From 76c5d9a6c86d77c66de2bf9b14740cd7912dff2d Mon Sep 17 00:00:00 2001
From: Harm Weites <harm@weites.com>
Date: Fri, 29 May 2015 20:21:47 +0200
Subject: [PATCH] Add the Designate DNSaaS services.

This is a complete DNS solution, with hidden master and bind9 slave.

It lacks the designate-sink service, because there is no true specification
to implement that. It listens for Nova/Neutron events and creates records
though adding those to just 1 domain isn't helping much in an environment
with multiple tenants.

Change-Id: I500fb6058b118d25a4ccfd1d3479830c36af7e2a
Blueprint: designate-container
---
 compose/designate.yml                         | 54 +++++++++++++++++
 .../binary/designate/designate-api/Dockerfile | 10 ++++
 .../binary/designate/designate-api/build      |  1 +
 .../binary/designate/designate-api/start.sh   | 37 ++++++++++++
 .../designate-backend-bind9-data/Dockerfile   |  6 ++
 .../designate-backend-bind9-data/build        |  1 +
 .../designate-backend-bind9/Dockerfile        | 10 ++++
 .../designate/designate-backend-bind9/build   |  1 +
 .../designate-backend-bind9/start.sh          | 60 +++++++++++++++++++
 .../designate/designate-base/Dockerfile       | 17 ++++++
 .../binary/designate/designate-base/build     |  1 +
 .../designate-base/config-designate.sh        | 58 ++++++++++++++++++
 .../designate/designate-central/Dockerfile    | 10 ++++
 .../binary/designate/designate-central/build  |  1 +
 .../designate/designate-central/start.sh      | 24 ++++++++
 .../designate/designate-mdns/Dockerfile       |  9 +++
 .../binary/designate/designate-mdns/build     |  1 +
 .../binary/designate/designate-mdns/start.sh  | 17 ++++++
 .../designate-poolmanager/Dockerfile          | 12 ++++
 .../designate/designate-poolmanager/build     |  1 +
 .../designate/designate-poolmanager/start.sh  | 49 +++++++++++++++
 docs/integration-guide.md                     | 13 ++++
 tools/genenv                                  | 39 ++++++++++++
 23 files changed, 432 insertions(+)
 create mode 100644 compose/designate.yml
 create mode 100644 docker/centos/binary/designate/designate-api/Dockerfile
 create mode 120000 docker/centos/binary/designate/designate-api/build
 create mode 100755 docker/centos/binary/designate/designate-api/start.sh
 create mode 100644 docker/centos/binary/designate/designate-backend-bind9-data/Dockerfile
 create mode 120000 docker/centos/binary/designate/designate-backend-bind9-data/build
 create mode 100644 docker/centos/binary/designate/designate-backend-bind9/Dockerfile
 create mode 120000 docker/centos/binary/designate/designate-backend-bind9/build
 create mode 100755 docker/centos/binary/designate/designate-backend-bind9/start.sh
 create mode 100644 docker/centos/binary/designate/designate-base/Dockerfile
 create mode 120000 docker/centos/binary/designate/designate-base/build
 create mode 100755 docker/centos/binary/designate/designate-base/config-designate.sh
 create mode 100644 docker/centos/binary/designate/designate-central/Dockerfile
 create mode 120000 docker/centos/binary/designate/designate-central/build
 create mode 100755 docker/centos/binary/designate/designate-central/start.sh
 create mode 100644 docker/centos/binary/designate/designate-mdns/Dockerfile
 create mode 120000 docker/centos/binary/designate/designate-mdns/build
 create mode 100755 docker/centos/binary/designate/designate-mdns/start.sh
 create mode 100644 docker/centos/binary/designate/designate-poolmanager/Dockerfile
 create mode 120000 docker/centos/binary/designate/designate-poolmanager/build
 create mode 100755 docker/centos/binary/designate/designate-poolmanager/start.sh

diff --git a/compose/designate.yml b/compose/designate.yml
new file mode 100644
index 0000000000..96d0219528
--- /dev/null
+++ b/compose/designate.yml
@@ -0,0 +1,54 @@
+# The DNSaaS REST api from where zones and records are added or removed.
