Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipa_dnsrecord no modifications to be performed when record already exists. #1296

Open
patrickstump opened this issue Sep 28, 2024 · 1 comment
Open

ipa_dnsrecord no modifications to be performed when record already exists. #1296

patrickstump opened this issue Sep 28, 2024 · 1 comment
Labels
bug idempotence

Comments

@patrickstump
Copy link

Description

When updating dns records for a zone, host, or dns record, if the record already exists without changes, it fails the task with "no modifications to be performed."

This is also reported in the community project, but never fixed.

Version information

ansible-freeipa collection : 1.13.2

ansible [core 2.15.1]
  config file = /ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
  ansible collection location = /ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.12 (main, Sep 11 2024, 15:47:36) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Affected (that I have tested)

  • freeipa.ansible_freeipa.ipadnszone
  • freeipa.ansible_freeipa.ipahost
  • freeipa.ansible_freeipa.ipadnsrecord

Example task

    - name: Add DNS Zones
      tags:
        - zones
      freeipa.ansible_freeipa.ipadnszone:
        ipaadmin_principal: admin
        ipaadmin_password: "{{ ipaserver_admin_password }}"
        state: present
        name: "example.lan"
        allow_sync_ptr: true
        dynamic_update: false
        allow_transfer:
          - "192.168.1.3"
        skip_nameserver_check: true
        skip_overlap_check: true


     - name: Add hosts to ipa inventory
      freeipa.ansible_freeipa.ipahost:
        ipaadmin_principal: admin
        ipaadmin_password: "{{ ipaserver_admin_password }}"
        name: "host1.example.lan"
        description: ""
        ip_address: "192.168.4.5"
        state: present
        update_dns: true
        reverse: true
      loop: "{{ inventory_hosts }}"

Example output

failed: [ipa-1.example.lan] (item=example.lan) => {"ansible_loop_var": "item", "changed": false, "item": "example.lan", "msg": "dnszone_mod: example.lan: no modifications to be performed"}

failed: [ipa-1.example.lan] (item=host1.example.lan) => {"ansible_loop_var": "item", "changed": false, "item": "host1.example.lan", "msg": "host_mod: host1.example.lan: no modifications to be performed"}

Expected behavior

If record already exists return changed: false but do not error.

Workaround

Set ignore_errors to true. However you need to watch each line to make sure the errors are actually the modification error and not another error.
@kitos9112
Copy link

I see the same behaviour with the ipahost module when there are no pending changes.

I normally offload the idempotency to the Ansible module. Other modules work in this way, they'd make changes if needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug idempotence
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@t-woerner @patrickstump @kitos9112