setup: Windows FQDN incomplete about ansible.windows HOT 8 CLOSED

From @lanoxx on Feb 07, 2019 13:29

I think the issue is here:

https://github.com/ansible/ansible/blob/244c4c893d776ab16f9ae24baca47ff172be4bf6/lib/ansible/modules/windows/setup.ps1#L322

I think the problem here is that $ip_props.DomainName is only set if the windows machine is joined to a domain. If it receives its domain suffix via DHCP then this will appear in the registry under HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpDomain and is shown in ipconfig /all as Connection-specific DNS Suffix.

I would like to suggest that ansible should fallback to the DhcpDomain value if the domain is not set.

Something like this:

$dhcpDomain = (Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters').DhcpDomain
$domainSuffix = if ($ip_props.DomainName.equals("")) { $dhcpDomain } else { $ip_props.DomainName }
ansible_fqdn = ($ip_props.Hostname + "." + $domainSuffix)

Some more information about my use case. I am trying to configure an AWS EC2 Windows machine and need to know the current private_dns name of the machine, which is something like ip-xxx-xxx-xxx-xxx.<dhcpdomain>, where dhcp domain is for example eu-central-1.compute.internal.

So I am expecting the ansible_fqdn to contain the value ip-xxx-xxx-xxx-xxx.eu-central-1.compute.internal

from ansible.windows.

From @ShachafGoldstein on May 16, 2019 00:18

ansible_interfaces has the domain info you need, the fqdn should not have the domain suffix of a dns zone that is not the domain that computer is joined to.

the term domain is used in a lot of places in the IT world with different meanings

from ansible.windows.

From @lanoxx on May 16, 2019 07:47

Hello @ShachafGoldstein,

thank you for your response. I have two questions about this:

1. I believe that the machine in question is actually part of a domain. AWS assigns it both a hostname and a domain. The Windows machine is however not part of an Active Directory domain. But as you write domain can mean various things in the IT world today. In this issue I am not talking about active directory domain, just about DNS domains. How do you distinguish if the computer is joined to a domain?

2. The behaviour of ansible_fqdn is currently different between Windows and Linux. On Linux the ansible_fqdn contains both the hostname and the domain of the machine. On Windows it only contains a hostname followed by a . (dot), but no domain. I would expect that the behaviour of ansible_fqdn is the same on Windows and Linux. Thus, there is either a bug on Windows or on Linux, but there is definitely a bug. Do you agree?

from ansible.windows.

From @ShachafGoldstein on May 16, 2019 19:49

1. I don't quite understand what are you asking, but I'll try.
   When a Windows Server / Client system is in a domain its FQDN will be the hostname + domain FQDN (AD Domain)
   There are ways to change that but that should not be done and is used in old (legacy) setups or test environments

Like any other OS, you can always set the domain via DHCP / manually - in windows, this will be called a DNS suffix at times to distinguish it from the AD domain.
https://docs.microsoft.com/en-us/windows/desktop/ad/active-directory-domain-services

2. In the Linux facts, they use socket.getfqdn() from python's socket module which as I understand it returns what windows facts have at the interface info, or the DNS suffix of the interface and they also can get an array for that fact which is not really how FQDN is used in Windows.

In this case, I don't think this can be called a bug, but a feature since Linux and Windows are inherently different in many many things.

from ansible.windows.

From @ShachafGoldstein on Jun 16, 2019 00:54

Can this issue be closed?

from ansible.windows.

From @jborean93 on Mar 11, 2020 07:31

This issue has actually be reported from an internal customer under a different problem. We need to look at trying to fix setup.ps1 to use the original IP primary dns suffix for the FQDN to match the previous behaviour before a recent change.

from ansible.windows.

Happening the same here. System not joined to the domain not being reported correctly in ansible_nodename and ansible_fqdn:

Non joined:

$ ansible -m setup node1.example.com | grep node1
node1.example.com | SUCCESS => {
        "ansible_fqdn": "node1", 
        "ansible_hostname": "node1", 
        "ansible_nodename": "node1", 

AD joined:

$ ansible -m setup node2.example.com | grep node2
node2.example.com | SUCCESS => {
        "ansible_fqdn": "node2.example.com", 
        "ansible_hostname": "node2", 
        "ansible_nodename": "node2.example.com", 

Network configuration is exactly the same, as both are configured with Ansible in that regard.

from ansible.windows.

I forgot to close this at the time but the original logic was restores, sans the stray end period, with #38.

from ansible.windows.