added roles for NSD and Unbound dns servers
diff --git a/roles/dns-nsd/defaults/main.yml b/roles/dns-nsd/defaults/main.yml
new file mode 100644
index 0000000..5dcbddf
--- /dev/null
+++ b/roles/dns-nsd/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+
+nsd_ip: 127.0.0.1
+nsd_conf: "/var/nsd/etc/nsd.conf"
+nsd_zonesdir: "/var/nsd/zones"
+nsd_group: "nsd"
+
+# default DNS TTL
+dns_ttl: 3600
+
diff --git a/roles/dns-nsd/handlers/main.yml b/roles/dns-nsd/handlers/main.yml
new file mode 100644
index 0000000..18e7e4a
--- /dev/null
+++ b/roles/dns-nsd/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+#file: roles/dns-nsd/handlers/main.yml
+
+- name: restart-nsd
+ service: name=nsd state=restarted
diff --git a/roles/dns-nsd/tasks/main.yml b/roles/dns-nsd/tasks/main.yml
new file mode 100644
index 0000000..aeeeacb
--- /dev/null
+++ b/roles/dns-nsd/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+#file: roles/dns-nsd/tasks/main.yml
+
+# OS specific vars
+- include_vars: "{{ ansible_os_family }}.yml"
+
+# Debian specific installation
+- include: nsd-Debian.yml
+ when: ansible_os_family == 'Debian'
+
+- name: Ensure that zones directory exists
+ file:
+ name={{ nsd_zonesdir }}
+ state=directory
+ mode=0755 owner=root group={{ nsd_group }}
+
+- name: Create nsd.conf from template
+ template:
+ src=nsd.conf.j2
+ dest={{ nsd_conf }}
+ mode=0644 owner=root group={{ nsd_group }}
+ notify:
+ - restart-nsd
+
+- name: create forward zonefiles from template
+ template:
+ src=zone.forward.j2
+ dest={{ nsd_zonesdir }}/{{ item.name }}.forward
+ mode=0644 owner=root group={{ nsd_group }}
+ with_items: '{{ nsd_zones }}'
+ notify:
+ - restart-nsd
+
+- name: create reverse zonefiles from template
+ template:
+ src=zone.reverse.j2
+ dest={{ nsd_zonesdir }}/{{ item.name }}.reverse
+ mode=0644 owner=root group={{ nsd_group }}
+ with_items: '{{ nsd_zones }}'
+ notify:
+ - restart-nsd
+
diff --git a/roles/dns-nsd/tasks/nsd-Debian.yml b/roles/dns-nsd/tasks/nsd-Debian.yml
new file mode 100644
index 0000000..776cbdc
--- /dev/null
+++ b/roles/dns-nsd/tasks/nsd-Debian.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Install nsd
+ apt:
+ name={{ item }}
+ state=present
+ with_items:
+ - nsd
+
diff --git a/roles/dns-nsd/templates/nsd.conf.j2 b/roles/dns-nsd/templates/nsd.conf.j2
new file mode 100644
index 0000000..29ba41a
--- /dev/null
+++ b/roles/dns-nsd/templates/nsd.conf.j2
@@ -0,0 +1,28 @@
+# nsd.conf
+# configured by Ansible!
