Add variables to skip of overlap check for FreeIPA server DNS zones (#272)

Signed-off-by: Jim Enright <[email protected]>

Author: jimright

roles/freeipa_server/defaults/main.yml

@@ -28,3 +28,6 @@ ipaadmin_principal: admin
 ipaadmin_password: "{{ undef(hint='Please define the FreeIPA administrator principal password') }}"
 
 ipadm_password: "{{ undef(hint='Please define the FreeIPA Directory Manager admin password') }}"
+
+ipaserver_forward_no_overlap_check: false
+ipaserver_reverse_no_overlap_check: false

roles/freeipa_server/meta/argument_specs.yml

@@ -57,6 +57,14 @@ argument_specs:
         description:
           - Certificate Authority subject for the self-signed root CA.
         default: "CN=CLDR-RootCA,O=ipaserver_domain"
+      ipaserver_forward_no_overlap_check:
+        description:
+          - Skip overlap check for forward DNS zones.
+        default: false
+      ipaserver_reverse_no_overlap_check:
+        description:
+          - Skip overlap check for reverse DNS zones.
+        default: false
       ipaadmin_principal:
         description:
           - Kerberos principal for the FreeIPA administrator account.

roles/freeipa_server/tasks/main.yml

@@ -86,13 +86,15 @@
     dynamic_update: true
     allow_sync_ptr: true
     forward_policy: none
+    skip_overlap_check: "{{ ipaserver_forward_no_overlap_check }}"
     ipaadmin_password: "{{ ipaadmin_password }}"
 
 - name: Create reverse DNS zones in provisioned FreeIPA service
   freeipa.ansible_freeipa.ipadnszone:
     name_from_ip: "{{ cidr }}"
     dynamic_update: true
     allow_sync_ptr: true
+    skip_overlap_check: "{{ ipaserver_reverse_no_overlap_check }}"
     ipaadmin_password: "{{ ipaadmin_password }}"
   loop: "{{ ipaserver_cidr }}"
   loop_control: