Salt批量更新Win服务器DNS配置

应用场景

---

DC升级、维护、旧DC下线，域中的服务器都需要将DNS指向新的DC，手动逐台更改占用大量的人力和时间。

提案

---

• SaltStack中win_dns_client模块的win_dns_client.add_dns方法
• SaltStack中network模块的managed方法
• 使用SaltStack远程执行PS脚本

可行性分析

---

• win_dns_client 模块

  该模块提供了两种方式来设置DNS，一种是远程执行方法 win_dns_client.add_dns，一种是sls状态文件方法 win_dns_client.dns_exists。

win_dns_client.add_dns:

    Add the DNS server to the network interface
    (index starts from 1)

    Note: if the interface DNS is configured by DHCP, all the DNS servers will
    be removed from the interface and the requested DNS will be the only one

    CLI Example:

        salt '*' win_dns_client.add_dns   

--------
win_dns_client.dns_exists:

            Configure the DNS server list in the specified interface

            Example:

                config_dns_servers:
                  win_dns_client.dns_exists:
                    - replace: True #remove any servers not in the "servers" list, default is False
                    - servers:
                      - 8.8.8.8
                      - 8.8.8.9

win_dns_client.add_dns 的参数中需要明确指定网卡接口名称和接口索引编号。而Window操作系统网卡名称不一，尤其有hyper-v，team-bonding的情形存在时。因此这个方法只能弃用。

win_dns_client.dns_exists 看使用方法要比win_dns_client.add_dns更适合，但是会存在多网卡的情形。另外就是，测试中该方法不能设置成功,日志当中也没有任何有效的信息。

• network 模块

该模块仅有managed一种方法：

 network.managed:

            Ensure that the named interface is configured properly.

            Args:

                name (str):
                    The name of the interface to manage

                dns_proto (str): None
                    Set to ``static`` and use the ``dns_servers`` parameter to provide a
                    list of DNS nameservers. set to ``dhcp`` to use DHCP to get the DNS
                    servers.

                dns_servers (list): None
                    A list of static DNS servers. To clear the list of DNS servers pass
                    an empty list (``[]``). ``None`` will make no changes.

                ip_proto (str): None
                    Set to ``static`` and use the ``ip_addrs`` and (optionally)
                    ``gateway`` parameters to provide a list of static IP addresses and
                    the default gateway. Set to ``dhcp`` to use DHCP.

                ip_addrs (list): None
                    A list of static IP addresses with netmask flag, ie: 192.168.0.11/24

                gateway (str): None
                    The gateway to set for the interface

                enabled (bool): True
                    Set to ``False`` to ensure that this interface is disabled.

            Returns:
                dict: A dictionary of old and new settings

            Example:

                Ethernet1:
                  network.managed:
                    - dns_proto: static
                    - dns_servers:
                      - 8.8.8.8
                      - 8.8.8.4
                    - ip_proto: static
                    - ip_addrs:
                      - 192.168.0.100/24

由于managed方法IP参数是必须指定的，所以经过测试，不适合这个场景。
最终只能使用salt远程执行powershell来实现。

实现

---

• PS脚本

#Script_Name： Update_DNS_Server.ps1
#2020-07-28

$new_dns_servers = “172.16.7.54“,"172.16.7.80"
$old_dns_lists = "172.16.7.55","172.16.7.30"
$ip = Get-NetIPConfiguration 
$ifip = $ip.IPv4Address.IPAddress

#服务器多网卡防止全改
if ($ifip.Split(".")[-2] -eq "7")  {

    $ifindex = $ip.InterfaceIndex
    $current_dns_servers = $ip.DNSServer.ServerAddresses

    foreach ($i in $current_dns_servers) {    
        if ($i -in $old_dns_lists)  {
            Set-DnsClientServerAddress -InterfaceIndex  $ifindex  -ServerAddresses  ($new_dns_servers)
        }  

    }
}

• Salt远程执行

执行&执行效果：

批量修改测试：

修改成功。