72453399348de5bd91f0a214bb82848719be5e4c to ef73a85320c9eeeaa5057e545ce6cca51b737b50 · Mirror / Ansible FreeIPA

Commits on Source 2

ipaclient: Fix AttributeError by defaulting dns_over_tls to False · 5b3a4729

Jose Angel Morena authored May 20, 2025

This change addresses https://github.com/freeipa/ansible-freeipa/issues/1356#issuecomment-2891804763 by explicitly setting `options.dns_over_tls = False` to ensure the attribute is always defined when running ipaclient ansible role.

On RHEL 9 systems (or any environment where `ipasssd_enable_dns_updates: true`), the `ipaclient` python module references `dns_over_tls` without first checking its existence, which results in the following `AttributeError: 'installer_obj' object has no attribute 'dns_over_tls'`:

  TASK \[freeipa.ansible\_freeipa.ipaclient : Install - Configure SSSD] \*\*\*\*\*\*\*\*\*\*\*\*
  An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError:
  'installer\_obj' object has no attribute 'dns\_over\_tls'
  fatal: \[vm-test-rhel9]: FAILED! => {"changed": false, "module\_stderr": "Traceback (most recent call last):\n  File "
 <stdin>", line 107, in <module>\n  File "<stdin>", line 99, in \_ansiballz\_main\n  File "<stdin>", line 47, in invoke\_module\n
  File "/usr/lib64/python3.9/runpy.py", line 225, in run\_module\n    return \_run\_module\_code(code, init\_globals,
  run\_name, mod\_spec)\n  File "/usr/lib64/python3.9/runpy.py", line 97, in \_run\_module\_code\n    \_run\_code(code,
  mod\_globals, init\_globals,\n  File "/usr/lib64/python3.9/runpy.py", line 87, in \_run\_code\n    exec(code, run\_globals)\n
  File "/tmp/ansible\_freeipa.ansible\_freeipa.ipaclient\_setup\_sssd\_payload\_zkyct7sn/ansible\_freeipa.ansible\_freeipa.ipacli. ent\_setup\_sssd\_payload.zip/ansible\_collections/freeipa/ansible\_freeipa/plugins/modules/ipaclient\_setup\_sssd.py",
  line 190, in <module>\n  File "/tmp/ansible\_freeipa.ansible\_freeipa.ipaclient\_setup\_sssd\_payload\_zkyct7sn/ansible\_freeipa.ansible\_freeipa.ipacli. ent\_setup\_sssd\_payload.zip/ansible\_collections/freeipa/ansible\_freeipa/plugins/modules/ipaclient\_setup\_sssd.py",
  line 181, in main\n  File "/usr/lib/python3.9/site-packages/ipaclient/install/client.py", line 1005, in configure\_sssd\_conf\n
  if options.dns\_over\_tls:\nAttributeError: 'installer\_obj' object has no attribute 'dns\_over\_tls'\n", "module\_stdout": "",
  "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

To prevent this, the attribute `options.dns_over_tls` is now initialised to false in `roles/ipaclient/library/ipaclient_setup_sssd.py`.This fix is inspired by a similar pattern in [[PR #1340](https://github.com/freeipa/ansible-freeipa/pull/1340/files)](https://github.com/freeipa/ansible-freeipa/pull/1340/files).

This failure has been observed in versions `1.14.6` and `1.14.5` of the [ansible_freeipa collection](https://galaxy.ansible.com/ui/repo/published/freeipa/ansible_freeipa/

) from Ansible Galaxy.

Signed-off-by: Jose Angel Morena <jmorenas@redhat.com>

5b3a4729

Merge pull request #1357 from jangel97/hotfix_sssd_dns_over_tls · ef73a853
Thomas Woerner authored May 21, 2025
```
ipaclient: Fix AttributeError by defaulting dns_over_tls to False
```
ef73a853