Add tripleo_ipa_dns role

The new role adds DNS entries, using TripleO's hosts_entry var, which contains host entries in a format similar to /etc/hosts. Change-Id: I91b8d1e67f381da8abe2317f62327e8a5ed4a367
2020-04-02 14:56:25 +02:00 · 2020-04-02 14:56:25 +02:00 · 331d8e0133
commit 331d8e0133
parent 49d2e0d2a5
8 changed files with 293 additions and 0 deletions
--- a/requirements.txt
+++ b/requirements.txt
@ -1,2 +1,3 @@
 six>=1.10.0 # MIT
 PyYAML>=3.12 # MIT
+netaddr>=0.7.18 # BSD
--- a/tox.ini
+++ b/tox.ini
@ -23,6 +23,7 @@ setenv =
  ANSIBLE_LIBRARY={toxinidir}/tripleo_ipa/roles.galaxy/config_template/library:{toxinidir}/tripleo_ipa/ansible_plugins/modules
  ANSIBLE_ROLES_PATH={toxinidir}/tripleo_ipa/roles.galaxy:{toxinidir}/tripleo_ipa/roles
 deps =
+   -r {toxinidir}/requirements.txt
   -r {toxinidir}/molecule-requirements.txt
 changedir = {toxinidir}/tripleo_ipa
 commands = molecule test --all
--- a/tripleo_ipa/molecule/default/converge.yml
+++ b/tripleo_ipa/molecule/default/converge.yml
@ -141,3 +141,63 @@
    IPA_USER: admin
    IPA_HOST: ipa.example.test
    IPA_PASS: password123
+
+
+- name: Converge - add dns entries
+  hosts: all
+  vars:
+    cloud_domain: ooo.test
+    hosts_entry: '2001:0db8:85a3:0000:0000:8a2e:0370:7334 foo.ooo.test
+
+  2001:0db8:85a3:0000:0000:8a2e:0370:7333 foo.ooo.test
+
+  2001:0db8:85a3:0000:0000:8a2e:0370:7333 bar.ooo.test
+
+  192.168.24.111 bar.ooo.test
+
+  192.168.24.1 undercloud.ctlplane.ooo.test undercloud.ctlplane
+
+  192.168.24.115  overcloud.ctlplane.ooo.test
+
+  10.0.0.135  overcloud.ooo.test
+
+  172.17.0.15  overcloud.internalapi.ooo.test
+
+  172.18.0.231  overcloud.storage.ooo.test
+
+  172.19.0.164  overcloud.storagemgmt.ooo.test
+
+  172.17.0.46 overcloud-controller-0.ooo.test overcloud-controller-0
+
+  10.0.0.116 overcloud-controller-0.external.ooo.test overcloud-controller-0.external
+
+  172.17.0.46 overcloud-controller-0.internalapi.ooo.test overcloud-controller-0.internalapi
+
+  172.18.0.185 overcloud-controller-0.storage.ooo.test overcloud-controller-0.storage
+
+  172.19.0.107 overcloud-controller-0.storagemgmt.ooo.test overcloud-controller-0.storagemgmt
+
+  172.16.0.72 overcloud-controller-0.tenant.ooo.test overcloud-controller-0.tenant
+
+  192.168.24.122 overcloud-controller-0.ctlplane.ooo.test overcloud-controller-0.ctlplane
+
+
+  172.17.0.110 overcloud-novacompute-0.ooo.test overcloud-novacompute-0
+
+  172.17.0.110 overcloud-novacompute-0.internalapi.ooo.test overcloud-novacompute-0.internalapi
+
+  172.18.0.243 overcloud-novacompute-0.storage.ooo.test overcloud-novacompute-0.storage
+
+  172.16.0.195 overcloud-novacompute-0.tenant.ooo.test overcloud-novacompute-0.tenant
+
+  192.168.24.128 overcloud-novacompute-0.ctlplane.ooo.test overcloud-novacompute-0.ctlplane
+
+
+
+    '
+  roles:
+    - name: tripleo_ipa_dns
+  environment:
+    IPA_USER: admin
+    IPA_HOST: ipa.example.test
+    IPA_PASS: password123
--- a/tripleo_ipa/molecule/default/tests/test_default.py
+++ b/tripleo_ipa/molecule/default/tests/test_default.py
@ -1,3 +1,4 @@
+import ipaddress
 import os

 import pytest
@ -166,3 +167,63 @@ def test_services(host, service, subhost):