+designateapi:
+  image: kollaglue/centos-rdo-designate-api:latest
+  name: designate-api
+  net: "host"
+  restart: always
+  env_file:
+   - openstack.env
+
+# The central dispatches the API requests and pushes requests further down to
+# pool-manager and the database for storage.
+designatecentral:
+  image: kollaglue/centos-rdo-designate-central:latest
+  name: designate-central
+  net: "host"
+  restart: always
+  env_file:
+   - openstack.env
+
+# The pool-manager will push new zones to the backend so they can slave them.
+designatepoolmanager:
+  image: kollaglue/centos-rdo-designate-poolmanager:latest
+  name: designate-poolmanager
+  net: "host"
+  restart: always
+  env_file:
+    - openstack.env
+
+# Bind9 backend and state storage.
+designatebackendbind9data:
+  image: kollaglue/centos-rdo-designate-backend-bind9-data:latest
+  name: designate-backend-bind9-data
+  restart: on-failure
+
+designatebackendbind9:
+  image: kollaglue/centos-rdo-designate-backend-bind9:latest
+  name: designate-backend-bind9
+  net: "host"
+  restart: always
+  env_file:
+    - openstack.env
+  volumes_from:
+    - designatebackendbind9data
+
+# The MDNS service acts as the primary (or hidden-master) nameserver and uses
+# AXFR/IXFR commands to inform the slaves (which realy listen for queries from
+# $world) about updates.
+designatemdns:
+  image: kollaglue/centos-rdo-designate-mdns:latest
+  name: designate-mdns
+  net: "host"
+  restart: always
+  env_file:
+   - openstack.env
diff --git a/docker/centos/binary/designate/designate-api/Dockerfile b/docker/centos/binary/designate/designate-api/Dockerfile
new file mode 100644
index 0000000000..b68da474fd
--- /dev/null
+++ b/docker/centos/binary/designate/designate-api/Dockerfile
@@ -0,0 +1,10 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%designate-base:%%KOLLA_TAG%%
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+RUN yum install -y \
+    openstack-designate-api \
+    && yum clean all
+
+COPY start.sh /start.sh
+
+CMD ["/start.sh"]
diff --git a/docker/centos/binary/designate/designate-api/build b/docker/centos/binary/designate/designate-api/build
new file mode 120000
index 0000000000..ec19138031
--- /dev/null
+++ b/docker/centos/binary/designate/designate-api/build
@@ -0,0 +1 @@
+../../../../../tools/build-docker-image
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-api/start.sh b/docker/centos/binary/designate/designate-api/start.sh
new file mode 100755
index 0000000000..aae50ea8f1
--- /dev/null
+++ b/docker/centos/binary/designate/designate-api/start.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+set -e
+
+. /opt/kolla/kolla-common.sh
+. /opt/kolla/config-designate.sh
+
+CONF=/etc/designate/designate.conf
+
+check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_ADMIN_SERVICE_HOST \
+                    DESIGNATE_KEYSTONE_USER DESIGNATE_KEYSTONE_PASSWORD \
+                    KEYSTONE_AUTH_PROTOCOL ADMIN_TENANT_NAME \
+                    DESIGNATE_API_SERVICE_HOST DESIGNATE_API_SERVICE_PORT \
+                    KEYSTONE_ADMIN_SERVICE_PORT
+
+export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
+export SERVICE_ENDPOINT="${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v2.0"
+
+fail_unless_os_service_running keystone
+
+crux user-create \
+    -n ${DESIGNATE_KEYSTONE_USER} \
+    -p ${DESIGNATE_KEYSTONE_PASSWORD} \
+    -t ${ADMIN_TENANT_NAME} \
