Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cloudflare-ddns: fix broken configuration and update default auth from deprecated Global API Key to API Token #354

Merged
merged 4 commits into from Jan 20, 2021

Conversation

ryanolf
Copy link
Contributor

@ryanolf ryanolf commented Aug 13, 2020

What this PR does / why we need it:

This PR fixes #243 for current configurations. Somehow, for me, even the latest joshava/cloudflare-ddns image with support for the latest Cloudflare API was not working for me. The author of that docker image has deprecated configuration by environment variables, so I refactored the ansible task to use a config file.

As Cloudflare has deprecated global API key access, I also updated the ansible-nas default to use the API Token authentication. To use API Token auth, existing users need to set the appropriate variable and remove the cloudflare_api_key variable. However, existing users need not change their configuration at all, so long as Cloudflare supports the global API key.

Which issue (if any) this PR fixes:

Fixes #243

Any other useful info:

I have tested this both with my old configuration (using global API key) and with a new access token. I believe this PR should be a straightforward fix for #243 (along with, obviously, the fact that the docker image was updated) and should allow ansible-nas users to move on from the deprecated global API key to the more granular and secure API Tokens.

…ead of deprecated global API key

Uses config.yaml for docker container instead of deprecated environment variables (which weren't working for me).

This change is backwards compatible (old configs using global API key still work-- or will work again).

Docs updated to reflect changes.
@ryanolf ryanolf mentioned this pull request Aug 15, 2020
@ryanolf
Copy link
Contributor Author

ryanolf commented Aug 15, 2020

FYI to all, this pull request conflicts with #336 . That PR, I believe, would break/not fix existing configurations.

@davestephens I don't know if Cloudflare-DDNS is still broken for everyone (it was for me, even with the updated joshuaavalon docker image), but if it is, merging this PR should provide immediate relief without any config updates. And those using/wanting to use Token Auth with have a path forward as well with some minor effort.

@davestephens
Copy link
Owner

davestephens commented Aug 15, 2020 via email

@odbaeu
Copy link

odbaeu commented Sep 1, 2020

I can confirm that this PR is working with the new authentication method (api token) of cloudflare.
Here is my configuration:

###
### Cloudflare
###
# Cloudflare is a great free DNS option for domains. If you use the cloudflare_ddns container then you'll need to
# set the options below.
# Data directory for config file
cloudflare_data_directory: "{{ docker_home }}/cloudflare_ddns"

# Your domain name
cloudflare_zone: "{{ ansible_nas_domain }}"

# The hostname you want the container to update. You shouldn't need to change this.
cloudflare_host: "{{ ansible_nas_hostname }}.{{ cloudflare_zone }}"

# Cloudflare scoped token (https://joshuaavalon.github.io/docker-cloudflare/guide/cloudflare.html#authentication)
# Make sure token permissions include #DNS:Edit and #Zone:Read
cloudflare_token: "***"

# Set to true to make traffic go through the CloudFlare CDN.
# Note that if the cloudflare host is a wildcard (the default), this must be false, as cloudflare
# does not support http proxy of wildcard CNAMEs.
cloudflare_proxy: false

# Set to AAAA to use set IPv6 records instead of IPv4 records.
cloudflare_type: "A"

@davestephens davestephens merged commit 1672b7e into davestephens:master Jan 20, 2021
@davestephens
Copy link
Owner

I finally got around to merging this, thank you for the contribution!

Couple of notes:

  • I flipped your code to using the new ansible role structure
  • I took the executive decision to not support the global cloudflare api keys, thus making the code much cleaner :-)
  • I standardised on .yml over .yaml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Upstream Bug: cloudflare-ddns no longer working
3 participants