Updated documentation and included conf.d config templates

This commit is contained in:
Eric Renfro 2017-08-18 07:31:11 -04:00
parent 101e4a039b
commit abd1c8fc71
4 changed files with 93 additions and 4 deletions

1
.gitignore vendored
View File

@ -4,6 +4,5 @@ src/update.d/*
src/aws/*
!src/aws/.do-not-delete
src/conf.d/*
!src/conf.d/.do-not-delete

View File

@ -3,3 +3,83 @@
Dynamic IP automation tool.
A bash script that detects ipv4 and ipv6 IP's and automates running agents to handle them. Comes with agents to work with AWS Route53 and AWS Security Groups, but can work with anything.
# About
This tool detects and runs agents upon detection of changes of both IPv4 and IPv6 IP addresses. These agents can do a number of things, including update DNS records, setup a firewall to adjust changes, or practically anything you want.
I wrote this because I wanted a reliable means to handle being on a dynamic IP, but wanted the security of having the ability to update DNS records quickly, accurately, while also updating firewall rules such as with AWS Security Groups, Shorewall, etc, all automatically.
# Installation
This can be installed as root or as a regular non-root user. The instructions below will be assuming root, and on a system using systemd for init.
## For root:
```
mkdir /etc/dynamic-ip
rsync -avhHi src/ /etc/dynamic-ip/
cp init/dynamic-ip.timer init/dynamic-ip.target init/update-*.service /etc/systemd/system/
cp init/dynamic-ip.sysconfig /etc/sysconfig/dynamic-ip
systemctl daemon-reload
```
Edit /etc/sysconfig/dynamic-ip and set the DOMAIN_NAME to the domain of filename you wish.
## For user:
```
mkdir ~/.dynamic-ip
rsync -avhHi src/ ~/.dynamic-ip/
mkdir -p ~/.config/systemd/user/
cp init/dynamic-ip.timer init/dinamic-ip.target init/update-*.service ~/.config/systemd/user/
cp init/dynamic-ip.sysconfig ~/.dynamic-ip/config
```
Edit the ~/.config/systemd/user/update-ipv4.service and ~/.config/systemd/user/update-ipv6.service files and change EnvironmentFile to:
```
EnvironmentFile=$HOME/.dynamic-ip/config
```
Then edit $HOME/.dynamic-ip/config and set DOMAIN_NAME to the domain or filename you wish.
# Service and Timers
To configure the automated service portion of this, the services need to know what domain, or what domain file to use for it. That is defined in the domain-ip sysconfig file.
dynamic-ip can either take single domain name on the command-line, or a file of domain names listed per each line as the domains. In the sysconfig file you can define either, and dynamic-ip will auto-detect whether it's a file, if not, treat it as a domain name.
Once everything is configured, you can enable the services as follows:
## For root:
```
systemctl enable --now dynamic-ip.timer
systemctl enable update-ipv4.service
systemctl enable update-ipv6.service
```
This will enable and start the timer, and enable the services for the dynamic-ip.target.
## For user:
```
systemctl --user enable --now dynamic-ip.timer
systemctl --user enable update-ipv4.service
systemctl --user enable update-ipv6.service
```
This will enable and start the timer, and enable the services for the dynamic-ip.target for your user account.
# Agents
The agents included work with Route53 and AWS Security Groups. Though you can use these as baselines for creating any other kind of agents for your own needs, these agents are fully functional for the purposes they were designed as-is.
update-dns-r53 is designed to use cli53, a golang utility, to deal with Route53 DNS record updates. I chose this because it was the fastest and most reliable I'd seen, and could work with ZoneID's directly which can be important, especially when you have internal zones and external zones in Route53.
To configure it, you need to define your configuration in dynamic-ip's aws/config and aws/credentials for cli53 to use. And in conf.d/ you can configure, using the same name as update-dns-r53.conf, or you can use the exact name you link in update.d/, dynamic-ip reads the global one first, which is the same name plus .conf at the end, of the agent's original filename, and then if it exists, the linked name that was actually executed plus .conf at the end from the conf.d directory, so you can have multiple configurations as needed.
update-dns-r53 uses agent_update_dns_r53_id for the ZoneID or ZoneName.
aws-sg uses agent_aws_sg_id for the SGID.

4
src/conf.d/aws-sg.conf Normal file
View File

@ -0,0 +1,4 @@
# This is for the AWS Security Group ID to manipulate. Generally starts with sg-.
#agent_aws_sg_id=

View File

@ -0,0 +1,6 @@
# This can be the ZoneID, or Domain Name. If you have multiple zones (internal
# & external) with the same domain, it's recommended to use the ZoneID to
# precisely target that zone specifically.
#agent_update_dns_r53_id=