Ansible-ize OpenStack Designate

Implement containers for main designate components. Add designate enable options and port configuration. Add designate groups to ansible inventory. Add designate configuration to haproxy. Add designate port checks. Add designate passwords to passwords.yml. Enable Designate and Neutron integration. Enable Designate and Nova integration. Fix designate-pool-manager container name for consistency. Co-Authored-By: zhubingbing <zhubingbing10@gmail.com> Change-Id: I34d8126e0cd8d71d5ced9b62f3776cc354fbb549 Implements: blueprint ansible-designate
2016-08-10 15:48:32 +10:00 · 2016-08-10 15:48:32 +10:00 · 2a3df8db32
parent 9050f4bf71
commit 2a3df8db32
29 changed files with 697 additions and 4 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -124,6 +124,8 @@ congress_api_port: "1789"

 cloudkitty_api_port: "8889"

+designate_api_port: "9001"
+
 iscsi_port: "3260"

 gnocchi_api_port: "8041"
@ -257,6 +259,7 @@ enable_cinder_backend_lvm: "no"
 enable_cloudkitty: "no"
 enable_congress: "no"
 enable_etcd: "no"
+enable_designate: "no"
 enable_gnocchi: "no"
 enable_grafana: "no"
 enable_heat: "yes"
--- a/ansible/inventory/all-in-one
+++ b/ansible/inventory/all-in-one
@ -138,6 +138,9 @@ control
 [searchlight:children]
 control

+[designate:children]
+control
+
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
 #
@ -398,3 +401,19 @@ searchlight

 [searchlight-listener:children]
 searchlight
+
+# Designate
+[designate-api:children]
+designate
+
+[designate-central:children]
+designate
+
+[designate-mdns:children]
+designate
+
+[designate-pool-manager:children]
+designate
+
+[designate-sink:children]
+designate
--- a/ansible/inventory/multinode
+++ b/ansible/inventory/multinode
@ -153,6 +153,9 @@ control
 [searchlight:children]
 control

+[designate:children]
+control
+
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
 #
@ -413,3 +416,19 @@ searchlight