+
+server:
+ hide-version: yes
+## bind to a specific address/port
+ ip-address: {{ nsd_ip }}
+## port number
+ port: {{ nsd_port|default(53) }}
+ server-count: 1
+ ip4-only: yes
+ zonesdir: {{ nsd_zonesdir }}
+
+remote-control:
+ control-enable: yes
+
+# zones to load
+{% for zone in nsd_zones %}
+zone:
+ name: {{ zone.name }}
+ zonefile: {{ zone.name }}.forward
+
+zone:
+ name: {{ (zone.ipv4_first_octets ~ ".0") | ipaddr('revdns') | regex_replace('^0\.','') }}
+ zonefile: {{ zone.name }}.reverse
+
+{% endfor %}
+
diff --git a/roles/dns-nsd/templates/zone.forward.j2 b/roles/dns-nsd/templates/zone.forward.j2
new file mode 100644
index 0000000..f5f8d4e
--- /dev/null
+++ b/roles/dns-nsd/templates/zone.forward.j2
@@ -0,0 +1,32 @@
+;## NSD authoritative only DNS
+;## FORWARD Zone
+
+$ORIGIN {{ item.name }}. ; default zone domain
+$TTL {{ item.ttl | default(dns_ttl) }} ; default time to live
+
+@ IN SOA {{ item.soa }}.{{ item.name }}. admin.{{ item.name }}. (
+ {{ item.serial | default(ansible_date_time.epoch) }} ; Serial, must be incremented every time you change this file
+ 3600 ; Refresh [1hr]
+ 600 ; Retry [10m]
+ 3600 ; Expire [1hr]
+ 60 ; Min TTL [1m]
+ )
+
+; Name Servers
+{% for ns in item.ns %}
+ IN NS {{ ns.name ~ '.' ~ item.name }}.
+{% endfor %}
+
+
+{% set nodes = vars[item.nodelist] %}
+
+;A and CNAME records
+{% for node in nodes %}
+{{ node.name }} IN A {{ item.ipv4_first_octets ~ "." ~ node.ipv4_last_octet }}
+{% if node.aliases is defined %}
+{% for alias in node.aliases %}
+{{ alias }} IN CNAME {{ node.name }}
+{% endfor %}
+{% endif %}
+{% endfor %}
+
diff --git a/roles/dns-nsd/templates/zone.reverse.j2 b/roles/dns-nsd/templates/zone.reverse.j2
new file mode 100644
index 0000000..f327d4b
--- /dev/null
+++ b/roles/dns-nsd/templates/zone.reverse.j2
@@ -0,0 +1,21 @@
+;## NSD authoritative only DNS
+;## REVERSE Zone for {{ item.name }}
+
+$ORIGIN {{ item.name }}. ; default zone domain
+$TTL {{ item.ttl | default(dns_ttl) }} ; default time to live
+
+
+{{ (item.ipv4_first_octets ~ ".0") | ipaddr('revdns') | regex_replace('^0\.','') }} IN SOA {{ item.soa }}.{{ item.name }}. admin.{{ item.name }}. (
+ {{ item.serial | default(ansible_date_time.epoch) }} ; Serial, must be incremented every time you change this file
+ 3600 ; Refresh [1hr]
+ 600 ; Retry [10m]
+ 3600 ; Expire [1hr]
+ 60 ; Min TTL [1m]
+ )
+
+{% set nodes = vars[item.nodelist] %}
+
+;PTR records
+{% for node in nodes %}
+{{ (item.ipv4_first_octets ~ "." ~ node.ipv4_last_octet) | ipaddr('revdns') }} IN PTR {{ node.name }}
+{% endfor %}
diff --git a/roles/dns-nsd/vars/Debian.yml b/roles/dns-nsd/vars/Debian.yml
new file mode 100644
index 0000000..eef2bd6
--- /dev/null
+++ b/roles/dns-nsd/vars/Debian.yml
@@ -0,0 +1,6 @@
+---
+
+nsd_conf: "/etc/nsd/nsd.conf"
+nsd_zonesdir: "/var/lib/nsd/zones"
+nsd_group: "nsd"
+
diff --git a/roles/dns-unbound/defaults/main.yml b/roles/dns-unbound/defaults/main.yml
new file mode 100644
index 0000000..d0553b1
--- /dev/null
+++ b/roles/dns-unbound/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+unbound_conf: "/var/unbound/etc/unbound.conf"
+unbound_group: "wheel"
+
diff --git a/roles/dns-unbound/handlers/main.yml b/roles/dns-unbound/handlers/main.yml
new file mode 100644
index 0000000..6ad5de0
--- /dev/null
+++ b/roles/dns-unbound/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+#file: roles/dns-unbound/handlers/main.yml
+
+- name: restart-unbound
+ service: name=unbound state=restarted
diff --git a/roles/dns-unbound/tasks/main.yml b/roles/dns-unbound/tasks/main.yml
new file mode 100644
index 0000000..2666538
--- /dev/null
+++ b/roles/dns-unbound/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+#file: roles/dns-unbound/tasks/main.yml
+
+# OS specific vars
+- include_vars: "{{ ansible_os_family }}.yml"
+
+# Debian specific installation
+- include: unbound-Debian.yml
+ when: ansible_os_family == 'Debian'
+
+- name: create unbound.conf from template
+ template:
+ src=unbound.conf.j2
+ dest={{ unbound_conf }}
+ mode=0644 owner=root group={{ unbound_group }}
+ # validate='unbound-checkconf %s' - can't use, checks path, not just config.
