IBM Cloud Docs
导出 DNS Services 配置

导出 DNS Services 配置

本节介绍如何运行脚本来复制 IBM Cloud® DNS Services 实例配置。 示例脚本会将以下信息写入文件。

  • 指定实例本身。
  • 实例中的自定义解析器。
  • 在这种情况下,GLB 资金池。
  • 在这种情况下,GLB 监督员。
  • 该实例请求访问的跨账户链接区。
  • 每个链接区允许使用的网络。
  • 实例的所有 DNS 区域和 DNS 区域数据。
  • 每个 DNS 区域的所有资源记录数据。
  • 每个 DNS 区域的所有允许网络数据。
  • 跨帐户链接区访问该实例上任何 DNS 区的请求。

这些数据有助于调试问题,如果遇到支持问题,还可以提供给支持团队(如果配置数据不被视为私人数据)。 这些数据还可以作为备份。

该数据“仅限导出”,不能用于导入配置。

脚本使用

基本脚本用于以下示例。

$ ./copy_dns_config.sh <instance ID, NAME, or CRN> [path/to/output-file]
#   Required: <instance ID, NAME, or CRN>
#   Optional: [path/to/output-file]

其中,<instance ID, NAME, or CRN> 被替换为相关的 DNS Services 实例 ID、NAME 或 CRN。 可选择将输出文件的路径作为第二个参数。 如果没有给出输出文件参数,输出将写入当前目录下的文件。

示例用法:

./copy_dns_config.sh my-instance1
./copy_dns_config.sh my-instance2 ~/dns-output.txt

脚本需求

要运行该脚本,您需要具备以下前提条件。

  • IBM Cloud CLI
    • 您必须登录 IBM Cloud 账户。
    • 使用 ibmcloud login 登录。
  • jq,一个命令行 JSON 处理器。
    • $ brew install jq # macOS
    • $ apt-get install jq # Ubuntu

剧本

#!/usr/bin/env bash
#
# copy_dns_config.sh
#
# This script will write to a file all the zones, resource records,
# and permitted networks within an IBM Cloud DNS Services instance.
#
# This script requires jq to be installed: https://stedolan.github.io/jq/
#
# Usage:
#   ./copy_dns_config.sh <instance ID, NAME, or CRN> [path/to/output-file]
#
#   Required: <instance ID, NAME, or CRN>
#   Optional: [path/to/output-file]
#
# Examples:
#   ./copy_dns_config.sh my-instance1
#   ./copy_dns_config.sh my-instance2 ~/dns-output.txt
#

# $1 is the DNS Services instance NAME, ID, or CRN
instance="$1"
# $2 is the output file path
file="$2"

if [ -z "$instance" ]; then
    echo "[ERROR]: DNS Services ID, NAME, or CRN is required."
    echo "Usage:"
    printf "\t./copy_dns_config.sh <instance ID, NAME, or CRN> [path/to/output-file]\n"

    echo ""
    echo "Use one of the following DNS Services instances when running the script:"
    ibmcloud dns instances
    exit 1
fi

# jq is required
command -v jq >/dev/null 2>&1 ||  { echo >&2 \
    "[ERROR]: jq (https://stedolan.github.io/jq/) is not installed."; \
    exit 1; }

if [[ "$instance" == crn* ]]; then
    # CRN passed as arg, extract the Instance ID
    parts=($(echo $instance | tr ":" "\n"))
    instance="${parts[7]}"
fi

timestamp="$(date +'%F')"

# determine output file
if [ -z "$file" ]; then
    file="dns_svcs_${instance}_${timestamp}.txt"
fi
echo ""
echo "Saving output to file: $file"
echo ""

printf "# Timestamp\n\n" >> "$file"
echo "${timestamp}" >> "$file"
echo "" >> "$file"

# set DNS Services instance context
ibmcloud dns instance-target "$instance"

if [ $? -eq 1 ]
then
    echo "[ERROR]: Failed to set instance. Aborting."
    exit 1
fi

# list the target instance
printf "# Instance\n\n" >> "$file"
ibmcloud dns instance "$instance" --output JSON >> "$file"
echo "" >> "$file"

# list all custom resolvers for the instance
printf "# Custom resolvers in the instance\n\n" >> "$file"
custom_resolvers="$(ibmcloud dns custom-resolvers --output JSON | jq -n 'try input // ["none"]')"
echo "$custom_resolvers" >> "$file"
echo "" >> "$file"

if [[ "$(echo "$custom_resolvers" | jq -r '.[0]')" != "none" ]]; then
    custom_resolver_ids="$(echo $custom_resolvers | jq '[.[].id]')"
    for custom_resolver_id in $(echo "${custom_resolver_ids}" | jq -r '.[]'); do
        # list all custom resolver forwarding rules for the custom resolver
        printf "# Custom resolvers forwarding rules in custom resolver with ID ${custom_resolver_id}\n\n" >> "$file"
        ibmcloud dns custom-resolver-forwarding-rules "$custom_resolver_id" --output JSON \
            | jq -n 'try input // ["none"]' \
            >> "$file"
        echo "" >> "$file"