 [searchlight-listener:children]
 searchlight
+
+# Designate
+[designate-api:children]
+designate
+
+[designate-central:children]
+designate
+
+[designate-mdns:children]
+designate
+
+[designate-pool-manager:children]
+designate
+
+[designate-sink:children]
+designate
--- a/ansible/roles/designate/defaults/main.yml
+++ b/ansible/roles/designate/defaults/main.yml
@ -0,0 +1,56 @@
+---
+project_name: "designate"
+
+####################
+# Database
+####################
+designate_database_name: "designate"
+designate_database_user: "designate"
+designate_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+
+designate_pool_manager_database_name: "designate_pool_manager"
+designate_pool_manager_database_user: "designate_pool_manager"
+designate_pool_manager_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+
+
+####################
+# Docker
+####################
+
+designate_central_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-central"
+designate_central_tag: "{{ openstack_release }}"
+designate_central_image_full: "{{ designate_central_image }}:{{ designate_central_tag }}"
+
+designate_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-api"
+designate_api_tag: "{{ openstack_release }}"
+designate_api_image_full: "{{ designate_api_image }}:{{ designate_api_tag }}"
+
+designate_backend_bind9_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-backend-bind9"
+designate_backend_bind9_tag: "{{ openstack_release }}"
+designate_backend_bind9_image_full: "{{ designate_backend_bind9_image }}:{{ designate_backend_bind9_tag }}"
+
+designate_mdns_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-mdns"
+designate_mdns_tag: "{{ openstack_release }}"
+designate_mdns_image_full: "{{ designate_mdns_image }}:{{ designate_mdns_tag }}"
+
+designate_pool_manager_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-pool-manager"
+designate_pool_manager_tag: "{{ openstack_release }}"
+designate_pool_manager_image_full: "{{ designate_pool_manager_image }}:{{ designate_pool_manager_tag }}"
+
+designate_sink_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-sink"
+designate_sink_tag: "{{ openstack_release }}"
+designate_sink_image_full: "{{ designate_sink_image }}:{{ designate_sink_tag }}"
+
+
+####################
+# OpenStack
+####################
+designate_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
+designate_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
+designate_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ designate_api_port }}"
+
+designate_logging_debug: "{{ openstack_logging_debug }}"
+
+designate_keystone_user: "designate"
+
+openstack_designate_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
--- a/ansible/roles/designate/meta/main.yml
+++ b/ansible/roles/designate/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }
--- a/ansible/roles/designate/tasks/bootstrap.yml
+++ b/ansible/roles/designate/tasks/bootstrap.yml
@ -0,0 +1,78 @@
+---
+- name: Creating Designate database
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m mysql_db
+    -a "login_host='{{ database_address }}'
+        login_port='{{ database_port }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ designate_database_name }}'"
+  register: database
+  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
+                    (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+  delegate_to: "{{ groups['designate-central'][0] }}"
+
+- name: Reading json from variable
+  set_fact:
+    database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+
+- name: Creating Designate Pool Manager database
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m mysql_db
+    -a "login_host='{{ database_address }}'
+        login_port='{{ database_port }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ designate_pool_manager_database_name }}'"
+  register: database_pool_manager
+  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
+                    (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+  delegate_to: "{{ groups['designate-central'][0] }}"
+
+- name: Reading json from variable
+  set_fact:
+    database_pool_manager_created: "{{ (database_pool_manager.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+
+- name: Creating Designate database user and setting permissions
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m mysql_user
+    -a "login_host='{{ database_address }}'
+        login_port='{{ database_port }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ designate_database_name }}'
+        password='{{ designate_database_password }}'
+        host='%'
+        priv='{{ designate_database_name }}.*:ALL'
+        append_privs='yes'"
+  register: database_user_create
+  changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
+                    (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+  delegate_to: "{{ groups['designate-central'][0] }}"
+
+- name: Creating Designate Pool Manager database user and setting permissions
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m mysql_user
+    -a "login_host='{{ database_address }}'
+        login_port='{{ database_port }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ designate_pool_manager_database_name }}'
+        password='{{ designate_pool_manager_database_password }}'
+        host='%'
+        priv='{{ designate_pool_manager_database_name }}.*:ALL'
+        append_privs='yes'"
+  register: database_pool_manager_user_create
+  changed_when: "{{ database_pool_manager_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
+                    (database_pool_manager_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database_pool_manager_user_create.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+
+- include: bootstrap_service.yml
+  when: database_created
--- a/ansible/roles/designate/tasks/bootstrap_service.yml
+++ b/ansible/roles/designate/tasks/bootstrap_service.yml
@ -0,0 +1,20 @@
+---
+- name: Running Designate bootstrap container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    detach: False
+    environment:
+      KOLLA_BOOTSTRAP:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+    image: "{{ designate_central_image_full }}"
+    labels:
+      BOOTSTRAP:
+    name: "bootstrap_designate"
+    restart_policy: "never"
+    volumes:
+      - "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  run_once: True
+  delegate_to: "{{ groups['designate-central'][0] }}"
--- a/ansible/roles/designate/tasks/config.yml
+++ b/ansible/roles/designate/tasks/config.yml
@ -0,0 +1,43 @@
+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item }}"
+    state: "directory"
+    recurse: yes
+  with_items:
+    - "designate-api"
+    - "designate-central"
+    - "designate-mdns"
+    - "designate-pool-manager"
+    - "designate-sink"
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item }}/config.json"
+  with_items:
+    - "designate-api"
+    - "designate-central"
+    - "designate-mdns"
+    - "designate-pool-manager"
+    - "designate-sink"
+
