nsupdate module seems to fail with dnspython 2.0.0

[zoredache]

SUMMARY

The dnspython 2.0.0 was released on 2020-07-17. The updated module seems to break the ansible nsupdate module. If I downgrade dnspython back to 1.16.0 everything seems to work fine.

ISSUE TYPE

• Bug Report

COMPONENT NAME

nsupdate

ANSIBLE VERSION

    # ansible --version
    ansible 2.9.11
      config file = /root/Projects/nwesd_ansible/ansible.cfg
      configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
      ansible python module location = /usr/local/ansible/stable/lib/python3.7/site-packages/ansible
      executable location = /usr/local/ansible/stable/bin/ansible
      python version = 3.7.3 (default, Dec 20 2019, 18:57:59) [GCC 8.3.0]

    # pip freeze | grep dnspy
    dnspython==2.0.0

CONFIGURATION

No changed config, default.

OS / ENVIRONMENT

Debian 10, ansible installed via pip.

STEPS TO REPRODUCE

    - hosts: localhost
      gather_facts: no
      tasks:
      - nsupdate:
          key_secret: "{{ key_secret }}"
          key_algorithm: "{{ key_algorithm }}"
          key_name: "{{ key_name }}"
          server: "{{ server }}"
          zone: "example.org"
          record: "hostname"
          value: "::1"
          type: 'AAAA'

EXPECTED RESULTS

# pip install dnspython==2.0.0
# ansible-playbook example.yml

PLAY [localhost] *************

TASK [nsupdate] **************
changed: [localhost]

ACTUAL RESULTS

    # ansible-playbook example.yml -vvv
    ansible-playbook 2.9.11
      config file = /root/Projects/ansible/ansible.cfg
      configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
      ansible python module location = /usr/local/ansible/stable/lib/python3.7/site-packages/ansible
      executable location = /usr/local/ansible/stable/bin/ansible-playbook
      python version = 3.7.3 (default, Dec 20 2019, 18:57:59) [GCC 8.3.0]
    Using /root/Projects/ansible/ansible.cfg as config file
    ...
    PLAYBOOK: example.yml *************
    1 plays in example.yml
    
    PLAY [localhost] *************
    META: ran handlers
    
    TASK [nsupdate] **************
    task path: /root/Projects/ansible/example.yml:4
    Using module file /usr/local/ansible/stable/lib/python3.7/site-packages/ansible/modules/net_tools/nsupdate.py
    Pipelining is enabled.
    <localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
    <localhost> EXEC /bin/sh -c '/usr/local/ansible/stable/bin/python3 && sleep 0'
    The full traceback is:
    Traceback (most recent call last):
      File "/usr/local/ansible/stable/lib/python3.7/site-packages/dns/inet.py", line 87, in af_for_address
        dns.ipv4.inet_aton(text)
      File "/usr/local/ansible/stable/lib/python3.7/site-packages/dns/ipv4.py", line 49, in inet_aton
        raise dns.exception.SyntaxError
    dns.exception.SyntaxError: Text input is malformed.
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/local/ansible/stable/lib/python3.7/site-packages/dns/inet.py", line 91, in af_for_address
        dns.ipv6.inet_aton(text, True)
      File "/usr/local/ansible/stable/lib/python3.7/site-packages/dns/ipv6.py", line 165, in inet_aton
        raise dns.exception.SyntaxError
    dns.exception.SyntaxError: Text input is malformed.
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "<stdin>", line 102, in <module>
      File "<stdin>", line 94, in _ansiballz_main
      File "<stdin>", line 40, in invoke_module
      File "/usr/lib/python3.7/runpy.py", line 205, in run_module
        return _run_module_code(code, init_globals, run_name, mod_spec)
      File "/usr/lib/python3.7/runpy.py", line 96, in _run_module_code
        mod_name, mod_spec, pkg_name, script_name)
      File "/usr/lib/python3.7/runpy.py", line 85, in _run_code
        exec(code, run_globals)
      File "/tmp/ansible_nsupdate_payload_f5qiblux/ansible_nsupdate_payload.zip/ansible/modules/net_tools/nsupdate.py", line 448, in <module>
      File "/tmp/ansible_nsupdate_payload_f5qiblux/ansible_nsupdate_payload.zip/ansible/modules/net_tools/nsupdate.py", line 431, in main
      File "/tmp/ansible_nsupdate_payload_f5qiblux/ansible_nsupdate_payload.zip/ansible/modules/net_tools/nsupdate.py", line 270, in create_or_update_record
      File "/tmp/ansible_nsupdate_payload_f5qiblux/ansible_nsupdate_payload.zip/ansible/modules/net_tools/nsupdate.py", line 359, in record_exists
      File "/tmp/ansible_nsupdate_payload_f5qiblux/ansible_nsupdate_payload.zip/ansible/modules/net_tools/nsupdate.py", line 258, in __do_update
      File "/usr/local/ansible/stable/lib/python3.7/site-packages/dns/query.py", line 754, in tcp
        source_port)
      File "/usr/local/ansible/stable/lib/python3.7/site-packages/dns/query.py", line 226, in _destination_and_source
        af = dns.inet.af_for_address(where)
      File "/usr/local/ansible/stable/lib/python3.7/site-packages/dns/inet.py", line 94, in af_for_address
        raise ValueError
    ValueError
    fatal: [localhost]: FAILED! => {
        "changed": false,
        "module_stderr": "Traceback (most recent call last):\n  File \"/usr/local/ansible/stable/lib/python3.7/site-packages/dns/inet.py\", line 87, in af_for_address\n    dns.ipv4.inet_aton(text)\n  File \"/usr/local/ansible/stable/lib/python3.7/site-packages/dns/ipv4.py\", line 49, in inet_aton\n    raise dns.exception.SyntaxError\ndns.exception.SyntaxError: Text input is malformed.\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"/usr/local/ansible/stable/lib/python3.7/site-packages/dns/inet.py\", line 91, in af_for_address\n    dns.ipv6.inet_aton(text, True)\n  File \"/usr/local/ansible/stable/lib/python3.7/site-packages/dns/ipv6.py\", line 165, in inet_aton\n    raise dns.exception.SyntaxError\ndns.exception.SyntaxError: Text input is malformed.\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"<stdin>\", line 102, in <module>\n  File \"<stdin>\", line 94, in _ansiballz_main\n  File \"<stdin>\", line 40, in invoke_module\n  File \"/usr/lib/python3.7/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib/python3.7/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib/python3.7/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_nsupdate_payload_f5qiblux/ansible_nsupdate_payload.zip/ansible/modules/net_tools/nsupdate.py\", line 448, in <module>\n  File \"/tmp/ansible_nsupdate_payload_f5qiblux/ansible_nsupdate_payload.zip/ansible/modules/net_tools/nsupdate.py\", line 431, in main\n  File \"/tmp/ansible_nsupdate_payload_f5qiblux/ansible_nsupdate_payload.zip/ansible/modules/net_tools/nsupdate.py\", line 270, in create_or_update_record\n  File \"/tmp/ansible_nsupdate_payload_f5qiblux/ansible_nsupdate_payload.zip/ansible/modules/net_tools/nsupdate.py\", line 359, in record_exists\n  File \"/tmp/ansible_nsupdate_payload_f5qiblux/ansible_nsupdate_payload.zip/ansible/modules/net_tools/nsupdate.py\", line 258, in __do_update\n  File \"/usr/local/ansible/stable/lib/python3.7/site-packages/dns/query.py\", line 754, in tcp\n    source_port)\n  File \"/usr/local/ansible/stable/lib/python3.7/site-packages/dns/query.py\", line 226, in _destination_and_source\n    af = dns.inet.af_for_address(where)\n  File \"/usr/local/ansible/stable/lib/python3.7/site-packages/dns/inet.py\", line 94, in af_for_address\n    raise ValueError\nValueError\n",
        "module_stdout": "",
        "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
        "rc": 1
    }
    