+ notify:
+ - restart-unbound
+
diff --git a/roles/dns-unbound/tasks/unbound-Debian.yml b/roles/dns-unbound/tasks/unbound-Debian.yml
new file mode 100644
index 0000000..da0254f
--- /dev/null
+++ b/roles/dns-unbound/tasks/unbound-Debian.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Install unbound
+ apt:
+ name={{ item }}
+ state=present
+ with_items:
+ - unbound
+
diff --git a/roles/dns-unbound/templates/unbound.conf.j2 b/roles/dns-unbound/templates/unbound.conf.j2
new file mode 100644
index 0000000..1583028
--- /dev/null
+++ b/roles/dns-unbound/templates/unbound.conf.j2
@@ -0,0 +1,42 @@
+# unbound.conf (configured by Ansible)
+
+server:
+ {% for cidr_ipv4 in unbound_interfaces %}
+ interface: {{ cidr_ipv4 | ipaddr('address') }}
+ {% endfor %}
+ verbosity: 1
+ port: 53
+ do-ip4: yes
+ do-udp: yes
+ do-tcp: yes
+
+ # allow from localhost
+ access-control: 127.0.0.0/24 allow
+
+ # allow from local networks
+ {% for cidr_ipv4 in unbound_interfaces %}
+ access-control: {{ cidr_ipv4 | ipaddr('network') }}/28 allow
+ {% endfor %}
+
+{% if nsd_zones is defined %}
+# allow unbound to query localhost, where nsd is listening
+do-not-query-localhost: no
+
+# allow reverse queries for RFC1918 addresses
+{% for zone in nsd_zones %}
+local-zone: "{{ zone.name_reverse_unbound }}." nodefault
+{% endfor %}
+
+# stub-zones zones that nsd is serving
+{% for zone in nsd_zones %}
+stub-zone:
+ name: "{{ zone.name }}"
+ stub-addr: {{ nsd_ip | default("127.0.0.1") }}
+
+stub-zone:
+ name: "{{ zone.name_reverse_unbound }}."
+ stub-addr: {{ nsd_ip | default("127.0.0.1") }}
+
+{% endfor %}
+{% endif %}
+
diff --git a/roles/dns-unbound/vars/Debian.yml b/roles/dns-unbound/vars/Debian.yml
new file mode 100644
index 0000000..1edb86c
--- /dev/null
+++ b/roles/dns-unbound/vars/Debian.yml
@@ -0,0 +1,5 @@
+---
+
+unbound_conf: "/etc/unbound/unbound.conf"
+unbound_group: "unbound"
+
diff --git a/vars/opencloud_defaults.yml b/vars/opencloud_defaults.yml
new file mode 100644
index 0000000..abded86
--- /dev/null
+++ b/vars/opencloud_defaults.yml
@@ -0,0 +1,162 @@
+---
+# vars/opencloud_defaults.yml
+
+openstack_version: kilo
+openstack_cfg_path: /usr/local/src/openstack.cfg
+
+head_vm_list:
+ - name: "juju"
+ hostname: "juju-1"
+ ipv4_last_octet: 10
+ cpu: 1
+ memMB: 2048
+ diskGB: 20
+
+ - name: "ceilometer"
+ hostname: "ceilometer-1"
+ ipv4_last_octet: 20
+ cpu: 1
+ memMB: 2048
+ diskGB: 20
+ forwarded_ports:
+ - { ext: 8777, int: 8777 }
+
+ - name: "glance"
+ hostname: "glance-1"
+ ipv4_last_octet: 30
+ cpu: 2
+ memMB: 4096
+ diskGB: 160
+ forwarded_ports:
+ - { ext: 9292, int: 9292 }
+
+ - name: "keystone"