+- name: Copying over designate.conf
+  merge_configs:
+    vars:
+      service_name: "{{ item }}"
+    sources:
+      - "{{ role_path }}/templates/designate.conf.j2"
+      - "{{ node_custom_config }}/global.conf"
+      - "{{ node_custom_config }}/database.conf"
+      - "{{ node_custom_config }}/messaging.conf"
+      - "{{ node_custom_config }}/designate.conf"
+      - "{{ node_custom_config }}/designate/{{ item }}.conf"
+      - "{{ node_custom_config }}/designate/{{ inventory_hostname }}/designate.conf"
+    dest: "{{ node_config_directory }}/{{ item }}/designate.conf"
+  with_items:
+    - "designate-api"
+    - "designate-central"
+    - "designate-mdns"
+    - "designate-pool-manager"
+    - "designate-sink"
--- a/ansible/roles/designate/tasks/deploy.yml
+++ b/ansible/roles/designate/tasks/deploy.yml
@ -0,0 +1,20 @@
+---
+- include: register.yml
+  when: inventory_hostname in groups['designate-api']
+
+- include: config.yml
+  when: inventory_hostname in groups['designate-api'] or
+        inventory_hostname in groups['designate-central'] or
+        inventory_hostname in groups['designate-mdns'] or
+        inventory_hostname in groups['designate-pool-manager'] or
+        inventory_hostname in groups['designate-sink']
+
+- include: bootstrap.yml
+  when: inventory_hostname in groups['designate-central']
+
+- include: start.yml
+  when: inventory_hostname in groups['designate-api'] or
+        inventory_hostname in groups['designate-central'] or
+        inventory_hostname in groups['designate-mdns'] or
+        inventory_hostname in groups['designate-pool-manager'] or
+        inventory_hostname in groups['designate-sink']
--- a/ansible/roles/designate/tasks/main.yml
+++ b/ansible/roles/designate/tasks/main.yml
@ -0,0 +1,2 @@
+---
+- include: "{{ action }}.yml"
--- a/ansible/roles/designate/tasks/pull.yml
+++ b/ansible/roles/designate/tasks/pull.yml
@ -0,0 +1,35 @@
+---
+- name: Pulling designate-api image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_api_image_full }}"
+  when: inventory_hostname in groups['designate-api']
+
+- name: Pulling designate-central image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_central_image_full }}"
+  when: inventory_hostname in groups['designate-central']
+
+- name: Pulling designate-mdns image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_mdns_image_full }}"
+  when: inventory_hostname in groups['designate-mdns']
+
+- name: Pulling designate-pool-manager image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_pool_manager_image_full }}"
+  when: inventory_hostname in groups['designate-pool-manager']
+
+- name: Pulling designate-sink image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_sink_image_full }}"
+  when: inventory_hostname in groups['designate-sink']
--- a/ansible/roles/designate/tasks/reconfigure.yml
+++ b/ansible/roles/designate/tasks/reconfigure.yml
@ -0,0 +1,86 @@
+---
+- name: Ensuring the containers up
+  kolla_docker:
+    name: "{{ item.name }}"
+    action: "get_container_state"
+  register: container_states
+  failed_when: container_states.Running == false
+  when:
+    - "{{ item.enabled|default(True) }}"
+    - inventory_hostname in groups[item.group]
+  with_items:
+    - { name: designate_central, group: designate-central }
+    - { name: designate_api, group: designate-api }
+    - { name: designate_mdns, group: designate-mdns }
+    - { name: designate_pool_manager, group: designate-pool-manager }
+    - { name: designate_sink, group: designate-sink }
+
+- include: config.yml
+
+- name: Check the configs
+  command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
+  changed_when: false
+  failed_when: false
+  register: check_results
+  when: inventory_hostname in groups[item.group]
+  with_items:
+    - { name: designate_central, group: designate-central }
+    - { name: designate_api, group: designate-api }
+    - { name: designate_mdns, group: designate-mdns }
+    - { name: designate_pool_manager, group: designate-pool-manager }
+    - { name: designate_sink, group: designate-sink }
+
+# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
+# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
+# just remove the container and start again
+- name: Containers config strategy
+  kolla_docker:
+    name: "{{ item.name }}"
+    action: "get_container_env"
+  register: container_envs
+  when: inventory_hostname in groups[item.group]
+  with_items:
+    - { name: designate_central, group: designate-central }
+    - { name: designate_api, group: designate-api }
+    - { name: designate_mdns, group: designate-mdns }
+    - { name: designate_pool_manager, group: designate-pool-manager }
+    - { name: designate_sink, group: designate-sink }
+
+- name: Remove the containers
+  kolla_docker:
+    name: "{{ item[0]['name'] }}"
+    action: "remove_container"
+  register: remove_containers
+  when:
+    - inventory_hostname in groups[item[0]['group']]
+    - config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
+    - item[2]['rc'] == 1
+  with_together:
+    - [{ name: designate_central, group: designate-central },
+       { name: designate_api, group: designate-api },
+       { name: designate_mdns, group: designate-mdns },
+       { name: designate_pool_manager, group: designate-pool-manager },
+       { name: designate_sink, group: designate-sink }]
+    - "{{ container_envs.results }}"
+    - "{{ check_results.results }}"
+
+- include: start.yml
+  when: remove_containers.changed
+
+- name: Restart containers
+  kolla_docker:
+    name: "{{ item[0]['name'] }}"
+    action: "restart_container"
+  when:
+    - inventory_hostname in groups[item[0]['group']]
+    - config_strategy == 'COPY_ALWAYS'
+    - item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
+    - item[2]['rc'] == 1
+  with_together:
+    - [{ name: designate_central, group: designate-central },
+       { name: designate_api, group: designate-api },
+       { name: designate_mdns, group: designate-mdns },
+       { name: designate_pool_manager, group: designate-pool-manager },
+       { name: designate_sink, group: designate-sink }]
+    - "{{ container_envs.results }}"
+    - "{{ check_results.results }}"
--- a/ansible/roles/designate/tasks/register.yml
+++ b/ansible/roles/designate/tasks/register.yml
@ -0,0 +1,40 @@
+---
+- name: Creating the Designate service and endpoint
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=designate
+        service_type=dns
+        description='Designate DNS Service'
+        endpoint_region={{ openstack_region_name }}
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_designate_auth }}' }}"
+    -e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
+  register: designate_endpoint
+  changed_when: "{{ designate_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (designate_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: designate_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ designate_public_endpoint }}'}
+
+- name: Creating the Designate project, user, and role