    PLAY RECAP *******************
    localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
    
    Playbook run took 0 days, 0 hours, 0 minutes, 0 seconds

[ansibullbot]

Files identified in the description:

• plugins/modules/net_tools/nsupdate.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @nerzhul click here for bot help

[natman]

The same here with 1.3.0 of ccommunity.general and it seems that nothing have been adapted since july, however and hopefully, everything still works fixing the version to '1.16' of dnspython.

[felixfontein]

If someone wants to fix this, feel free to create a PR!

[gaige]

I finally decided to take a look at this problem today after having been vexed by it since July (and basically punting and pinning my copy of dnspython to 1.16).

In my case (your mileage may vary), we were using a DNS name in the server argument for nsupdate instead of an IP address. This seems to have been the cause of our problem. Once I changed that to an IP address, that fixed the issue.

I hadn't previously realized it, but the server argument states pretty clearly:

Apply DNS modification on this server, specified by IPv4 or IPv6 address.

In my case, I just used {{ lookup('dig', nameserver) }} to get the first IP address for our server and everything worked fine after that.

Examples in the docs (going back at least to 2.9) used IP addresses, but the documentation in 2.9 indicated Apply DNS modification on this server, and didn't specifically call out the requirements to an IP address. This tightened restriction is caused by changes in the underlying dnspython package.

At this point, considering the now-clear documentation, I've now "fixed" our code. I'm putting this comment in here for anyone else who runs into this problem and thinks they need to pin to an older version of dnspython while waiting for a "fix".

[itcultus]

I have issues with the module as well. In my Fedora 34, dns-python is 2.1.0. I cannot downgrade, it's the lowest possible version.

When I try to create a reverse DNS entry it fails with rc 5 (refused) I noticed this:

  dns_rc: 5
  dns_rc_str: REFUSED
  invocation:
    module_args:
      key_algorithm: hmac-sha512
      key_name: <keyname>
      key_secret: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
      port: 53
      protocol: tcp
      record: 32.0.10.10.in-addr.arpa.
      server: 10.0.0.1
      state: present
      ttl: 3600
      type: PTR
      value:
      - demo.example.com.
      zone: null

The same code if executed on my openSUSE Leap 15.3 which has dnspython 1.15 works perfectly fine.

Now, the solution to this issue was to add the zone. I don't want to express any opinion on the dnspython library, I am not a python expert by any means. However, the documentation of the nsupdate Ansible module must be updated to reflect this need. I don't have an issue to create the PR as long as someone will merge it.

[felixfontein]

@itcultus would be great if you could create a PR. I'll happily merge it if it looks good to me and nobody else chimes in :)

[itcultus]

I will open a new case, since I cannot replicate the issue with server name.

[ansibullbot]

Files identified in the description:

• plugins/modules/nsupdate.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help