    'Roles: Nova Host Manager' in result
    assert 'Managed by: test-0.{}.example.test, test-0.example.test'.format(
        subhost) in result
+
+
+@pytest.mark.parametrize('ip, name', [
+    ('2001:0db8:85a3:0000:0000:8a2e:0370:7333', 'foo'),
+    ('2001:0db8:85a3:0000:0000:8a2e:0370:7333', 'bar'),
+    ('192.168.24.111', 'bar'),
+    ('192.168.24.1', 'undercloud.ctlplane'),
+    ('192.168.24.115', 'overcloud.ctlplane'),
+    ('10.0.0.135', 'overcloud'),
+    ('172.17.0.15', 'overcloud.internalapi'),
+    ('172.18.0.231', 'overcloud.storage'),
+    ('172.19.0.164', 'overcloud.storagemgmt'),
+    ('172.17.0.46', 'overcloud-controller-0'),
+    ('10.0.0.116', 'overcloud-controller-0.external'),
+    ('172.17.0.46', 'overcloud-controller-0.internalapi'),
+    ('172.18.0.185', 'overcloud-controller-0.storage'),
+    ('172.19.0.107', 'overcloud-controller-0.storagemgmt'),
+    ('172.16.0.72', 'overcloud-controller-0.tenant'),
+    ('192.168.24.122', 'overcloud-controller-0.ctlplane'),
+    ('172.17.0.110', 'overcloud-novacompute-0'),
+    ('172.17.0.110', 'overcloud-novacompute-0.internalapi'),
+    ('172.18.0.243', 'overcloud-novacompute-0.storage'),
+    ('172.16.0.195', 'overcloud-novacompute-0.tenant'),
+    ('192.168.24.128', 'overcloud-novacompute-0.ctlplane')])
+def test_dns(host, ip, name):
+    result = host.check_output(
+        'ipa dnsrecord-find ooo.test --name={}'.format(
+            name))
+    assert 'record: {}'.format(ip) in result
+
+
+@pytest.mark.parametrize('ip, name', [
+    ('2001:0db8:85a3:0000:0000:8a2e:0370:7334', 'foo'),
+    ('2001:0db8:85a3:0000:0000:8a2e:0370:7333', 'bar'),
+    ('192.168.24.111', 'bar'),
+    ('192.168.24.1', 'undercloud.ctlplane'),
+    ('192.168.24.115', 'overcloud.ctlplane'),
+    ('10.0.0.135', 'overcloud'),
+    ('172.17.0.15', 'overcloud.internalapi'),
+    ('172.18.0.231', 'overcloud.storage'),
+    ('172.19.0.164', 'overcloud.storagemgmt'),
+    ('172.17.0.46', 'overcloud-controller-0'),
+    ('10.0.0.116', 'overcloud-controller-0.external'),
+    ('172.17.0.46', 'overcloud-controller-0.internalapi'),
+    ('172.18.0.185', 'overcloud-controller-0.storage'),
+    ('172.19.0.107', 'overcloud-controller-0.storagemgmt'),
+    ('172.16.0.72', 'overcloud-controller-0.tenant'),
+    ('192.168.24.122', 'overcloud-controller-0.ctlplane'),
+    ('172.17.0.110', 'overcloud-novacompute-0'),
+    ('172.17.0.110', 'overcloud-novacompute-0.internalapi'),
+    ('172.18.0.243', 'overcloud-novacompute-0.storage'),
+    ('172.16.0.195', 'overcloud-novacompute-0.tenant'),
+    ('192.168.24.128', 'overcloud-novacompute-0.ctlplane')])
+def test_reverse_dns(host, ip, name):
+    reverse = ipaddress.ip_address(ip).reverse_pointer
+    record, zone = reverse.split('.', 1)
+    result = host.check_output(
+        'ipa dnsrecord-find {} --name={}'.format(
+            zone, record))
+    assert 'record: {}'.format(name) in result
--- a/tripleo_ipa/roles/tripleo_ipa_dns/defaults/main.yml
+++ b/tripleo_ipa/roles/tripleo_ipa_dns/defaults/main.yml
@ -0,0 +1,23 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# All variables intended for modification should place placed in this file.
