Giters

theforeman / puppet-foreman_proxy

Puppet module for Foreman Smart Proxy

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Puppet-foreman_proxy overwrites FreeIPA on DNS management

Yamakasi opened this issue · comments

commented

Problem:

When using this puppet module and set DNS on true, Managed on false, and filling the right provider/principal etc for Freeipa it seems that this module installs related/unrelated packages for DNS and also overwrites bind files that are already setup by freeipa which breaks Freeipa

Expected outcome:

Only config the dns_*.yml files for the proxy (and other software)

Is this expected or not ? I would expect the module is capable of configuring the proxy only but it seems not.

commented

It would be useful to know which files it overwrites and which packages you consider unrelated.

commented

@ekohl What I see so far from the run the following is changed:

/etc/named/zones.conf
/var/named/dynamic (chmod)
/etc/named.conf (full overwrite)
/var/named/dynamic (chmod)

Packages is what I need to check.

Can't we just have an option to config the proxy settings files only, per service, so we can have the specific puppet modules for these services manage the services further ?

commented

The dns_managed parameter should take care of that. That controls the import of the DNS module which manages those. This module doesn't manage those files. Please put a little more research into issues.

commented

The dns_managed parameter should take care of that. That controls the import of the DNS module which manages those. This module doesn't manage those files. Please put a little more research into issues.

Setting that to false doesn't change a thing, I tried multiple times so that is why I asked, it's also in my start of the ticket.

commented

But there's no other way. It's all in foreman_proxy::proxydns and dns_managed controls that:

puppet-foreman_proxy/manifests/config.pp

Lines 22 to 26 in ec5a12e

if $foreman_proxy::dns and $foreman_proxy::dns_managed {
include ::foreman_proxy::proxydns
include ::dns::params
$groups = [$dns::params::group, $foreman_proxy::puppet_group]
} else {

Are you sure you're actually passing in the value in a correct way?

commented

@ekohl I think we need a nested if {} there ?

commented

I don't see why. #490 adds a test to ensure this, but that passes locally for me.

commented

@ekohl or I'm confused or somthing is really wrong, it's still managed with this setting:

  foreman_proxy:
    bind_host: "*"
    dhcp: true
    dhcp_managed: false
    dns: true
    dns_interface: eth1
    dns_managed: false
    dns_provider: dns_nsupdate_gss
commented

That should be correct. How are you passing in the data? Installer? ENC? Hiera? Are you including other classes?

commented

@ekohl Foreman itself, so ENC At the moment only the puppet dhcp module (not foreman) is included.

commented

Are you sure it's still managed? Wasn't it changed at some point but now unmanaged?

commented

@ekohl even unmanaged on a rolled back snapshot which never have been puppetized is getting managed with these settings.

commented

Based on the extremely limited information you provided I've attempted to reproduce (see the test we added) but was unable to. Typical places to look are the ENC output, site.pp and actual (debug level) logs. Also the modules present with their versions.

commented

There isn't much to provide when everything is in order as you approved for the foreman_proxy yaml as posted above.

I will investigate further what goes wrong and I'm unsure what site.pp you are refering to as foreman doesn't have one, or are you referring to it's yaml output of the host as partly posted above ?