        # list all secondary zones for the custom resolver
        printf "# Secondary zones for custom resolver with ID ${custom_resolver_id}\n\n" >> "$file"
        ibmcloud dns secondary-zones "$custom_resolver_id" --output JSON \
            | jq -n 'try input // ["none"]' \
            >> "$file"
        echo "" >> "$file"
    done
fi

# list glb pools for the instance
printf "# GLB pools in this instance ${instance}\n\n" >> "$file"
ibmcloud dns glb-pools --output JSON | jq -n 'try input // ["none"]' >> "$file"
echo "" >> "$file"

# list glb monitors for the instance
printf "# GLB monitors in this instance ${instance}\n\n" >> "$file"
ibmcloud dns glb-monitors --output JSON | jq -n 'try input // ["none"]' >> "$file"
echo "" >> "$file"

# list all cross account linked zones whose access was requested by this instance to another instance
printf "# Cross account linked zones whose access was requested by this instance ${instance}\n\n" >> "$file"
linked_zones="$(ibmcloud dns cross-account linked-zones --output JSON | jq -n 'try input // ["none"]')"
echo "$linked_zones" >> "$file"
echo "" >> "$file"

# for each linked zone requested by this instance
if [[ "$(echo "$linked_zones" | jq -r '.[0]')" != "none" ]]; then
    linked_zone_ids="$(echo $linked_zones | jq '[.[].id]')"

    for linked_zone_id in $(echo "${linked_zone_ids}" | jq -r '.[]'); do
        printf "# Cross account linked zones permitted networks for linked zone with ID ${linked_zone_id}\n\n" >> "$file"
        ibmcloud dns cross-account linked-zone-permitted-networks "$linked_zone_id" \
            | jq -n 'try input // ["none"]' \
            >> "$file"
        echo "" >> "$file"
    done
fi

# list all DNS Services zones for the instance
zones="$(ibmcloud dns zones --output JSON | jq -n 'try input // ["none"]')"
printf "# Zones in this instance ${instance}\n\n" >> "$file"
echo "${zones}" >> "$file"
echo "" >> "$file"

# for each zone
if [[ "$(echo "$zones" | jq -r '.[0]')" != "none" ]]; then
    zone_ids="$(echo $zones | jq '[.[].id]')"

    for zone_id in $(echo "${zone_ids}" | jq -r '.[]'); do
        printf "# Resource records in zone with ID ${zone_id}\n\n" >> "$file"

        # list all resource records for the zone
        first_page=""
        for i in {1..4}
        do
            if [[ $i -eq 1 ]]; then
                first_page="$(ibmcloud dns resource-records "$zone_id" --per-page 1000 --page $i --output JSON | jq -n 'try input // ["none"]')"
                echo "$first_page" >> "$file"

                if [[ "$(echo "$first_page" | jq -r 'if type == "array" then .[0] else . end')" != "none" ]]; then
                    break
                fi
            else
                ibmcloud dns resource-records "$zone_id" --per-page 1000 --page $i --output JSON >> "$file"
            fi
        done
        echo "" >> "$file"

        # list all permitted networks for the zone
        printf "# Permitted networks in zone with ID ${zone_id}\n\n" >> "$file"
        ibmcloud dns permitted-networks "$zone_id" --output JSON \
            | jq -n 'try input // ["none"]' \
            >> "$file"
        echo "" >> "$file"

        # list cross account linked zone requests made from another instance to this instance
        printf "# Cross account linked zones access requests to this zone with ID ${zone_id}\n\n" >> "$file"
        ibmcloud dns cross-account access-requests "$zone_id" --output JSON \
            | jq -n 'try input // ["none"]' \
            >> "$file"
        echo "" >> "$file"
    done
fi

脚本替代品

  • 本示例脚本通过 CLI 使用插件的输出和与该服务相关的命令。
  • IBM Cloud DNS Services的完整列表可在文档中找到。CLI 命令的完整列表请参见 文档
  • API 文档 中提到的 API 也可以产生类似的输出。
  • 不同的脚本可以根据需要以不同的格式导出DNS Services下的不同资源。

脚本的替代方案

  • 另一种可移植性更强的方法是使用 Terraform 等基础设施即代码工具,如DNS Services 中记录的那样
  • 与只能导出的自定义脚本相比,Terraform 等工具可以更轻松地导出、导入以及以更统一的方式管理配置所需的其他操作。