other places where bridge name was used
diff --git a/roles/dns-configure/defaults/main.yml b/roles/dns-configure/defaults/main.yml
index f17d1fa..defbf98 100644
--- a/roles/dns-configure/defaults/main.yml
+++ b/roles/dns-configure/defaults/main.yml
@@ -1,9 +1,11 @@
---
# roles/dns-configure/defaults
-dns_servers:
- - 8.8.8.8
- - 8.8.4.4
+# Define this to set dns servers manually
+#dns_servers:
+# - 8.8.8.8
+# - 8.8.4.4
-dns_search: {}
+# Set this to search domain suffixes
+# dns_search: {}
diff --git a/roles/dns-configure/templates/resolv.conf.j2 b/roles/dns-configure/templates/resolv.conf.j2
index a6bd8ea..27d8ec7 100644
--- a/roles/dns-configure/templates/resolv.conf.j2
+++ b/roles/dns-configure/templates/resolv.conf.j2
@@ -1,7 +1,14 @@
# resolv.conf (ansible managed)
+{% if unbound_listen_on_default %}
+{% for host in groups['head'] %}
+nameserver {{ hostvars[host].ansible_default_ipv4.address }}
+{% endfor %}
+{% endif %}
+{% if dns_servers is defined %}
{% for ns in dns_servers %}
nameserver {{ ns }}
{% endfor %}
+{% endif %}
{% if dns_search is defined %}
search{% for searchdom in dns_search %} {{ searchdom }}{% endfor %}
{% endif %}
diff --git a/roles/dns-unbound/templates/unbound.conf.j2 b/roles/dns-unbound/templates/unbound.conf.j2
index 2e1c89f..ff5ccbd 100644
--- a/roles/dns-unbound/templates/unbound.conf.j2
+++ b/roles/dns-unbound/templates/unbound.conf.j2
@@ -1,9 +1,14 @@
# unbound.conf (configured by Ansible)
server:
- {% for cidr_ipv4 in unbound_interfaces %}
+{% if unbound_listen_on_default %}
+ interface: {{ ansible_default_ipv4.address }}
+{% endif %}
+{% if unbound_interfaces is defined %}
+{% for cidr_ipv4 in unbound_interfaces %}
interface: {{ cidr_ipv4 | ipaddr('address') }}
- {% endfor %}
+{% endfor %}
+{% endif %}
verbosity: 1
port: 53
do-ip4: yes
@@ -13,10 +18,17 @@
# allow from localhost
access-control: 127.0.0.0/24 allow
+{% if unbound_listen_on_default %}
+ # allow from default interfaces
+ access-control: {{ ansible_default_ipv4.address }}/{{ (ansible_default_ipv4.address ~ "/" ~ ansible_default_ipv4.netmask) | ipaddr('prefix') }} allow
+{% endif %}
+
+{% if unbound_interfaces is defined %}
# allow from local networks
- {% for cidr_ipv4 in unbound_interfaces %}
+{% for cidr_ipv4 in unbound_interfaces %}
access-control: {{ cidr_ipv4 }} allow
- {% endfor %}
+{% endfor %}
+{% endif %}
{% if nsd_zones is defined %}
# allow unbound to query localhost, where nsd is listening
diff --git a/roles/juju-setup/tasks/main.yml b/roles/juju-setup/tasks/main.yml
index 672c9be..ae82be7 100644
--- a/roles/juju-setup/tasks/main.yml
+++ b/roles/juju-setup/tasks/main.yml
@@ -1,6 +1,11 @@
---
# roles/juju-setup/main/tasks.yml
+- name: Get ubuntu image for uvtool
+ become: yes
+ command: uvt-simplestreams-libvirt sync --source http://cloud-images.ubuntu.com/daily \
+ release={{ ansible_distribution_release }} arch=amd64
+
- name: create Virtual Machines with uvt-kvm
shell: uvt-kvm create {{ item.name }} --cpu={{ item.cpu }} --memory={{ item.memMB }} --disk={{ item.diskGB }} ; \
uvt-kvm wait --insecure {{ item.name }}
diff --git a/roles/juju-setup/templates/eth0.cfg.j2 b/roles/juju-setup/templates/eth0.cfg.j2
index 0baa7a8..2cf2f33 100644
--- a/roles/juju-setup/templates/eth0.cfg.j2
+++ b/roles/juju-setup/templates/eth0.cfg.j2
@@ -1,7 +1,11 @@
# The primary network interface
auto eth0
iface eth0 inet dhcp
+{% if unbound_listen_on_default %}
+ dns-nameservers{% for host in groups['head'] %} {{ hostvars[host].ansible_default_ipv4.address }}{% endfor %}
+{% if dns_servers is defined %}
dns-nameservers{% for ns in dns_servers %} {{ ns }}{% endfor %}
+{% endif %}
{% if dns_search is defined %}
dns-search{% for searchdom in dns_search %} {{ searchdom }}{% endfor %}
{% endif %}
diff --git a/vars/cord.yml b/vars/cord.yml
index 0103ec8..8770221 100644
--- a/vars/cord.yml
+++ b/vars/cord.yml
@@ -1,31 +1,30 @@
---
# file: group_vars/aztest.yml
-# IP prefix for VMs
-mgmtbr_prefix: 192.168.122
+# VM networks/bridges on head
+virt_nets:
+ - name: mgmtbr
+ ipv4_prefix: 192.168.123
+ head_vms: true
# site domain suffix
site_suffix: cordtest.opencloud.us
-# NSD/Unbound settings
+# resolv.conf settings
+dns_search:
+ - cordtest.opencloud.us
+# NSD/Unbound settings
nsd_zones:
- name: cordtest.opencloud.us
- ipv4_first_octets: 192.168.122
+ ipv4_first_octets: 192.168.123
name_reverse_unbound: "168.192.in-addr.arpa"
soa: ns1
ns:
- { name: ns1 }
nodelist: head_vm_list
-unbound_interfaces:
- - 128.104.222.180/23
-
-# resolv.conf settings
-dns_servers:
- - 128.104.222.180
-
-dns_search:
- - cordtest.opencloud.us
+# If true, unbound listens on the head node's `ansible_default_ipv4` interface
+unbound_listen_on_default: True
diff --git a/vars/cord_defaults.yml b/vars/cord_defaults.yml
index 5fc9d7d..a862375 100644
--- a/vars/cord_defaults.yml
+++ b/vars/cord_defaults.yml
@@ -4,7 +4,7 @@
openstack_version: kilo
openstack_cfg_path: /usr/local/src/openstack.cfg
-mgmtbr_name: mgmtbr
+# mgmtbr_name: mgmtbr
head_vm_list:
- name: "juju-1"