Dynamic DNS with Cloudflare

At home I use Ubiquiti gear for all of my networking and I use Cloudflare for my external DNS. Rather than use another service like DynDNS or No-IP, I set up a small script that runs on my EdgeRouter Lite that updates records for my stuff at home in a simple cron job. The script just uses Cloudflare’s API to update an existing record. I haven’t found a way to get the record name from the web interface yet so you do need to get the record ID from the API.

#!/bin/bash

key="your-api-key"
zoneID="your-zone-id"
email="you@yourmail.com"
recordID="record-id-to-update"
recordName="newrecord.yourdomain.com"
ip=$(ifconfig eth0 | grep "inet addr:" | cut -d: -f2 | awk '{ print $1 }')

curl -X PUT "https://api.cloudflare.com/client/v4/zones/$zoneID/dns_records/$recordID" \
     -H "X-Auth-Email: $email" \
     -H "X-Auth-Key: $key" \
     -H "Content-Type: application/json" \
     --data '{"type":"A","name":"'"$recordName"'","content":"'"$ip"'","ttl":120,"proxied":false}' -k

Another option rather than getting the IP from the interface is using icanhazip.com (thanks Major!) which will return a just your IP in a string. This way you don’t need to use your edge device to interface with Cloudflare, any internal system will work.

Ansible Tower Provisioning Callbacks

One of Tower’s big selling points is the RESTful API. This allows systems to request certain templates to run against themselves from Tower. I leverage this on workstations with a systemd service and timer. Each workstation waits a predetermined time after boot and then does an API call to Tower. Tower then runs the workstation provision template against the system that requested it.

To enable callbacks, just check “Allow Provisioning Callbacks.” Tower then gives you the key and URL.

tower-callback

Tower has some pre-built scripts for a callback, or you can just use curl.

curl --data "host_config_key=d13a7b6e08e84c7d8f412b9754400a00"https://tower.example.com/api/v1/job_templates/26/callback/ -k

This has many benefits beyond just physical host provisioning. This allows systems to “check in” without using Ansible pull. And if the callback came from a host that isn’t in your inventory, it will fail in Tower. This adds some security so not just any random system can do a callback.