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m kolla_keystone_user
+    -a "project=service
+        user=designate
+        password={{ designate_keystone_password }}
+        role=admin
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_designate_auth }}' }}"
+    -e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
+  register: designate_user
+  changed_when: "{{ designate_user.stdout.find('localhost | SUCCESS => ') != -1 and (designate_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: designate_user.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
--- a/ansible/roles/designate/tasks/start.yml
+++ b/ansible/roles/designate/tasks/start.yml
@ -0,0 +1,60 @@
+---
+- name: Starting designate-central container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_central_image_full }}"
+    name: "designate_central"
+    volumes:
+      - "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['designate-central']
+
+- name: Starting designate-api container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_api_image_full }}"
+    name: "designate_api"
+    volumes:
+      - "{{ node_config_directory }}/designate-api/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['designate-api']
+
+- name: Starting designate-mdns container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_mdns_image_full }}"
+    name: "designate_mdns"
+    volumes:
+      - "{{ node_config_directory }}/designate-mdns/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['designate-mdns']
+
+- name: Starting designate-pool-manager container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_pool_manager_image_full }}"
+    name: "designate_pool_manager"
+    volumes:
+      - "{{ node_config_directory }}/designate-pool-manager/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['designate-pool-manager']
+
+- name: Starting designate-sink container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_sink_image_full }}"
+    name: "designate_sink"
+    volumes:
+      - "{{ node_config_directory }}/designate-sink/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['designate-sink']
--- a/ansible/roles/designate/tasks/upgrade.yml
+++ b/ansible/roles/designate/tasks/upgrade.yml
@ -0,0 +1,6 @@
+---
+- include: config.yml
+
+- include: bootstrap_service.yml
+
+- include: start.yml
--- a/ansible/roles/designate/templates/designate-api.json.j2
+++ b/ansible/roles/designate/templates/designate-api.json.j2
@ -0,0 +1,11 @@
+{
+    "command": "designate-api --config-file /etc/designate/designate.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/designate.conf",
+            "dest": "/etc/designate/designate.conf",
+            "owner": "designate",
+            "perm": "0600"
+        }
+    ]
+}
--- a/ansible/roles/designate/templates/designate-central.json.j2
+++ b/ansible/roles/designate/templates/designate-central.json.j2
@ -0,0 +1,11 @@
+{
+    "command": "designate-central --config-file /etc/designate/designate.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/designate.conf",
+            "dest": "/etc/designate/designate.conf",
+            "owner": "designate",
+            "perm": "0600"
+        }
+    ]
+}
--- a/ansible/roles/designate/templates/designate-mdns.json.j2
+++ b/ansible/roles/designate/templates/designate-mdns.json.j2
@ -0,0 +1,11 @@
+{
+    "command": "designate-mdns --config-file /etc/designate/designate.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/designate.conf",
+            "dest": "/etc/designate/designate.conf",
+            "owner": "designate",
+            "perm": "0600"
+        }
+    ]
+}
--- a/ansible/roles/designate/templates/designate-pool-manager.json.j2
+++ b/ansible/roles/designate/templates/designate-pool-manager.json.j2
@ -0,0 +1,11 @@
+{
+    "command": "designate-pool-manager --config-file /etc/designate/designate.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/designate.conf",
+            "dest": "/etc/designate/designate.conf",
+            "owner": "designate",
+            "perm": "0600"
+        }
+    ]
+}
--- a/ansible/roles/designate/templates/designate-sink.json.j2
+++ b/ansible/roles/designate/templates/designate-sink.json.j2
@ -0,0 +1,11 @@
+{
+    "command": "designate-sink --config-file /etc/designate/designate.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/designate.conf",
+            "dest": "/etc/designate/designate.conf",
+            "owner": "designate",
+            "perm": "0600"
+        }
+    ]
+}
--- a/ansible/roles/designate/templates/designate.conf.j2
+++ b/ansible/roles/designate/templates/designate.conf.j2
@ -0,0 +1,92 @@
+[DEFAULT]
+
+debug = {{ designate_logging_debug }}
+
+log-dir = /var/log/kolla/designate
+
+notification_driver = messaging
+notification_topics = notifications_designate
+
+transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[service:api]
+api_base_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}
+api_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+api_port = {{ designate_api_port }}
+
+enable_api_v1 = True
+enabled_extensions_v1 = 'diagnostics, quotas, reports, sync, touch'
+enable_api_v2 = True
+enabled_extensions_v2 = 'quotas, reports'
+
+api_paste_config = /usr/share/designate/api-paste.ini
+
+[keystone_authtoken]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ designate_keystone_user }}
+password = {{ designate_keystone_password }}
+http_connect_timeout = 60
+
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[cors]
+
+[cors.subdomain]
+
+[service:sink]
+enabled_notification_handlers = nova_fixed, neutron_floatingip
+
+[service:mdns]
+host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+
+[service:agent]
+host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+
+[service:zone_manager]
+
+[zone_manager_task:domain_purge]
+
+[zone_manager_task:delayed_notify]
+
+[service:pool_manager]
+cache_driver = memcache
+
+[pool_manager_cache:sqlalchemy]
+connection = mysql+pymysql://{{ designate_pool_manager_database_user }}:{{ designate_pool_manager_database_password }}@{{ designate_pool_manager_database_address }}/{{ designate_pool_manager_database_name }}
+max_retries = 10
+idle_timeout = 3600
+
+[pool_manager_cache:memcache]
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[network_api:neutron]
+
+[storage:sqlalchemy]
+connection = mysql+pymysql://{{ designate_database_user }}:{{ designate_database_password }}@{{ designate_database_address }}/{{ designate_database_name }}
+max_retries = 10
+idle_timeout = 3600
+
+[handler:nova_fixed]
+notification_topics = notifications_designate
+control_exchange = nova
+format = '(display_name)s.%(domain)s'
+
+[handler:neutron_floatingip]
+notification_topics = notifications_designate
+control_exchange = neutron
+format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s'
+
+[backend:agent:bind9]
+
+[backend:agent:denominator]
+
+[oslo_concurrency]
+
+[coordination]
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@ -587,6 +587,22 @@ listen congress_api_external
 {% endif %}
 {% endif %}