+    -r admin
+
+crux endpoint-create \
+    --remove-all \
+    -n ${DESIGNATE_KEYSTONE_USER} \
+    -t dns \
+    -I "${KEYSTONE_AUTH_PROTOCOL}://${DESIGNATE_API_SERVICE_HOST}:${DESIGNATE_API_SERVICE_PORT}/v1" \
+    -P "${KEYSTONE_AUTH_PROTOCOL}://${DESIGNATE_API_SERVICE_HOST}:${DESIGNATE_API_SERVICE_PORT}/v1" \
+    -A "${KEYSTONE_AUTH_PROTOCOL}://${DESIGNATE_API_SERVICE_HOST}:${DESIGNATE_API_SERVICE_PORT}/v1"
+
+crudini --set $CONF service:api api_paste_config "/usr/share/designate/api-paste.ini"
+crudini --set $CONF service:api api_port "${DESIGNATE_API_SERVICE_PORT}"
+
+exec /usr/bin/designate-api
diff --git a/docker/centos/binary/designate/designate-backend-bind9-data/Dockerfile b/docker/centos/binary/designate/designate-backend-bind9-data/Dockerfile
new file mode 100644
index 0000000000..99909c361a
--- /dev/null
+++ b/docker/centos/binary/designate/designate-backend-bind9-data/Dockerfile
@@ -0,0 +1,6 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%base:%%KOLLA_TAG%%
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+VOLUME [ "/var/named" ]
+
+CMD [ "/bin/true" ]
diff --git a/docker/centos/binary/designate/designate-backend-bind9-data/build b/docker/centos/binary/designate/designate-backend-bind9-data/build
new file mode 120000
index 0000000000..ec19138031
--- /dev/null
+++ b/docker/centos/binary/designate/designate-backend-bind9-data/build
@@ -0,0 +1 @@
+../../../../../tools/build-docker-image
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-backend-bind9/Dockerfile b/docker/centos/binary/designate/designate-backend-bind9/Dockerfile
new file mode 100644
index 0000000000..7f57786c4b
--- /dev/null
+++ b/docker/centos/binary/designate/designate-backend-bind9/Dockerfile
@@ -0,0 +1,10 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%designate-base:%%KOLLA_TAG%%
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+RUN yum install -y bind \
+    && yum clean all \
+    && cp -pr /var/named /opt/kolla/var-named
+
+COPY start.sh /start.sh
+
+CMD ["/start.sh"]
diff --git a/docker/centos/binary/designate/designate-backend-bind9/build b/docker/centos/binary/designate/designate-backend-bind9/build
new file mode 120000
index 0000000000..ec19138031
--- /dev/null
+++ b/docker/centos/binary/designate/designate-backend-bind9/build
@@ -0,0 +1 @@
+../../../../../tools/build-docker-image
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-backend-bind9/start.sh b/docker/centos/binary/designate/designate-backend-bind9/start.sh
new file mode 100755
index 0000000000..90d2de676b
--- /dev/null
+++ b/docker/centos/binary/designate/designate-backend-bind9/start.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+set -e
+
+. /opt/kolla/kolla-common.sh
+
+check_required_vars DESIGNATE_MASTERNS DESIGNATE_SLAVENS DESIGNATE_BIND9_RNDC_KEY \
+                    DESIGNATE_ALLOW_RECURSION
+
+NAMEDCFG=/etc/named.conf
+
+# /var/named is coming from a VOLUME definition but at first boot it needs to
+# be populated from the original container since else it would be missing some
+# Bind9 core files. These files have been saved during the build phase.
+
+if [ ! -f /var/named/named.ca ]; then
+    cp -pr /opt/kolla/var-named/* /var/named/
+fi
+
+# When rndc adds a new domain, bind adds the call in an nzf file in this
+# directory.
+chmod 770 /var/named
+chown root:named /var/named
+
+# Default Bind9 behavior is to enable recursion, disable if wanted.
