应用场景
DC升级、维护、旧DC下线,域中的服务器都需要将DNS指向新的DC,手动逐台更改占用大量的人力和时间。
提案
- SaltStack中win_dns_client模块的win_dns_client.add_dns方法
- SaltStack中network模块的managed方法
- 使用SaltStack远程执行PS脚本
可行性分析
-
win_dns_client 模块
该模块提供了两种方式来设置DNS,一种是远程执行方法 win_dns_client.add_dns,一种是sls状态文件方法 win_dns_client.dns_exists。
win_dns_client.add_dns:
Add the DNS server to the network interface
(index starts from 1)
Note: if the interface DNS is configured by DHCP, all the DNS servers will
be removed from the interface and the requested DNS will be the only one
CLI Example:
salt '*' win_dns_client.add_dns <ip> <interface> <index>
--------
win_dns_client.dns_exists:
Configure the DNS server list in the specified interface
Example:
config_dns_servers:
win_dns_client.dns_exists:
- replace: True #remove any servers not in the "servers" list, default is False
- servers:
- 8.8.8.8
- 8.8.8.9
win_dns_client.add_dns 的参数中需要明确指定网卡接口名称和接口索引编号。而Window操作系统网卡名称不一,尤其有hyper-v,team-bonding的情形存在时。因此这个方法只能弃用。
win_dns_client.dns_exists 看使用方法要比win_dns_client.add_dns更适合,但是会存在多网卡的情形。另外就是,测试中该方法不能设置成功,日志当中也没有任何有效的信息。
- network 模块
该模块仅有managed一种方法:
network.managed:
Ensure that the named interface is configured properly.
Args:
name (str):
The name of the interface to manage
dns_proto (str): None
Set to ``static`` and use the ``dns_servers`` parameter to provide a
list of DNS nameservers. set to ``dhcp`` to use DHCP to get the DNS
servers.
dns_servers (list): None
A list of static DNS servers. To clear the list of DNS servers pass
an empty list (``[]``). ``None`` will make no changes.
ip_proto (str): None
Set to ``static`` and use the ``ip_addrs`` and (optionally)
``gateway`` parameters to provide a list of static IP addresses and
the default gateway. Set to ``dhcp`` to use DHCP.
ip_addrs (list): None
A list of static IP addresses with netmask flag, ie: 192.168.0.11/24
gateway (str): None
The gateway to set for the interface
enabled (bool): True
Set to ``False`` to ensure that this interface is disabled.
Returns:
dict: A dictionary of old and new settings
Example:
Ethernet1:
network.managed:
- dns_proto: static
- dns_servers:
- 8.8.8.8
- 8.8.8.4
- ip_proto: static
- ip_addrs:
- 192.168.0.100/24
由于managed方法IP参数是必须指定的,所以经过测试,不适合这个场景。 最终只能使用salt远程执行powershell来实现。
实现
- PS脚本
#Script_Name: Update_DNS_Server.ps1
#2020-07-28
$new_dns_servers = “172.16.7.54“,"172.16.7.80"
$old_dns_lists = "172.16.7.55","172.16.7.30"
$ip = Get-NetIPConfiguration
$ifip = $ip.IPv4Address.IPAddress
#服务器多网卡防止全改
if ($ifip.Split(".")[-2] -eq "7") {
$ifindex = $ip.InterfaceIndex
$current_dns_servers = $ip.DNSServer.ServerAddresses
foreach ($i in $current_dns_servers) {
if ($i -in $old_dns_lists) {
Set-DnsClientServerAddress -InterfaceIndex $ifindex -ServerAddresses ($new_dns_servers)
}
}
}
- Salt远程执行
执行&执行效果:
批量修改测试:
修改成功。