New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloudflare-ddns: fix broken configuration and update default auth from deprecated Global API Key to API Token #354
Cloudflare-ddns: fix broken configuration and update default auth from deprecated Global API Key to API Token #354
Conversation
…ead of deprecated global API key Uses config.yaml for docker container instead of deprecated environment variables (which weren't working for me). This change is backwards compatible (old configs using global API key still work-- or will work again). Docs updated to reflect changes.
f38bc87
to
f1cab21
Compare
FYI to all, this pull request conflicts with #336 . That PR, I believe, would break/not fix existing configurations. @davestephens I don't know if Cloudflare-DDNS is still broken for everyone (it was for me, even with the updated joshuaavalon docker image), but if it is, merging this PR should provide immediate relief without any config updates. And those using/wanting to use Token Auth with have a path forward as well with some minor effort. |
Hey, thanks for the ping.
I know I'm horrifically behind on PRs, apologies for that. A new job and
kids at home has massively reduced my time for hacking recently! I hope to
embark on a clear out over the next couple of weeks. Additionally, I have a
rejig planned that'll make merging PRs much much much easier 👍
…On Sat, 15 Aug 2020, 20:44 ryanolf, ***@***.***> wrote:
FYI to all, this pull request conflicts with #336
<#336> . That PR, I
believe, would break/not fix existing configurations.
@davestephens <https://github.com/davestephens> I don't know if
Cloudflare-DDNS is still broken for everyone (it was for me, even with the
updated joshuaavalon docker image), but if it is, merging this PR should
provide immediate relief without any config updates. And those
using/wanting to use Token Auth with have a path forward as well with some
minor effort.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#354 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFDGMC3TCCRZT3JLFRSVITSA3QQBANCNFSM4P66H6DQ>
.
|
I can confirm that this PR is working with the new authentication method (api token) of cloudflare. ###
### Cloudflare
###
# Cloudflare is a great free DNS option for domains. If you use the cloudflare_ddns container then you'll need to
# set the options below.
# Data directory for config file
cloudflare_data_directory: "{{ docker_home }}/cloudflare_ddns"
# Your domain name
cloudflare_zone: "{{ ansible_nas_domain }}"
# The hostname you want the container to update. You shouldn't need to change this.
cloudflare_host: "{{ ansible_nas_hostname }}.{{ cloudflare_zone }}"
# Cloudflare scoped token (https://joshuaavalon.github.io/docker-cloudflare/guide/cloudflare.html#authentication)
# Make sure token permissions include #DNS:Edit and #Zone:Read
cloudflare_token: "***"
# Set to true to make traffic go through the CloudFlare CDN.
# Note that if the cloudflare host is a wildcard (the default), this must be false, as cloudflare
# does not support http proxy of wildcard CNAMEs.
cloudflare_proxy: false
# Set to AAAA to use set IPv6 records instead of IPv4 records.
cloudflare_type: "A" |
I finally got around to merging this, thank you for the contribution! Couple of notes:
|
What this PR does / why we need it:
This PR fixes #243 for current configurations. Somehow, for me, even the latest joshava/cloudflare-ddns image with support for the latest Cloudflare API was not working for me. The author of that docker image has deprecated configuration by environment variables, so I refactored the ansible task to use a config file.
As Cloudflare has deprecated global API key access, I also updated the ansible-nas default to use the API Token authentication. To use API Token auth, existing users need to set the appropriate variable and remove the
cloudflare_api_key
variable. However, existing users need not change their configuration at all, so long as Cloudflare supports the global API key.Which issue (if any) this PR fixes:
Fixes #243
Any other useful info:
I have tested this both with my old configuration (using global API key) and with a new access token. I believe this PR should be a straightforward fix for #243 (along with, obviously, the fact that the docker image was updated) and should allow ansible-nas users to move on from the deprecated global API key to the more granular and secure API Tokens.