+if [ "${DESIGNATE_ALLOW_RECURSION}" == "false" ]; then
+    sed -i -r "s/(recursion) yes/\1 no/" $NAMEDCFG
+fi
+
+sed -i -r "/listen-on port 53/d" $NAMEDCFG
+sed -i -r "/listen-on-v6/d" $NAMEDCFG
+sed -i -r "s,/\* Path to ISC DLV key \*/,allow-new-zones yes;," $NAMEDCFG
+sed -i -r "/allow-query .+;/d" $NAMEDCFG
+
+if ! grep -q rndc-key /etc/named.conf; then
+    cat >> /etc/named.conf <<EOF
+include "/etc/rndc.key";
+controls {
+    inet ${DESIGNATE_SLAVENS} allow { ${DESIGNATE_MASTERNS}; } keys { "rndc-key"; };
+};
+EOF
+fi
+
+cat > /etc/rndc.key <<EOF
+key "rndc-key" {
+    algorithm hmac-md5;
+    secret "${DESIGNATE_BIND9_RNDC_KEY}";
+};
+EOF
+cat > /etc/rndc.conf <<EOF
+options {
+    default-key "rndc-key";
+    default-server 127.0.0.1;
+    default-port 953;
+};
+EOF
+cat /etc/rndc.key >> /etc/rndc.conf
+chown named /etc/rndc.key
+
+# Launch and keep in the foreground.
+exec /usr/sbin/named -u named -g
diff --git a/docker/centos/binary/designate/designate-base/Dockerfile b/docker/centos/binary/designate/designate-base/Dockerfile
new file mode 100644
index 0000000000..ae7b060018
--- /dev/null
+++ b/docker/centos/binary/designate/designate-base/Dockerfile
@@ -0,0 +1,17 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%base:%%KOLLA_TAG%%
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+# Install designate-api because of /etc/designate/policy.json, which
+# is needed in all services. This is probably a packaging bug. We do
+# need the complete policy file because of some of the containers'
+# requiring it. Remove the package when the file is moved though.
+RUN yum install -y \
+    MySQL-python \
+    openstack-designate-api \
+    openstack-designate-common \
+    && yum clean all \
+    && cp /etc/designate/policy.json /tmp/ \
+    && rpm -e openstack-designate-api \
+    && mv /tmp/policy.json /etc/designate/
+
+COPY config-designate.sh /opt/kolla/config-designate.sh
diff --git a/docker/centos/binary/designate/designate-base/build b/docker/centos/binary/designate/designate-base/build
new file mode 120000
index 0000000000..ec19138031
--- /dev/null
+++ b/docker/centos/binary/designate/designate-base/build
@@ -0,0 +1 @@
+../../../../../tools/build-docker-image
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-base/config-designate.sh b/docker/centos/binary/designate/designate-base/config-designate.sh
new file mode 100755
index 0000000000..883d094b45
--- /dev/null
+++ b/docker/centos/binary/designate/designate-base/config-designate.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+set -e
+
+. /opt/kolla/kolla-common.sh
+
+check_required_vars DESIGNATE_DB_PASSWORD DESIGNATE_KEYSTONE_PASSWORD \
+                    KEYSTONE_PUBLIC_SERVICE_HOST RABBITMQ_SERVICE_HOST \
+                    DESIGNATE_BIND9_RNDC_KEY DESIGNATE_BACKEND \
+                    KEYSTONE_PUBLIC_SERVICE_PORT DESIGNATE_KEYSTONE_USER \
+                    RABBIT_USERID RABBIT_PASSWORD DESIGNATE_DB_USER \
+                    DESIGNATE_DB_NAME KEYSTONE_AUTH_PROTOCOL \
+                    KEYSTONE_ADMIN_SERVICE_HOST KEYSTONE_ADMIN_SERVICE_PORT \
+                    DEBUG_LOGGING
+
+fail_unless_db
+dump_vars
+
+cat > /openrc <<EOF
+export OS_AUTH_URL="http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v2.0"
+export OS_USERNAME="${DESIGNATE_KEYSTONE_USER}"
+export OS_PASSWORD="${DESIGNATE_KEYSTONE_PASSWORD}"
+export OS_TENANT_NAME="${ADMIN_TENANT_NAME}"
+EOF
+
+conf=/etc/designate/designate.conf
+
+# Regular configuration.