+{% if enable_designate | bool %}
+listen designate_api
+  bind {{ kolla_internal_vip_address }}:{{ designate_api_port }}
+{% for host in groups['designate-api'] %}
+  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% if haproxy_enable_external_vip | bool %}
+
+listen designate_api_external
+  bind {{ kolla_external_vip_address }}:{{ designate_api_port }} {{ tls_bind_info }}
+{% for host in groups['designate-api'] %}
+  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% endif %}
+{% endif %}
+
 {% if enable_mistral | bool %}
 listen mistral_api
  bind {{ kolla_internal_vip_address }}:{{ mistral_api_port }}
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@ -91,9 +91,10 @@ memcached_servers = {% for host in groups['memcached'] %}{% if orchestration_eng
 {% endif %}

 [oslo_messaging_notifications]
-{% if enable_ceilometer | bool %}
+{% if enable_ceilometer | bool or enable_designate | bool %}
 driver = messagingv2
-topics = notifications
+{% set topics=["notifications" if enable_ceilometer|bool else "", "notifications_designate" if enable_designate|bool else ""] %}
+topcis = {{ topics|reject("equalto", "")|list|join(",") }}
 {% else %}
 driver = noop
 {% endif %}
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@ -187,9 +187,10 @@ rbd_secret_uuid = {{ rbd_secret_uuid }}
 compute = auto

