Salt批量更新Win服務器DNS配置

應用場景

---

DC升級、維護、舊DC下線，域中的服務器都須要將DNS指向新的DC，手動逐臺更改佔用大量的人力和時間。

提案

---

• SaltStack中win_dns_client模塊的win_dns_client.add_dns方法
• SaltStack中network模塊的managed方法
• 使用SaltStack遠程執行PS腳本

可行性分析

---

• win_dns_client 模塊

  該模塊提供了兩種方式來設置DNS，一種是遠程執行方法 win_dns_client.add_dns，一種是sls狀態文件方法 win_dns_client.dns_exists。

win_dns_client.add_dns:

    Add the DNS server to the network interface
    (index starts from 1)

    Note: if the interface DNS is configured by DHCP, all the DNS servers will
    be removed from the interface and the requested DNS will be the only one

    CLI Example:

        salt '*' win_dns_client.add_dns <ip> <interface> <index>

--------
win_dns_client.dns_exists:

            Configure the DNS server list in the specified interface

            Example:

                config_dns_servers:
                  win_dns_client.dns_exists:
                    - replace: True #remove any servers not in the "servers" list, default is False
                    - servers:
                      - 8.8.8.8
                      - 8.8.8.9

win_dns_client.add_dns 的參數中須要明確指定網卡接口名稱和接口索引編號。而Window操做系統網卡名稱不一，尤爲有hyper-v，team-bonding的情形存在時。所以這個方法只能棄用。

win_dns_client.dns_exists 看使用方法要比win_dns_client.add_dns更適合，可是會存在多網卡的情形。另外就是，測試中該方法不能設置成功,日誌當中也沒有任何有效的信息。

• network 模塊

該模塊僅有managed一種方法：

network.managed:

            Ensure that the named interface is configured properly.

            Args:

                name (str):
                    The name of the interface to manage

                dns_proto (str): None
                    Set to ``static`` and use the ``dns_servers`` parameter to provide a
                    list of DNS nameservers. set to ``dhcp`` to use DHCP to get the DNS
                    servers.

                dns_servers (list): None
                    A list of static DNS servers. To clear the list of DNS servers pass
                    an empty list (``[]``). ``None`` will make no changes.

                ip_proto (str): None
                    Set to ``static`` and use the ``ip_addrs`` and (optionally)
                    ``gateway`` parameters to provide a list of static IP addresses and
                    the default gateway. Set to ``dhcp`` to use DHCP.

                ip_addrs (list): None
                    A list of static IP addresses with netmask flag, ie: 192.168.0.11/24

                gateway (str): None
                    The gateway to set for the interface

                enabled (bool): True
                    Set to ``False`` to ensure that this interface is disabled.

            Returns:
                dict: A dictionary of old and new settings

            Example:

                Ethernet1:
                  network.managed:
                    - dns_proto: static
                    - dns_servers:
                      - 8.8.8.8
                      - 8.8.8.4
                    - ip_proto: static
                    - ip_addrs:
                      - 192.168.0.100/24

因爲managed方法IP參數是必須指定的，因此通過測試，不適合這個場景。
最終只能使用salt遠程執行powershell來實現。

實現

---

• PS腳本

#Script_Name： Update_DNS_Server.ps1
#2020-07-28

$new_dns_servers = 「172.16.7.54「,"172.16.7.80"
$old_dns_lists = "172.16.7.55","172.16.7.30"
$ip = Get-NetIPConfiguration 
$ifip = $ip.IPv4Address.IPAddress

#服務器多網卡防止全改
if ($ifip.Split(".")[-2] -eq "7")  {

    $ifindex = $ip.InterfaceIndex
    $current_dns_servers = $ip.DNSServer.ServerAddresses

    foreach ($i in $current_dns_servers) {    
        if ($i -in $old_dns_lists)  {
            Set-DnsClientServerAddress -InterfaceIndex  $ifindex  -ServerAddresses  ($new_dns_servers)
        }  

    }
}

• Salt遠程執行

執行&執行效果：

批量修改測試：

修改爲功。