Ansible has a module that makes it easy to automate Cloudflare DNS changes. This tutorial shows you an example of how to use Ansible to create a TXT record using Cloudflare’s API token authentication method.
Step 1: Create a Cloudflare API Token
The first thing we need to do is login to the Cloudflare Dashboard and create a new API Token that has permissions to Edit DNS records.
Scroll down to Zone Resources and select the domain you want the API Token to be able to edit. You can also choose what client IP addresses are allowed to use the Token so you can restrict access to your office. After you’ve done that click Continue to summary.
Click Create Token.
The final screen shows your API Token. Click Copy then store it in a safe place. Do not show this token to anyone or they will be able to modify your DNS records.
Now that you’ve created an API Token, we will use it in the next step while creating the playbook.
Step 2: Create Ansible Playbook
Create a file called create-txt-record.yml and add the following contents.
After running the playbook with ansible-playbook delete-txt-record.yml, the dig command we ran in step 4 should return nothing.
In this tutorial, we used Ansible and the Cloudflare module to automate the creation and deletion of TXT records. We used Cloudflare’s API token authentication method because you can use the principle of least privilege to make accessing the account more secure.