diff --git a/README.rst b/README.rst
index 65544b5fb9..ca7b92ab55 100644
--- a/README.rst
+++ b/README.rst
@@ -89,6 +89,7 @@ Kolla provides images to deploy the following OpenStack projects:
 - `Senlin <http://docs.openstack.org/developer/senlin/>`__
 - `Solum <http://docs.openstack.org/developer/solum/>`__
 - `Swift <http://docs.openstack.org/developer/swift/>`__
+- `Tacker <http://docs.openstack.org/developer/tacker/>`__
 - `Tempest <http://docs.openstack.org/developer/tempest/>`__
 - `Trove <http://docs.openstack.org/developer/trove/>`__
 - `Vmtp <http://vmtp.readthedocs.io/en/latest/>`__
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 494790e6bc..3be6d62e2d 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -210,6 +210,8 @@ searchlight_api_port: "9393"
 
 grafana_server_port: "3000"
 
+tacker_server_port: "9890"
+
 public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
 internal_protocol: "http"
 admin_protocol: "http"
@@ -291,6 +293,7 @@ enable_searchlight: "no"
 enable_senlin: "no"
 enable_solum: "no"
 enable_swift: "no"
+enable_tacker: "no"
 enable_telegraf: "no"
 enable_tempest: "no"
 enable_trove: "no"
diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one
index ca693c0ff4..4a19ef581c 100644
--- a/ansible/inventory/all-in-one
+++ b/ansible/inventory/all-in-one
@@ -126,6 +126,9 @@ control
 [congress:children]
 control
 
+[tacker:children]
+control
+
 # Tempest
 [tempest:children]
 control
diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode
index 728be081ea..d941b677ff 100644
--- a/ansible/inventory/multinode
+++ b/ansible/inventory/multinode
@@ -141,6 +141,9 @@ control
 [gnocchi:children]
 control
 
+[tacker:children]
+control
+
 [trove:children]
 control
 
diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml
index 00a83a7b86..f07d9a610c 100644
--- a/ansible/roles/common/tasks/config.yml
+++ b/ansible/roles/common/tasks/config.yml
@@ -100,4 +100,5 @@
     - { name: "senlin", enabled: "{{ enable_senlin }}" }
     - { name: "solum", enabled: "{{ enable_solum }}" }
     - { name: "swift", enabled: "{{ enable_swift }}" }
+    - { name: "tacker", enabled: "{{ enable_tacker }}" }
     - { name: "watcher", enabled: "{{ enable_watcher }}" }
diff --git a/ansible/roles/common/templates/cron-logrotate-tacker.conf.j2 b/ansible/roles/common/templates/cron-logrotate-tacker.conf.j2
new file mode 100644
index 0000000000..6815816451
--- /dev/null
+++ b/ansible/roles/common/templates/cron-logrotate-tacker.conf.j2
@@ -0,0 +1,3 @@
+"/var/log/kolla/tacker/*.log"
+{
+}
diff --git a/ansible/roles/common/templates/cron.json.j2 b/ansible/roles/common/templates/cron.json.j2
index 610145f25b..adc437a489 100644
--- a/ansible/roles/common/templates/cron.json.j2
+++ b/ansible/roles/common/templates/cron.json.j2
@@ -27,7 +27,8 @@
     ( 'searchlight', enable_searchlight ),
     ( 'senlin', enable_senlin ),
     ( 'solum', enable_solum ),
-    ( 'swift', enable_swift )
+    ( 'swift', enable_swift ),
+    ( 'tacker', enable_tacker )
 ] %}
 {
     "command": "{{ cron_cmd }}",
diff --git a/ansible/roles/common/templates/heka-openstack.toml.j2 b/ansible/roles/common/templates/heka-openstack.toml.j2
index 1a22733805..56c008b804 100644
--- a/ansible/roles/common/templates/heka-openstack.toml.j2
+++ b/ansible/roles/common/templates/heka-openstack.toml.j2
@@ -6,6 +6,6 @@ filename = "lua_decoders/os_openstack_log.lua"
 type = "LogstreamerInput"
 decoder = "openstack_log_decoder"
 log_directory = "/var/log/kolla"
-file_match = '(?P<Service>cloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|searchlight|senlin|sahara)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
+file_match = '(?P<Service>cloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
 priority = ["^Seq"]
 differentiator = ["Service", "_", "Program"]
diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
index abedfbf024..cceae6a2e5 100644
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -647,6 +647,22 @@ listen mistral_api_external
 {% endif %}
 {% endif %}
 