+crudini --set $conf DEFAULT log_file ""
+crudini --set $conf DEFAULT use_stderr "True"
+crudini --set $conf DEFAULT debug "${DEBUG_LOGGING}"
+crudini --set $conf DEFAULT rpc_backend "designate.openstack.common.rpc.impl_kombu"
+
+crudini --set $conf oslo_messaging_rabbit rabbit_host "${RABBITMQ_SERVICE_HOST}"
+crudini --set $conf oslo_messaging_rabbit rabbit_userid "${RABBIT_USERID}"
+crudini --set $conf oslo_messaging_rabbit rabbit_password "${RABBIT_PASSWORD}"
+
+crudini --set $conf storage:sqlalchemy connection "mysql://${DESIGNATE_DB_USER}:${DESIGNATE_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${DESIGNATE_DB_NAME}"
+
+crudini --set $conf service:api auth_strategy "keystone"
+crudini --set $conf service:api api_host "${PUBLIC_IP}"
+
+crudini --set $conf keystone_authtoken identity_uri "${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}"
+crudini --set $conf keystone_authtoken auth_uri "${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v2.0"
+crudini --set $conf keystone_authtoken admin_tenant_name "${ADMIN_TENANT_NAME}"
+crudini --set $conf keystone_authtoken admin_user "${DESIGNATE_KEYSTONE_USER}"
+crudini --set $conf keystone_authtoken admin_password "${DESIGNATE_KEYSTONE_PASSWORD}"
+
+if [ "${DESIGNATE_BACKEND}" == "bind9" ]; then
+    # Configure a key for RNDC so it can connect with Bind9 to create/delete
+    # zones.
+    cat > /etc/rndc.key <<EOF
+key "rndc-key" {
+    algorithm hmac-md5;
+    secret "${DESIGNATE_BIND9_RNDC_KEY}";
+};
+EOF
+fi
diff --git a/docker/centos/binary/designate/designate-central/Dockerfile b/docker/centos/binary/designate/designate-central/Dockerfile
new file mode 100644
index 0000000000..59e0a0e324
--- /dev/null
+++ b/docker/centos/binary/designate/designate-central/Dockerfile
@@ -0,0 +1,10 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%designate-base:%%KOLLA_TAG%%
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+RUN yum install -y \
+    openstack-designate-central \
+    && yum clean all
+
+COPY start.sh /start.sh
+
+CMD ["/start.sh"]
diff --git a/docker/centos/binary/designate/designate-central/build b/docker/centos/binary/designate/designate-central/build
new file mode 120000
index 0000000000..ec19138031
--- /dev/null
+++ b/docker/centos/binary/designate/designate-central/build
@@ -0,0 +1 @@
+../../../../../tools/build-docker-image
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-central/start.sh b/docker/centos/binary/designate/designate-central/start.sh
new file mode 100755
index 0000000000..fef7e23532
--- /dev/null
+++ b/docker/centos/binary/designate/designate-central/start.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+set -e
+
+. /opt/kolla/kolla-common.sh
+. /opt/kolla/config-designate.sh
+
+check_required_vars MARIADB_SERVICE_HOST DB_ROOT_PASSWORD DESIGNATE_DB_NAME \
+                    DESIGNATE_DB_USER DESIGNATE_DB_PASSWORD DESIGNATE_INITDB
+
+fail_unless_db
+
+CONF=/etc/designate/designate.conf
+
+if [ "${DESIGNATE_INITDB}" == "true" ]; then
+    echo "Configuring database"
+    mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
+CREATE DATABASE IF NOT EXISTS ${DESIGNATE_DB_NAME};
