diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py
index 9d33ad2206096c94ccf01521c7a1077c7f47a64b..cbdfd93e2c5f2c4fddb2fd96adb8ae12fcdc40e9 100644
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -172,8 +172,17 @@ def main():
no_dns_sshfp=dict(required=False, type='bool'),
### certificate system ###
#subject_base=dict(required=False),
- no_dnssec_validation=dict(required=False, type='bool'),
### dns ###
+ allow_zone_overlap=dict(required=False, type='bool', default=False),
+ reverse_zones=dict(required=False,type='list',default=[]),
+ no_reverse=dict(required=False, type='bool', default=False),
+ auto_reverse=dict(required=False, type='bool', default=False),
+ forwarders=dict(required=False, type='list', default=[]),
+ no_forwarders=dict(required=False, type='bool', default=False),
+ auto_forwarders=dict(required=False, type='bool', default=False),
+ forward_policy=dict(default=None, choices=['first', 'only']),
+ no_dnssec_validation=dict(required=False, type='bool',
+ default=False),
### ad trust ###
### additional ###
server=dict(required=True),
@@ -224,6 +233,7 @@ def main():
#options.ca_subject = ansible_module.params.get('ca_subject')
options.no_dnssec_validation = ansible_module.params.get('no_dnssec_validation')
### dns ###
+ options.allow_zone_overlap = ansible_module.params.get('allow_zone_overlap')
options.reverse_zones = ansible_module.params.get('reverse_zones')
options.no_reverse = ansible_module.params.get('no_reverse')
options.auto_reverse = ansible_module.params.get('auto_reverse')
@@ -231,6 +241,8 @@ def main():
options.no_forwarders = ansible_module.params.get('no_forwarders')
options.auto_forwarders = ansible_module.params.get('auto_forwarders')
options.forward_policy = ansible_module.params.get('forward_policy')
+ options.no_dnssec_validation = ansible_module.params.get(
+ 'no_dnssec_validationdnssec_validation')
### additional ###
#options._host_name_overridden = ansible_module.params.get(
@@ -666,6 +678,7 @@ def main():
ccache=ccache,
installer_ccache=installer._ccache,
subject_base=str(config.subject_base),
+ forward_policy=options.forward_policy,
_ca_enabled=ca_enabled,
_ca_subject=str(options._ca_subject),
_subject_base=str(options._subject_base) if options._subject_base is not None else None,
diff --git a/roles/ipareplica/library/ipareplica_setup_dns.py b/roles/ipareplica/library/ipareplica_setup_dns.py
index 10675698be9d751dedc6cd72b3d873f5ab75554b..5beabee00f5ec027656d10d63e808d804b118415 100644
--- a/roles/ipareplica/library/ipareplica_setup_dns.py
+++ b/roles/ipareplica/library/ipareplica_setup_dns.py
@@ -79,6 +79,12 @@ def main():
setup_dns=dict(required=False, type='bool'),
### certificate system ###
subject_base=dict(required=True),
+ ### dns ###
+ zonemgr=dict(required=False),
+ forwarders=dict(required=False, type='list', default=[]),
+ forward_policy=dict(default=None, choices=['first', 'only']),
+ no_dnssec_validation=dict(required=False, type='bool',
+ default=False),
### additional ###
ccache=dict(required=True),
_top_dir = dict(required=True),
@@ -101,6 +107,12 @@ def main():
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
+ ### dns ###
+ options.zonemgr = ansible_module.params.get('zonemgr')
+ options.forwarders = ansible_module.params.get('forwarders')
+ options.forward_policy = ansible_module.params.get('forward_policy')
+ options.no_dnssec_validation = ansible_module.params.get(
+ 'no_dnssec_validationdnssec_validation')
### additional ###
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
diff --git a/roles/ipareplica/module_utils/ansible_ipa_replica.py b/roles/ipareplica/module_utils/ansible_ipa_replica.py
index 3c64b044e9e384f30e689f21664648c88c7e1efb..d876a51bca1c2278d4929e89494c37ef54383e9e 100644
--- a/roles/ipareplica/module_utils/ansible_ipa_replica.py
+++ b/roles/ipareplica/module_utils/ansible_ipa_replica.py
@@ -211,6 +211,12 @@ class installer_obj(object):
installer = installer_obj()
options = installer
+# DNSInstallInterface
+options.dnssec_master = False
+options.disable_dnssec_master = False
+options.kasp_db_file = None
+options.force = False
+
def api_Backend_ldap2(host_name, setup_ca, connect=False):
# we are sure we have the configuration file ready.
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index ef4bd4878b0b049e56b706f3d849bd132bdc6668..4994c433eed6aa79ef4b44547466e0df0d609322 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -148,8 +148,15 @@
no_sshd: no
no_dns_sshfp: no
### dns ###
- no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
+ allow_zone_overlap: "{{ ipareplica_allow_zone_overlap }}"
+ reverse_zones: "{{ ipareplica_reverse_zones | default([]) }}"
+ no_reverse: "{{ ipareplica_no_reverse }}"
+ auto_reverse: "{{ ipareplica_auto_reverse }}"
+ forwarders: "{{ ipareplica_forwarders | default([]) }}"
+ no_forwarders: "{{ ipareplica_no_forwarders }}"
+ auto_forwarders: "{{ ipareplica_auto_forwarders }}"
forward_policy: "{{ ipareplica_forward_policy | default(omit) }}"
+ no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
### ad trust ###
netbios_name: "{{ ipareplica_netbios_name | default(omit) }}"
rid_base: "{{ ipareplica_rid_base | default(omit) }}"
@@ -573,6 +580,11 @@
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
### certificate system ###
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
+ ### dns ###
+ zonemgr: "{{ ipareplica_zonemgr | default(omit) }}"
+ forwarders: "{{ ipareplica_forwarders | default([]) }}"
+ forward_policy: "{{ result_ipareplica_prepare.forward_policy }}"
+ no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
### additional ###
ccache: "{{ result_ipareplica_prepare.ccache }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"