Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sap_general_preconfigure: The strict DNS check enforcement of PR 765 causes failures in certain cloud environments #784

Open
berndfinger opened this issue Jun 27, 2024 · 4 comments
Assignees

Comments

@berndfinger
Copy link
Member

berndfinger commented Jun 27, 2024

So we better make the DNS check optional by default and introduce a new role parameter for only failing the role if desired.

@berndfinger berndfinger self-assigned this Jun 27, 2024
@berndfinger
Copy link
Member Author

Note: The change was introduced by #765.

@berndfinger
Copy link
Member Author

Also the task names which contain role variables do not always show the correct content (depending on how the role was executed, e.g. when being called with include_role.

berndfinger added a commit to berndfinger/community.sap_install that referenced this issue Jun 27, 2024
@sean-freeman
Copy link
Member

This issue can occur on different platforms, and may cause frustration for the end-user if it is outside of their control.

For Example, end user may only have access to DNS A Records in 1 DNS Zone provided via MS Azure Private DNS and "Reverse DNS (PTR) records are not stored in a forward private DNS zone. Reverse DNS records are stored in a reverse DNS (in-addr.arpa) zone.". Source: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances

Making this optional will avoid a breaking change and ensure end users that want to be strict, can do so, and those who need more flexibility will see an error message but not stop the Ansible Role from continuing.

@rob0d
Copy link
Contributor

rob0d commented Jun 29, 2024

Currently I don't have access to any cloud environment where I could test it. I am not sure if GCP and AWS behave in the same way as Azure with regards to the PTR records. It seems that Azure behaviour is on the verge of non-compliance with RFC1912 section 2.1, but I guess it is understandable why they do that.
Are you able to confirm if Azure is returning two PTR records and one if them is correct? Also is there anyone who can check how GCP and AWS behave?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants