Cloudflare salt state
Cloudflare salt module allows you to manage zones on Cloudflare from salt.
Installation
-
Copy
cloudflare.pyinto/srv/salt/_statesor do the equivalent if you use a different layout forfile_rootson Salt master. -
Sync state cache on the minion you plan to use for managing zones:
salt-call saltutil.sync_states
Managing DNS records
Obtaining credentials
Note that you can use a dedicated account with DNS Administrator permissions
to manage zone records if your account is a multi-user organization.
First of all, you have to obtain the Global API Key for the account:
Then you need to get the zone identifier (Zone ID). You can find it on the main page of Cloudflare dashboard:
Salt changes
Write the state like this (call it cloudflare.sls):
example.com:
cloudflare.manage_zone_records:
- zone: {{ pillar["cloudflare_zones"]["example.com"]|yaml }}Then add the following to the pillar (use your credentials and records):
cloudflare_zones:
example.com:
auth_email: ivan@example.com
auth_key: auth key goes here
zone_id: 0101deadbeefdeadbeefdeadbeefdead
records:
- name: ivan.exmaple.com
content: 93.184.216.34
proxied: trueEach record can have the following fields:
name- domain name (including zone)content- value of the recordtype- type of the record:A,AAAA,SRV, etc (Aby default)proxied- whether zone should be proxied (falseby default)ttl- TTL of the record in seconds,1means auto" (1by default)salt_managed- whether the record will be managed by Salt (trueby default)priority- The priority of the record. Only valid (and required) for MX records
Reference: https://api.cloudflare.com/#dns-records-for-a-zone-properties
Use salt PGP renderer if you can to encrypt the auth key:
Run the state in dry run mode:
salt-call state.apply cloudflare test=true
Then, if you are happy with the changes, apply them:
salt-call state.apply cloudflare
After a short period of time your changes should propagate across the network.
Copyright
- Copyright 2016 Cloudflare