blackroad-os/blackroad-operating-system
9
0
Fork 0
mirror of https://github.com/blackboxprogramming/BlackRoad-Operating-System.git synced 2026-03-16 23:57:10 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
9bfad04aa18a9b07d11da37efeebef4f81b642fe
blackroad-operating-system/scripts/cloudflare/README.md
Claude 5305790504 Add Cloudflare DNS migration infrastructure and automation 
Implements Action #1 from NEXT_ACTIONS_ALEXA.md: Complete Cloudflare DNS
migration tooling and documentation for BlackRoad domains.

New Features:
- Automated DNS sync script (scripts/cloudflare/sync_dns.py)
  * Syncs DNS records from ops/domains.yaml to Cloudflare API
  * Supports dry-run mode for safe previewing
  * Handles CNAME, A, MX, and TXT records
  * Colored output for easy scanning

- DNS validation script (scripts/cloudflare/validate_dns.py)
  * Verifies DNS resolution and propagation
  * Checks SSL certificate validity
  * Tests HTTP/HTTPS accessibility and redirects
  * Supports checking multiple domains

- GitHub Actions workflow (.github/workflows/sync-cloudflare-dns.yml)
  * Automatically syncs DNS on ops/domains.yaml changes
  * Includes dry-run validation step
  * Manual trigger support via workflow_dispatch

Documentation:
- Comprehensive migration guide (docs/CLOUDFLARE_MIGRATION_GUIDE.md)
  * Step-by-step instructions for migrating from GoDaddy to Cloudflare
  * Covers all 10 BlackRoad domains
  * Includes troubleshooting and rollback procedures
  * Estimated 2-4 hours total migration time

- Scripts README (scripts/cloudflare/README.md)
  * Installation and usage instructions
  * API token setup guide
  * Integration examples for CI/CD

Configuration:
- Updated backend/.env.example with Cloudflare variables:
  * CLOUDFLARE_API_TOKEN
  * CLOUDFLARE_ACCOUNT_ID
  * CLOUDFLARE_ZONE_ID
  * CLOUDFLARE_EMAIL

- Python dependencies (scripts/cloudflare/requirements.txt)
  * requests, PyYAML, dnspython, colorama

Benefits of Cloudflare Migration:
- Free SSL certificates with automatic renewal
- Global CDN for faster page loads
- DDoS protection and Web Application Firewall
- Better DNS performance via anycast network
- Advanced features (Workers, Zero Trust, edge functions)
- Superior analytics and security insights

Next Steps:
1. Set up Cloudflare account and get API token
2. Add blackroad.systems domain to Cloudflare
3. Update nameservers at GoDaddy
4. Run sync script to configure DNS records
5. Verify migration with validation script
6. Repeat for remaining 9 domains

Related:
- Implements infra/cloudflare/CLOUDFLARE_DNS_BLUEPRINT.md
- Addresses ops/DOMAIN_FIX_GUIDE.md recommendations
- Part of Phase 1 Q1 infrastructure foundation

Files Added:
- scripts/cloudflare/sync_dns.py (352 lines)
- scripts/cloudflare/validate_dns.py (387 lines)
- scripts/cloudflare/README.md
- scripts/cloudflare/requirements.txt
- docs/CLOUDFLARE_MIGRATION_GUIDE.md (867 lines)
- .github/workflows/sync-cloudflare-dns.yml

Files Modified:
- backend/.env.example (added Cloudflare env vars)
2025-11-18 02:43:48 +00:00