+GRANT ALL PRIVILEGES ON ${DESIGNATE_DB_NAME}.* TO '${DESIGNATE_DB_USER}'@'%' IDENTIFIED BY '${DESIGNATE_DB_PASSWORD}'
+EOF
+
+    designate-manage database sync
+fi
+
+exec /usr/bin/designate-central
diff --git a/docker/centos/binary/designate/designate-mdns/Dockerfile b/docker/centos/binary/designate/designate-mdns/Dockerfile
new file mode 100644
index 0000000000..87f4fdfc81
--- /dev/null
+++ b/docker/centos/binary/designate/designate-mdns/Dockerfile
@@ -0,0 +1,9 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%designate-base:%%KOLLA_TAG%%
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+RUN yum install -y openstack-designate-mdns \
+    && yum clean all
+
+COPY start.sh /start.sh
+
+CMD ["/start.sh"]
diff --git a/docker/centos/binary/designate/designate-mdns/build b/docker/centos/binary/designate/designate-mdns/build
new file mode 120000
index 0000000000..ec19138031
--- /dev/null
+++ b/docker/centos/binary/designate/designate-mdns/build
@@ -0,0 +1 @@
+../../../../../tools/build-docker-image
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-mdns/start.sh b/docker/centos/binary/designate/designate-mdns/start.sh
new file mode 100755
index 0000000000..a3e5df2747
--- /dev/null
+++ b/docker/centos/binary/designate/designate-mdns/start.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+. /opt/kolla/kolla-common.sh
+. /opt/kolla/config-designate.sh
+
+check_required_vars DESIGNATE_MASTERNS DESIGNATE_MDNS_PORT
+
+CONF=/etc/designate/designate.conf
+
+crudini --set $CONF service:mdns workers "1"
+crudini --set $CONF service:mdns host "${DESIGNATE_MASTERNS}"
+crudini --set $CONF service:mdns port "${DESIGNATE_MDNS_PORT}"
+crudini --set $CONF service:mdns tcp_backlog "100"
+crudini --set $CONF service:mdns all_tcp "False"
+
+exec /usr/bin/designate-mdns
diff --git a/docker/centos/binary/designate/designate-poolmanager/Dockerfile b/docker/centos/binary/designate/designate-poolmanager/Dockerfile
new file mode 100644
index 0000000000..25581d3db8
--- /dev/null
+++ b/docker/centos/binary/designate/designate-poolmanager/Dockerfile
@@ -0,0 +1,12 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%designate-base:%%KOLLA_TAG%%
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+# The bind9 package here is only to provide the rndc binary.
+RUN yum install -y \
+    openstack-designate-pool-manager \
+    bind \
+    && yum clean all
+
+COPY start.sh /start.sh
+
+CMD ["/start.sh"]
diff --git a/docker/centos/binary/designate/designate-poolmanager/build b/docker/centos/binary/designate/designate-poolmanager/build
new file mode 120000
index 0000000000..ec19138031
--- /dev/null
+++ b/docker/centos/binary/designate/designate-poolmanager/build
@@ -0,0 +1 @@
+../../../../../tools/build-docker-image
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-poolmanager/start.sh b/docker/centos/binary/designate/designate-poolmanager/start.sh
new file mode 100755
index 0000000000..34e6e33eee
--- /dev/null
+++ b/docker/centos/binary/designate/designate-poolmanager/start.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+set -e
+
+. /opt/kolla/kolla-common.sh
