Initial commit
diff --git a/files/ansible.cfg b/files/ansible.cfg
new file mode 100644
index 0000000..dd43d2b
--- /dev/null
+++ b/files/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+host_key_checking = false
diff --git a/files/etc/libvirt/hooks/daemon b/files/etc/libvirt/hooks/daemon
new file mode 100644
index 0000000..cff3fb7
--- /dev/null
+++ b/files/etc/libvirt/hooks/daemon
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+SHELL="/bin/bash"
+
+NIC=$( route|grep default|awk '{print$8}' )
+
+NAME="${1}"
+OP="${2}"
+SUBOP="${3}"
+ARGS="${4}"
+
+add_port_fwd_rule() {
+    DPORT=$1
+    VM=$2
+    TOPORT=$3
+    
+    VMIP=$( getent ahosts $VM|head -1|awk '{print $1}' )
+    iptables -t nat -C PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
+    if [ "$?" -ne 0 ]
+    then
+	iptables -t nat -A PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
+    fi
+}
+
+if [ "$OP" = "start" ] || [ "$OP" = "reload" ]
+then
+    iptables -t nat -F
+    add_port_fwd_rule 35357 keystone 35357
+    add_port_fwd_rule 4990 keystone 4990
+    add_port_fwd_rule 5000 keystone 5000
+    add_port_fwd_rule 8774 nova-cloud-controller 8774
+    add_port_fwd_rule 9696 nova-cloud-controller 9696
+    add_port_fwd_rule 9292 glance 9292
+    add_port_fwd_rule 8080 openstack-dashboard 80
+    add_port_fwd_rule 3128 nagios 80
+    add_port_fwd_rule 8777 ceilometer 8777
+
+    # Also flush the filter table before rules re-added
+    iptables -F
+fi	
diff --git a/files/etc/libvirt/hooks/qemu b/files/etc/libvirt/hooks/qemu
new file mode 100644
index 0000000..903fced
--- /dev/null
+++ b/files/etc/libvirt/hooks/qemu
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+SHELL="/bin/bash"
+
+NIC=$( route|grep default|awk '{print$8}' )
+PORTAL=$( dig +short portal.opencloud.us )
+
+NAME="${1}"
+OP="${2}"
+SUBOP="${3}"
+ARGS="${4}"
+
+add_rule() {
+    ARGS=$1
+    iptables -C FORWARD $ARGS
+    if [ "$?" -ne 0 ]
+    then
+        iptables -I FORWARD 1 $ARGS
+    fi
+}
+
+add_local_access_rules() {
+    SUBNET=$( ip addr show $NIC|grep "inet "|awk '{print $2}' )
+    add_rule "-s $SUBNET -j ACCEPT"
+}
+
+add_portal_access_rules() {
+    add_rule "-s $PORTAL -j ACCEPT"
+}
+
+add_web_access_rules() {
+    add_rule "-p tcp --dport 80 -j ACCEPT"
+}
+
+if [ "$OP" = "start" ]
+then
+	add_local_access_rules
+	add_portal_access_rules
+	add_web_access_rules
+fi	
diff --git a/files/openstack.cfg b/files/openstack.cfg
new file mode 100644
index 0000000..9503b4d
--- /dev/null
+++ b/files/openstack.cfg
@@ -0,0 +1,17 @@
+glance:
+   openstack-origin: "cloud:trusty-icehouse"
+keystone:
+   admin-password: ""
+   openstack-origin: "cloud:trusty-icehouse"
+nova-cloud-controller:
+   network-manager: "Neutron"
+   openstack-origin: "cloud:trusty-icehouse"
+nova-compute:
+   config-flags: "firewall_driver=nova.virt.firewall.NoopFirewallDriver"
+   openstack-origin: "cloud:trusty-icehouse"
+ntp:
+   source: "ntp.cs.princeton.edu"
+openstack-dashboard:
+   openstack-origin: "cloud:trusty-icehouse"
+quantum-gateway:
+   openstack-origin: "cloud:trusty-icehouse"