 overcloud-novacompute-0.storage.ooo.test overcloud-novacompute-0.storage
+      - 172.16.0.195 overcloud-novacompute-0.tenant.ooo.test overcloud-novacompute-0.tenant
+      - 192.168.24.128 overcloud-novacompute-0.ctlplane.ooo.test overcloud-novacompute-0.ctlplane
   roles:
     - name: tripleo_ipa_dns
   environment:
diff --git a/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml
index b5f0987..c002862 100644
--- a/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml
+++ b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml
@@ -30,14 +30,14 @@
 
 - name: set reverse record entries for ipv4
   set_fact:
-    reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4)[-1] }}"
-    reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4)[:-1]) }}"
+    reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4|int)[-1] }}"
+    reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4|int)[:-1]) }}"
   when: record_type == 'A'
 
 - name: set reverse record entries for ipv6
   set_fact:
-    reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6)[-1] }}"
-    reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6)[:-1]) }}"
+    reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6|int)[-1] }}"
+    reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6|int)[:-1]) }}"
   when: record_type == 'AAAA'
 
 - name: add forward dns record
diff --git a/tripleo_ipa/roles/tripleo_ipa_dns/tasks/main.yml b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/main.yml
index 6250c0a..58d2888 100644
--- a/tripleo_ipa/roles/tripleo_ipa_dns/tasks/main.yml
+++ b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/main.yml
@@ -21,10 +21,6 @@
 # - host_entry   (host entries string, in a format similar to /etc/hosts)
 
 
-- name: split host entries
-  set_fact:
-    hosts_entries_list: "{{ hosts_entry.splitlines() }}"
-
 - name: add cloud_domain dns zone
   ipa_dnszone:
     zone_name: "{{ cloud_domain }}"
@@ -32,5 +28,4 @@
 - name: add dns records
   include_tasks:
     file: dns.yaml
-  loop: "{{ hosts_entries_list }}"
-  when: item != ''
+  loop: "{{ hosts_entry }}"
diff --git a/tripleo_ipa/roles/tripleo_ipa_setup/tasks/setup.yml b/tripleo_ipa/roles/tripleo_ipa_setup/tasks/setup.yml
index 5918782..14187d6 100644
--- a/tripleo_ipa/roles/tripleo_ipa_setup/tasks/setup.yml
+++ b/tripleo_ipa/roles/tripleo_ipa_setup/tasks/setup.yml
@@ -46,6 +46,7 @@
       - 'System: remove dns entries'
       - 'System: add dns entries'
       - 'System: update dns entries'
+      - 'System: Modify Realm Domains'
       - 'Retrieve Certificates from the CA'
 
 # unfortunately we don't have ansible module yet to create perms