+. /opt/kolla/config-designate.sh
+
+check_required_vars DESIGNATE_MASTERNS DESIGNATE_BACKEND DESIGNATE_SLAVENS \
+                    DESIGNATE_MDNS_PORT DESIGNATE_DNS_PORT DESIGNATE_POOLMAN_POOLID \
+                    DESIGNATE_POOLMAN_TARGETS DESIGNATE_POOLMAN_NSS
+
+CONF=/etc/designate/designate.conf
+
+if [ "${DESIGNATE_BACKEND}" == "bind9" ]; then
+    TYPE="bind9"
+    OPTIONS="rndc_host: ${DESIGNATE_SLAVENS}, rndc_key_file: /etc/rndc.key"
+else
+    echo Unsupported backend: ${DESIGNATE_BACKEND}
+    exit
+fi
+
+crudini --set $CONF service:pool_manager workers "1"
+crudini --set $CONF service:pool_manager enable_recovery_timer "False"
+crudini --set $CONF service:pool_manager periodic_recovery_interval "120"
+crudini --set $CONF service:pool_manager enable_sync_timer "True"
+crudini --set $CONF service:pool_manager periodic_sync_interval "1800"
+crudini --set $CONF service:pool_manager poll_max_retries "10"
+crudini --set $CONF service:pool_manager poll_delay "5"
+crudini --set $CONF service:pool_manager poll_retry_interval "15"
+crudini --set $CONF service:pool_manager pool_id "${DESIGNATE_POOLMAN_POOLID}"
+crudini --set $CONF service:pool_manager cache_driver "noop"
+
+# TODO: use this to use memcached
+#crudini --set $CONF service:pool_manager cache_driver memcache
+#crudini --set $CONF service:pool_manager memcached_servers ${MEMCACHED_HOST}
+
+crudini --set $CONF pool:${DESIGNATE_POOLMAN_POOLID} nameservers "${DESIGNATE_POOLMAN_NSS}"
+crudini --set $CONF pool:${DESIGNATE_POOLMAN_POOLID} targets "${DESIGNATE_POOLMAN_TARGETS}"
+
+crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} type "${TYPE}"
+crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} options "${OPTIONS}"
+# This is the mdns container, which is the master nameserver.
+crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} masters "${DESIGNATE_MASTERNS}:${DESIGNATE_MDNS_PORT}"
+crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} host "${DESIGNATE_MASTERNS}"
+crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} port "${DESIGNATE_DNS_PORT}"
+
+crudini --set $CONF pool_nameserver:${DESIGNATE_POOLMAN_NSS} host "${DESIGNATE_MASTERNS}"
+crudini --set $CONF pool_nameserver:${DESIGNATE_POOLMAN_NSS} port "${DESIGNATE_DNS_PORT}"
+
+exec /usr/bin/designate-pool-manager
diff --git a/docs/integration-guide.md b/docs/integration-guide.md
index b13b74cae5..4794508ff6 100644
--- a/docs/integration-guide.md
+++ b/docs/integration-guide.md
@@ -119,6 +119,19 @@ all containers.  This allows a simple method of ensuring every type of node
     MAGNUM_KEYSTONE_PASSWORD=<magnum> - The Magnum keystone password
     MAGNUM_API_SERVICE_HOST=<IP> - The Magnum Host IP address
     MAGNUM_API_SERVICE_PORT=<9511> - The Magnum port
+    DESIGNATE_DB_NAME=<designate> - The Designate database name
+    DESIGNATE_DB_PASSWORD=<designatedns> - The Designate database password
+    DESIGNATE_KEYSTONE_PASSWORD=<designate> - The keystone password for the designate user
+    DESIGNATE_BIND9_RNDC_KEY=<KEY> - The rndc/bind key to use for communication between pool_manager and bind9
