From 076f0e5967862f4d696b6be93595f910e287d9d8 Mon Sep 17 00:00:00 2001
From: Michele Costa <nocturnalastro@users.noreply.github.com>
Date: Fri, 17 Mar 2023 14:15:05 +0000
Subject: [PATCH] Fix dns check for ipv6 and network connection check for
 nmstate (#230)

* Allow IPv6 vips in dns check

* Fix network config roll back when vm_host and bastion are the same

---------

Co-authored-by: Michele Costa <mtcosta@protonmail.com>
---
 roles/apply_nmstate/defaults/main.yml         |  1 +
 .../tasks/check_if_vm_host_is_bastion.yml     | 16 ++++++++++++++
 roles/apply_nmstate/tasks/main.yml            | 21 +++++++++++++++----
 roles/validate_dns_records/tasks/check.yml    |  2 +-
 4 files changed, 35 insertions(+), 5 deletions(-)
 create mode 100644 roles/apply_nmstate/defaults/main.yml
 create mode 100644 roles/apply_nmstate/tasks/check_if_vm_host_is_bastion.yml

diff --git a/roles/apply_nmstate/defaults/main.yml b/roles/apply_nmstate/defaults/main.yml
new file mode 100644
index 00000000..32566d1e
--- /dev/null
+++ b/roles/apply_nmstate/defaults/main.yml
@@ -0,0 +1 @@
+vm_host_is_bastion: false
diff --git a/roles/apply_nmstate/tasks/check_if_vm_host_is_bastion.yml b/roles/apply_nmstate/tasks/check_if_vm_host_is_bastion.yml
new file mode 100644
index 00000000..ea948404
--- /dev/null
+++ b/roles/apply_nmstate/tasks/check_if_vm_host_is_bastion.yml
@@ -0,0 +1,16 @@
+---
+- name: Get bastion machine id
+  ansible.builtin.slurp:
+    src: /etc/machine-id
+  register: bastion_machine_id
+  delegate_to: bastion
+  become: false
+
+- name: Get vm_host machine id
+  ansible.builtin.slurp:
+    src: /etc/machine-id
+  register: vmhost_machine_id
+
+- name: Check if VM Host is bridge
+  ansible.builtin.set_fact:
+    vm_host_is_bastion: "{{ (bastion_machine_id.content == vmhost_machine_id.content) | bool }}"
diff --git a/roles/apply_nmstate/tasks/main.yml b/roles/apply_nmstate/tasks/main.yml
index f3abc8a0..852f4381 100644
--- a/roles/apply_nmstate/tasks/main.yml
+++ b/roles/apply_nmstate/tasks/main.yml
@@ -3,23 +3,36 @@
   become: true
   block:
     - name: Install nmstate
-      package:
+      ansible.builtin.package:
         name: nmstate
         state: present
 
     - name: "Copy rendered_nmstate_yml to {{ vm_nmstate_config_path }}"
-      copy:
+      ansible.builtin.copy:
         content: "{{ rendered_nmstate_yml }}"
         dest: "{{ vm_nmstate_config_path }}"
         mode: 0644
       # No commit is done to revert the changes if they cause the host to be come unreachable
 
+    - name: Check if vm_host is bastion
+      ansible.builtin.include_tasks:
+        file: check_if_vm_host_is_bastion.yml
+
     - name: Apply nmstate
-      shell:
+      ansible.builtin.shell:
         cmd: "nmstatectl apply --no-commit --timeout 120 {{ vm_nmstate_config_path }}"
       async: 60
       poll: 5
 
+    - name: "Check for connection wider network"
+      ansible.builtin.shell:
+        cmd: "ping -c 4 -W 1 {{ vm_network_test_ip }}"
+      when: vm_host_is_bastion | bool
+      register: connection_test_result
+      until: connection_test_result is succeeded
+      retries: 60
+      delay: 5
+
     - name: Commit changes
-      shell:
+      ansible.builtin.shell:
         cmd: "nmstatectl commit"
diff --git a/roles/validate_dns_records/tasks/check.yml b/roles/validate_dns_records/tasks/check.yml
index c1f53c90..5603788e 100644
--- a/roles/validate_dns_records/tasks/check.yml
+++ b/roles/validate_dns_records/tasks/check.yml
@@ -1,6 +1,6 @@
 - name: Check required domain {item} exists
   ansible.builtin.shell:
-    cmd: "{{ required_binary }} {{ item.value }} +short"
+    cmd: "{{ required_binary }} {{ item.value }} A {{ item.value }} AAAA +short"
   register: res
   changed_when: false