+ hostname: "keystone-1"
+ ipv4_last_octet: 40
+ cpu: 2
+ memMB: 4096
+ diskGB: 40
+ forwarded_ports:
+ - { ext: 35357, int: 35357 }
+ - { ext: 4990, int: 4990 }
+ - { ext: 5000, int: 5000 }
+
+ - name: "mysql"
+ hostname: "mysql-1"
+ ipv4_last_octet: 50
+ cpu: 2
+ memMB: 4096
+ diskGB: 40
+
+ - name: "nagios"
+ hostname: "nagios-1"
+ ipv4_last_octet: 60
+ cpu: 1
+ memMB: 2048
+ diskGB: 20
+ forwarded_ports:
+ - { ext: 3128, int: 80 }
+
+ - name: "neutron-api"
+ hostname: "neutron-api-1"
+ ipv4_last_octet: 70
+ cpu: 2
+ memMB: 4096
+ diskGB: 40
+ forwarded_ports:
+ - { ext: 9696, int: 9696 }
+
+ - name: "neutron-gateway"
+ hostname: "neutron-gateway-1"
+ ipv4_last_octet: 80
+ cpu: 2
+ memMB: 4096
+ diskGB: 40
+
+ - name: "nova-cloud-controller"
+ hostname: "nova-cloud-controller-1"
+ ipv4_last_octet: 90
+ cpu: 2
+ memMB: 4096
+ diskGB: 40
+ forwarded_ports:
+ - { ext: 8774, int: 8774 }
+
+ - name: "openstack-dashboard"
+ hostname: "openstack-dashboard-1"
+ ipv4_last_octet: 90
+ cpu: 1
+ memMB: 2048
+ diskGB: 20
+ forwarded_ports:
+ - { ext: 8080, int: 80 }
+
+ - name: "rabbitmq-server"
+ hostname: "rabbitmq-server-1"
+ ipv4_last_octet: 100
+ cpu: 2
+ memMB: 4096
+ diskGB: 40
+
+vm_service_list:
+ - ceilometer
+ - glance
+ - keystone
+ - mysql
+ - nagios
+ - neutron-api
+ - neutron-gateway
+ - nova-cloud-controller
+ - openstack-dashboard
+ - rabbitmq-server
+
+standalone_service_list:
+ - ntp
+ - nrpe
+ - ceilometer-agent
+ - neutron-openvswitch
+
+service_relations:
+ - name: keystone
+ relations: [ "mysql", "nrpe", ]
+
+ - name: nova-cloud-controller
+ relations: [ "mysql", "rabbitmq-server", "glance", "keystone", "nrpe", ]
+
+ - name: glance
+ relations: [ "mysql", "keystone", "nrpe", ]
+
+ - name: neutron-gateway
+ relations: [ "neutron-api", "nova-cloud-controller", "mysql", "nrpe", ]
+
+ - name: "neutron-gateway:amqp"
+ relations: [ "rabbitmq-server:amqp", ]
+
+ - name: neutron-api
+ relations: [ "keystone", "neutron-openvswitch", "mysql", "rabbitmq-server", "nova-cloud-controller", "nrpe", ]
+
+ - name: neutron-openvswitch
+ relations: [ "rabbitmq-server", ]
+
+ - name: openstack-dashboard
+ relations: [ "keystone", "nrpe", ]
+
+ - name: nagios
+ relations: [ "nrpe", ]
+
+ - name: "mysql:juju-info"
+ relations: [ "nrpe:general-info", ]
+
+ - name: rabbitmq-server
+ relations: [ "nrpe", ]
+
+ - name: ceilometer
+ relations: [ "mongodb", "rabbitmq-server", "nagios", "nrpe", ]
+
+ - name: "ceilometer:identity-service"
+ relations: [ "keystone:identity-service", ]
+
+ - name: "ceilometer:ceilometer-service"
+ relations: [ "ceilometer-agent:ceilometer-service", ]
+
+