 [oslo_messaging_notifications]
-{% if enable_ceilometer | bool %}
+{% if enable_ceilometer | bool or enable_designate | bool %}
 driver = messagingv2
-topics = notifications
+{% set topics=["notifications" if enable_ceilometer|bool else "", "notifications_designate" if enable_designate|bool else ""] %}
+topcis = {{ topics|reject("equalto", "")|list|join(",") }}
 {% else %}
 driver = noop
 {% endif %}
--- a/ansible/roles/prechecks/tasks/port_checks.yml
+++ b/ansible/roles/prechecks/tasks/port_checks.yml
@ -139,6 +139,22 @@
    - inventory_hostname in groups['etcd']
    - enable_etcd | bool

+- name: Checking free port for Designate API
+  wait_for:
+    host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+    port: "{{ designate_api_port }}"
+    connect_timeout: 1
+    state: stopped
+  when: inventory_hostname in groups['designate-api']
+
+- name: Checking free port for Designate API HAProxy
+  wait_for:
+    host: "{{ kolla_internal_vip_address }}"
+    port: "{{ designate_api_port }}"
+    connect_timeout: 1
+    state: stopped
+  when: inventory_hostname in groups['haproxy']
+
 - name: Checking free port for Glance API
  wait_for:
    host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
--- a/ansible/site.yml
+++ b/ansible/site.yml
@ -327,6 +327,18 @@
        tags: congress,
        when: enable_congress | bool }

+- hosts:
+    - designate-api
+    - designate-central
+    - designate-mdns
+    - designate-pool-manager
+    - designate-sink
+  serial: '{{ serial|default("0") }}'
+  roles:
+    - { role: designate,
+        tags: designate,
+        when: enable_designate | bool }
+
 - hosts:
    - tempest
  serial: '{{ serial|default("0") }}'
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@ -127,6 +127,7 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_cinder_backend_lvm: "no"
 #enable_cloudkitty: "no"
 #enable_congress: "no"
+#enable_designate: "no"
 #enable_etcd: "no"
 #enable_gnocchi: "no"
 #enable_grafana: "no"
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@ -58,6 +58,10 @@ cloudkitty_keystone_password:
 sahara_database_password:
 sahara_keystone_password:

+designate_database_password:
+designate_pool_manager_database_password:
+designate_keystone_password:
+
 swift_keystone_password:
 swift_hash_path_suffix:
 swift_hash_path_prefix:
--- a/releasenotes/notes/add-designate-c789e47f8ced394d.yaml
+++ b/releasenotes/notes/add-designate-c789e47f8ced394d.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - Add deployment and management of Designate OpenStack services.
+issues:
+  - Customer facing DNS servers for use with Designate still required to be set up manually.