https://feedthebees.beemaster.ca: : Cloudflare DNS Management

Overview

The Cloudflare integration provides role-based access control for managing DNS records and other Cloudflare features for domains managed by the Comserv2 system. It integrates with the existing site and user management system to ensure that users can only access domains they have permission to manage.

Quick Access

You can access the Cloudflare DNS Management interface directly from the Admin menu:

Admin → System Setup → System Configuration → Cloudflare DNS

Open Cloudflare DNS Management

Features

DNS Management

View DNS records for all your domains
Add new DNS records (A, AAAA, CNAME, TXT, MX, etc.)
Edit existing DNS records
Delete DNS records

Cache Management

Purge cache for domains
Improve site performance

Role-Based Access

Admin: Full access to all domains
Developer: DNS and cache management
Editor: Limited DNS management

Site Integration

Integrated with Comserv2 site system
Domain-specific permissions
User role-based access control

Configuration

The Cloudflare integration is configured using a JSON file located at Comserv/config/cloudflare_config.json. This file contains API credentials, role permissions, and site-specific permission overrides.

{
  "cloudflare": {
    "api_token": "YOUR_TOKEN",
    "account_id": "YOUR_ACCOUNT_ID",
    "email": "[email protected]"
  },
  "roles": {
    "admin": {
      "permissions": ["dns:edit", "zone:edit", "ssl:edit", "cache:edit"]
    },
    "developer": {
      "permissions": ["dns:edit", "cache:edit"]
    },
    "editor": {
      "permissions": ["dns:edit"]
    }
  },
  "site_specific_permissions": {
    "beemaster.ca": {
      "editor": ["dns:edit", "cache:edit"]
    }
  }
}

Configuration Sections

cloudflare: Contains the API credentials for accessing the Cloudflare API.
- api_token: Your Cloudflare API token
- account_id: Your Cloudflare account ID
- email: The email address associated with your Cloudflare account
roles: Defines the default permissions for each role.
- Each role has a list of permissions it is granted by default
- Available permissions: dns:edit, zone:edit, ssl:edit, cache:edit
site_specific_permissions: Defines domain-specific permission overrides.
- Allows you to grant additional permissions for specific domains
- Overrides the default permissions for the specified role and domain

Usage Guide

Accessing the Interface

Log in to the Comserv2 application with admin, developer, or editor privileges
Navigate to Admin → System Setup → System Configuration → Cloudflare DNS
The Cloudflare DNS Management interface will display all sites you have access to

Managing DNS Records

Select a site from the list
Click "View DNS" for the domain you want to manage
The DNS records for the domain will be displayed
Use the "Add Record" button to create new DNS records
Click "Edit" on existing records to modify them
Use the "Delete" button in the edit modal to remove records

Purging Cache

Select a site and domain as described above
Click the "Purge Cache" button
Confirm the action when prompted
The cache for the domain will be purged

Technical Implementation

The Cloudflare integration consists of the following components:

CloudflareManager.py: A Python module that handles the interaction with the Cloudflare API and implements role-based access control.
CloudflareAPI.pm: A Catalyst controller that provides a web interface for managing Cloudflare features.
cloudflare/index.tt: A template for the Cloudflare management interface.
cloudflare.css: CSS styles for the Cloudflare management interface.

Dependencies

The Cloudflare integration requires the following dependencies:

Python 3.6 or higher
Cloudflare Python SDK (pip install cloudflare)
JSON module for Python
IPC::Run3 Perl module

Troubleshooting

Common Issues

API Authentication Errors

Symptom: "Authentication error" or "Invalid API token" messages

Solution: Verify your API token in the cloudflare_config.json file. Ensure it has the correct permissions in the Cloudflare dashboard.

Permission Denied Errors

Symptom: "Permission denied" or "Access denied" messages

Solution: Check the user's role and the permissions defined in the cloudflare_config.json file. Ensure the user has the necessary permissions for the domain they're trying to access.

DNS Records Not Loading

Symptom: DNS records don't appear or the interface shows an error

Solution: Verify the domain is correctly configured in Cloudflare and that the zone ID can be retrieved. Check the application logs for specific error messages.