+    DESIGNATE_MASTERNS=<IP> - The IP Address of the master (primary) DNS server (the backend)
+    DESIGNATE_BACKEND=<bind9> - The backend to use in Designate, currently only bind9 is supported
+    DESIGNATE_SLAVENS=<IP> - The IP Address of a slave nameserver under control of pool_manager
+    DESIGNATE_API_SERVICE_HOST=<IP> - The IP Address of the Designate API
+    DESIGNATE_API_SERVICE_PORT=<9001> - The port of the Designate API
+    DESIGNATE_MDNS_PORT=<5354> - The port of the Designate MiniDNS server acting as master server
+    DESIGNATE_DNS_PORT=<53> - The port of the Designate-backed DNS slaves that are used by the world
+    DESIGNATE_INITDB=<true|false> - Configures if the database should be created and initialised
+    DESIGNATE_ALLOW_RECURSION=<true|false> - Configure a recursive nameserver
 
 
 [Minimum environment variable setup guide.](https://github.com/stackforge/kolla/blob/master/docs/minimal-environment-vars.md)
diff --git a/tools/genenv b/tools/genenv
index 3b0c4d2b88..69a3b13fca 100755
--- a/tools/genenv
+++ b/tools/genenv
@@ -125,6 +125,27 @@ MAGNUM_KEYSTONE_PASSWORD=magnum
 MAGNUM_API_SERVICE_HOST=$HOST_IP
 MAGNUM_API_SERVICE_PORT=9511
 
+# Designate
+DESIGNATE_DB_NAME=designate
+DESIGNATE_DB_USER=designate
+DESIGNATE_DB_PASSWORD=designatedns
+DESIGNATE_KEYSTONE_USER=designate
+DESIGNATE_KEYSTONE_PASSWORD=designate
+DESIGNATE_BIND9_RNDC_KEY=$(openssl rand -base64 24)
+DESIGNATE_MASTERNS=$HOST_IP
+DESIGNATE_BACKEND=bind9
+DESIGNATE_SLAVENS=$HOST_IP
+DESIGNATE_API_SERVICE_HOST=$HOST_IP
+DESIGNATE_API_SERVICE_PORT=9001
+DESIGNATE_MDNS_PORT=5354
+DESIGNATE_DNS_PORT=53
+# The POOLID is hardcoded, upstream ships pre-configured with this uuid:
+DESIGNATE_POOLMAN_POOLID=794ccc2c-d751-44fe-b57f-8894c9f5c842
+DESIGNATE_POOLMAN_TARGETS=$(uuidgen)
+DESIGNATE_POOLMAN_NSS=$(uuidgen)
+DESIGNATE_INITDB=true
+DESIGNATE_ALLOW_RECURSION=true
+
 cat > ./openrc <<EOF
 export OS_AUTH_URL="http://${KEYSTONE_PUBLIC_SERVICE_HOST}:5000/v2.0"
 export OS_USERNAME=$ADMIN_TENANT_NAME
@@ -215,6 +236,24 @@ RABBITMQ_USER=$RABBIT_USER
 RABBIT_PASSWORD=$RABBIT_PASSWORD
 RABBIT_USERID=$RABBIT_USER
 HEAT_API_CFN_SERVICE_HOST=$HEAT_API_CFN_SERVICE_HOST
+DESIGNATE_DB_NAME=$DESIGNATE_DB_NAME
+DESIGNATE_DB_USER=$DESIGNATE_DB_USER
+DESIGNATE_DB_PASSWORD=$DESIGNATE_DB_PASSWORD
+DESIGNATE_KEYSTONE_USER=$DESIGNATE_KEYSTONE_USER
+DESIGNATE_KEYSTONE_PASSWORD=$DESIGNATE_KEYSTONE_PASSWORD
+DESIGNATE_API_SERVICE_HOST=$DESIGNATE_API_SERVICE_HOST
+DESIGNATE_API_SERVICE_PORT=$DESIGNATE_API_SERVICE_PORT
+DESIGNATE_BIND9_RNDC_KEY=$DESIGNATE_BIND9_RNDC_KEY
+DESIGNATE_MASTERNS=$DESIGNATE_MASTERNS
+DESIGNATE_BACKEND=$DESIGNATE_BACKEND
+DESIGNATE_SLAVENS=$DESIGNATE_SLAVENS
+DESIGNATE_MDNS_PORT=$DESIGNATE_MDNS_PORT
+DESIGNATE_DNS_PORT=$DESIGNATE_DNS_PORT
+DESIGNATE_POOLMAN_POOLID=$DESIGNATE_POOLMAN_POOLID
+DESIGNATE_POOLMAN_TARGETS=$DESIGNATE_POOLMAN_TARGETS
+DESIGNATE_POOLMAN_NSS=$DESIGNATE_POOLMAN_NSS
+DESIGNATE_INITDB=$DESIGNATE_INITDB
+DESIGNATE_ALLOW_RECURSION=$DESIGNATE_ALLOW_RECURSION
 EOF
 echo Please customize your FLAT_INTERFACE to a different network then your
 echo main network. The FLAT_INTERFACE is used for inter-VM communication.