+
+# All variables within this role should have a prefix of "tripleo_ipa"
+
+tripleo_ipa_ptr_zone_split_ipv4: 1
+tripleo_ipa_ptr_zone_split_ipv6: 1
--- a/tripleo_ipa/roles/tripleo_ipa_dns/meta/main.yml
+++ b/tripleo_ipa/roles/tripleo_ipa_dns/meta/main.yml
@ -0,0 +1,44 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+  author: OpenStack
+  description: TripleO OpenStack Role -- tripleo_ipa_dns
+  company: Red Hat
+  license: Apache-2.0
+  min_ansible_version: 2.7
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: Fedora
+      versions:
+        - 28
+    - name: CentOS
+      versions:
+        - 7
+
+  galaxy_tags:
+    - tripleo
+
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []
--- a/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml
+++ b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/dns.yaml
@ -0,0 +1,67 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: set record_value and record_name
+  set_fact:
+    record_value: "{{ item.split()[0] }}"
+    record_name: "{{ item.split()[1]|regex_replace('(.*).' + cloud_domain + '$', '\\1') }}"
+
+- name: set record type
+  set_fact:
+    record_type: "{{ 'A' if record_value| ipv4 else 'AAAA' }}"
+
+- name: get reverse record data
+  set_fact:
+    reverse_addr: "{{ record_value | ipaddr('revdns') }}"
+
+- name: set reverse record entries for ipv4
+  set_fact:
+    reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4)[-1] }}"
+    reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv4)[:-1]) }}"
+  when: record_type == 'A'
+
+- name: set reverse record entries for ipv6
+  set_fact:
+    reverse_record_zone: "{{ reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6)[-1] }}"
+    reverse_record_name: "{{ '.'.join(reverse_addr.split('.', tripleo_ipa_ptr_zone_split_ipv6)[:-1]) }}"
+  when: record_type == 'AAAA'
+
+- name: add forward dns record
+  ipa_dnsrecord:
+    zone_name: "{{ cloud_domain }}"
+    record_name: "{{ record_name }}"
+    record_type: "{{ record_type }}"
+    record_value: "{{ record_value }}"
+
+- name: add reverse record dns zone
+  ipa_dnszone:
+    zone_name: "{{ reverse_record_zone }}"
+  register: reverse_zone_result
+  failed_when:
+    - "'zone' not in reverse_zone_result"
+    - "'already exists in DNS' not in reverse_zone_result.msg"
+
+- name: add reverse dns record
+  ipa_dnsrecord:
+    zone_name: "{{ reverse_record_zone }}"
+    record_name: "{{ reverse_record_name }}"
+    record_value: "{{ record_name }}.{{ cloud_domain }}."
+    record_type: "PTR"
+  register: reverse_record_result
+  failed_when:
+    - "'record' not in reverse_record_result"
+    - "'DNS zone not found' not in reverse_record_result.msg"
--- a/tripleo_ipa/roles/tripleo_ipa_dns/tasks/main.yml
+++ b/tripleo_ipa/roles/tripleo_ipa_dns/tasks/main.yml
@ -0,0 +1,36 @@
+---
+# Copyright 2020 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# This role adds a host entries to FreeIPA, as defined in the host_entry variable.
+#
+# The following variables are required:
+# - cloud_domain (Base domain, eg. example.com)
+# - host_entry   (host entries string, in a format similar to /etc/hosts)
+
+
+- name: split host entries
+  set_fact:
+    hosts_entries_list: "{{ hosts_entry.splitlines() }}"
+
+- name: add cloud_domain dns zone
+  ipa_dnszone:
+    zone_name: "{{ cloud_domain }}"
+
+- name: add dns records
+  include_tasks:
+    file: dns.yaml
+  loop: "{{ hosts_entries_list }}"
+  when: item != ''