314 lines
7.1 KiB
Markdown
Raw Blame History

# Cloudflare DNS Management Scripts
This directory contains automation scripts for managing BlackRoad domains via the Cloudflare API.
## Scripts
### `sync_dns.py`
Synchronizes DNS records from `ops/domains.yaml` to Cloudflare. Handles creating new records and updating existing ones.
**Features:**
- Automated DNS record synchronization
- Dry-run mode to preview changes
- Colored output for easy scanning
- Support for multiple record types (A, CNAME, MX, TXT)
- Automatic proxying configuration
**Usage:**
```bash
# Set environment variables
export CF_API_TOKEN="your-cloudflare-api-token"
export CF_ZONE_ID="your-zone-id"
# Preview changes (dry run)
python scripts/cloudflare/sync_dns.py --dry-run
# Apply changes
python scripts/cloudflare/sync_dns.py
# Or with command-line arguments
python scripts/cloudflare/sync_dns.py \
--token "your-token" \
--zone-id "your-zone-id" \
--zone-name "blackroad.systems"
```
### `validate_dns.py`
Validates DNS configuration and checks propagation status across the internet.
**Features:**
- DNS resolution verification
- SSL certificate validation
- HTTP/HTTPS accessibility testing
- Redirect verification (www → apex, HTTP → HTTPS)
- Support for checking multiple domains
**Usage:**
```bash
# Check single domain (default: blackroad.systems)
python scripts/cloudflare/validate_dns.py
# Check specific domain
python scripts/cloudflare/validate_dns.py --domain blackroad.ai
# Check all BlackRoad domains
python scripts/cloudflare/validate_dns.py --all
# DNS-only check (skip SSL and HTTP)
python scripts/cloudflare/validate_dns.py --dns-only
```
## Installation
### Prerequisites
- Python 3.8 or higher
- Cloudflare account with API token
- Domain(s) added to Cloudflare
### Install Dependencies
```bash
# Install required packages
pip install -r scripts/cloudflare/requirements.txt
# Or install individually
pip install requests pyyaml dnspython colorama
```
## Configuration
### Getting Cloudflare API Token
1. Log in to [Cloudflare Dashboard](https://dash.cloudflare.com)
2. Go to **My Profile****API Tokens**
3. Click **Create Token**
4. Use the **Edit zone DNS** template
5. Select the zones you want to manage
6. Create token and copy it
### Getting Zone ID
1. Go to [Cloudflare Dashboard](https://dash.cloudflare.com)
2. Select your domain (e.g., `blackroad.systems`)
3. Scroll down to **API** section on the right sidebar
4. Copy the **Zone ID**
### Environment Variables
```bash
# Add to your shell profile (~/.bashrc, ~/.zshrc, etc.)
export CF_API_TOKEN="your-cloudflare-api-token-here"
export CF_ZONE_ID="your-zone-id-here"
# Or create a .env file (DO NOT COMMIT THIS)
echo "CF_API_TOKEN=your-token" >> .env
echo "CF_ZONE_ID=your-zone-id" >> .env
source .env
```
## Domain Configuration
DNS records are defined in `ops/domains.yaml`. Example:
```yaml
domains:
- name: "blackroad.systems"
type: "root"
provider: "cloudflare"
mode: "dns"
record:
type: "CNAME"
value: "blackroad-os-production.up.railway.app"
ttl: 1 # Auto
proxied: true
- name: "api.blackroad.systems"
type: "subdomain"
provider: "cloudflare"
mode: "dns"
record:
type: "CNAME"
value: "blackroad-os-production.up.railway.app"
proxied: true
```
## Workflow
### Initial Migration
1. **Add domain to Cloudflare** (manual step via dashboard)
```
- Go to Cloudflare → Add a site
- Enter domain name
- Choose Free plan
- Follow setup wizard
```
2. **Update nameservers at registrar** (GoDaddy, etc.)
```
- Copy nameservers from Cloudflare
- Update at domain registrar
- Wait 5-60 minutes for propagation
```
3. **Configure DNS records**
```bash
# Update ops/domains.yaml with your records
# Preview changes
python scripts/cloudflare/sync_dns.py --dry-run
# Apply changes
python scripts/cloudflare/sync_dns.py
```
4. **Verify configuration**
```bash
# Check DNS propagation
python scripts/cloudflare/validate_dns.py
# Or check specific domain
python scripts/cloudflare/validate_dns.py --domain blackroad.systems
```
### Regular Updates
When updating DNS records:
1. Edit `ops/domains.yaml`
2. Run dry-run to preview: `python scripts/cloudflare/sync_dns.py --dry-run`
3. Apply changes: `python scripts/cloudflare/sync_dns.py`
4. Validate: `python scripts/cloudflare/validate_dns.py`
## Troubleshooting
### DNS Not Resolving
**Problem:** Domain doesn't resolve
**Solutions:**
```bash
# Check DNS with dig
dig blackroad.systems
# Check with validation script
python scripts/cloudflare/validate_dns.py --domain blackroad.systems
# Wait for propagation (5-60 minutes after nameserver change)
```
### API Authentication Errors
**Problem:** `401 Unauthorized` or `403 Forbidden`
**Solutions:**
- Verify API token is correct
- Check token has "Edit DNS" permission for the zone
- Ensure token hasn't expired
- Verify zone ID is correct
### Script Errors
**Problem:** Import errors or missing dependencies
**Solutions:**
```bash
# Install all dependencies
pip install -r scripts/cloudflare/requirements.txt
# Or install missing package
pip install <package-name>
```
### Configuration Drift
**Problem:** Cloudflare records don't match `domains.yaml`
**Solutions:**
```bash
# Run sync to update Cloudflare to match config
python scripts/cloudflare/sync_dns.py
# Or manually update records in Cloudflare dashboard
```
## Security Best Practices
1. **Never commit API tokens**
- Add `.env` to `.gitignore`
- Use environment variables
- Rotate tokens periodically
2. **Use scoped tokens**
- Create tokens with minimum required permissions
- Use zone-specific tokens when possible
- Avoid using Global API Key
3. **Audit regularly**
- Review DNS records monthly
- Check token usage in Cloudflare dashboard
- Remove unused tokens
## Integration with CI/CD
### GitHub Actions Example
```yaml
name: Sync DNS Records
on:
push:
paths:
- 'ops/domains.yaml'
branches:
- main
jobs:
sync-dns:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install dependencies
run: |
pip install -r scripts/cloudflare/requirements.txt
- name: Sync DNS records
env:
CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
CF_ZONE_ID: ${{ secrets.CF_ZONE_ID }}
run: |
python scripts/cloudflare/sync_dns.py
```
Add secrets to GitHub:
```bash
gh secret set CF_API_TOKEN
gh secret set CF_ZONE_ID
```
## Additional Resources
- [Cloudflare API Documentation](https://developers.cloudflare.com/api/)
- [Cloudflare DNS Documentation](https://developers.cloudflare.com/dns/)
- [DNS Blueprint](../../infra/cloudflare/CLOUDFLARE_DNS_BLUEPRINT.md)
- [Domain Configuration](../../ops/domains.yaml)
## Support
For issues or questions:
- Check the [CLOUDFLARE_DNS_BLUEPRINT.md](../../infra/cloudflare/CLOUDFLARE_DNS_BLUEPRINT.md)
- Review Cloudflare dashboard for zone status
- Check script output for error messages
- Verify API token permissions
---
**Last Updated:** 2025-11-18
**Maintained by:** BlackRoad DevOps Team
Reference in New Issue View Git Blame Copy Permalink