Add opendev nameservers (1/2)

This will allow us to create new nameservers in the opendev.org
domain.  We will replace the existing servers once these are
bootstrapped.

Some lines are commented pending server creation.

Change-Id: If71e3f87a9d7a83d80cff053874c84411b248515

doc/source/dns.rst

@@ -14,6 +14,8 @@ At a Glance
 :Hosts:
   * ns1.openstack.org
   * ns2.openstack.org
+  * ns1.opendev.org
+  * ns2.opendev.org
 :Puppet:
   * :cgit_file:`manifests/site.pp`
 :Projects:

manifests/site.pp

@@ -733,6 +733,21 @@ node /^adns\d+\.openstack\.org$/ {
   }
 }
 
+# This is a hidden authoritative master nameserver, not publicly
+# accessible.
+# Node-OS: xenial
+node /^adns\d+\.opendev\.org$/ {
+  $group = 'adns'
+
+  class { 'openstack_project::server': }
+
+  class { 'openstack_project::master_nameserver':
+    tsig_key => hiera('tsig_key', {}),
+    dnssec_keys => hiera_hash('dnssec_keys', {}),
+    notifies => [],
+  }
+}
+
 # These are publicly accessible authoritative slave nameservers.
 # Node-OS: xenial
 node /^ns\d+\.openstack\.org$/ {
@@ -764,6 +779,37 @@ node /^ns\d+\.openstack\.org$/ {
   }
 }
 
+# These are publicly accessible authoritative slave nameservers.
+# Node-OS: xenial
+node /^ns\d+\.opendev\.org$/ {
+  $group = 'ns'
+
+  class { 'openstack_project::server': }
+
+  $tsig_key = hiera('tsig_key', {})
+  if $tsig_key != {} {
+    $tsig_name = 'tsig'
+    nsd::tsig { 'tsig':
+      algo => $tsig_key[algorithm],
+      data => $tsig_key[secret],
+    }
+  } else {
+    $tsig_name = undef
+  }
+
+  class { '::nsd':
+    ip_addresses => [ $::ipaddress, $::ipaddress6 ],
+    zones => {
+#      'adns1_zones' => {
+#        allow_notify => dns_a('adns1.opendev.org'),
+#        masters => dns_a('adns1.opendev.org'),
+#        zones => ['opendev.org'],
+#        tsig_name => $tsig_name,
+#      }
+    }
+  }
+}
+
 # Node-OS: trusty
 node 'nodepool.openstack.org' {
   $group = 'nodepool'