+{% if enable_tacker | bool %}
+listen tacker_server
+  bind {{ kolla_internal_vip_address }}:{{ tacker_server_port }}
+{% for host in groups['tacker'] %}
+  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ tacker_server_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% if haproxy_enable_external_vip | bool %}
+
+listen tacker_server_external
+  bind {{ kolla_external_vip_address }}:{{ tacker_server_port }} {{ tls_bind_info }}
+{% for host in groups['tacker'] %}
+  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ tacker_server_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% endif %}
+{% endif %}
+
 # (NOTE): This defaults section deletes forwardfor as recommended by:
 #         https://marc.info/?l=haproxy&m=141684110710132&w=1
 
diff --git a/ansible/roles/neutron/templates/ml2_conf.ini.j2 b/ansible/roles/neutron/templates/ml2_conf.ini.j2
index b689440e0d..b9cb102af3 100644
--- a/ansible/roles/neutron/templates/ml2_conf.ini.j2
+++ b/ansible/roles/neutron/templates/ml2_conf.ini.j2
@@ -19,6 +19,10 @@ mechanism_drivers = linuxbridge,l2population
 extension_drivers = qos
 {% endif %}
 
+{% if enable_tacker | bool %}
+extension_drivers = port_security
+{% endif %}
+
 [ml2_type_vlan]
 {% if enable_ironic | bool %}
 network_vlan_ranges = physnet1
diff --git a/ansible/roles/prechecks/tasks/port_checks.yml b/ansible/roles/prechecks/tasks/port_checks.yml
index eef306fc2f..dc7dfa1159 100644
--- a/ansible/roles/prechecks/tasks/port_checks.yml
+++ b/ansible/roles/prechecks/tasks/port_checks.yml
@@ -929,3 +929,23 @@
   when:
     - inventory_hostname in groups['haproxy']
     - enable_searchlight | bool
+
+- name: Checking free port for Tacker Server
+  wait_for:
+    host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+    port: "{{ tacker_server_port }}"
+    connect_timeout: 1
+    state: stopped
+  when:
+    - inventory_hostname in groups['tacker']
+    - enable_tacker | bool
+
+- name: Checking free port for Tacker Server HAProxy
+  wait_for:
+    host: "{{ kolla_internal_vip_address }}"
+    port: "{{ tacker_server_port }}"
+    connect_timeout: 1
+    state: stopped
+  when:
+    - inventory_hostname in groups['haproxy']
+    - enable_tacker | bool
diff --git a/ansible/roles/tacker/defaults/main.yml b/ansible/roles/tacker/defaults/main.yml
new file mode 100644
index 0000000000..6c1fc6c0e3
--- /dev/null
+++ b/ansible/roles/tacker/defaults/main.yml
@@ -0,0 +1,29 @@
+---
+project_name: "tacker"
+
+####################
+# Database
+####################
+tacker_database_name: "tacker"
+tacker_database_user: "tacker"
+tacker_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+
+########
+# Docker
+########
+tacker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-tacker"
+tacker_tag: "{{ openstack_release }}"
+tacker_image_full: "{{ tacker_image }}:{{ tacker_tag }}"
+
+####################
+# OpenStack
+####################
+tacker_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ tacker_server_port }}"
+tacker_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ tacker_server_port }}"
+tacker_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ tacker_server_port }}"
+
+tacker_logging_debug: "{{ openstack_logging_debug }}"
+
+tacker_keystone_user: "tacker"
+
+openstack_tacker_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
diff --git a/ansible/roles/tacker/meta/main.yml b/ansible/roles/tacker/meta/main.yml
new file mode 100644
index 0000000000..6b4fff8fef
--- /dev/null
+++ b/ansible/roles/tacker/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }
diff --git a/ansible/roles/tacker/tasks/bootstrap.yml b/ansible/roles/tacker/tasks/bootstrap.yml
new file mode 100644
index 0000000000..5937c2add8
--- /dev/null
+++ b/ansible/roles/tacker/tasks/bootstrap.yml
@@ -0,0 +1,41 @@
+---
+- name: Creating tacker database
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m mysql_db
+    -a "login_host='{{ database_address }}'
+        login_port='{{ database_port }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ tacker_database_name }}'"
+  register: database
+  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
+                    (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+  delegate_to: "{{ groups['tacker'][0] }}"
+
+- name: Reading json from variable
+  set_fact:
+    database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+
+- name: Creating tacker database user and setting permissions
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m mysql_user
+    -a "login_host='{{ database_address }}'
+        login_port='{{ database_port }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ tacker_database_name }}'
+        password='{{ tacker_database_password }}'
+        host='%'
+        priv='{{ tacker_database_name }}.*:ALL'
+        append_privs='yes'"
+  register: database_user_create
+  changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
+                    (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+  delegate_to: "{{ groups['tacker'][0] }}"
+
+- include: bootstrap_service.yml
+  when: database_created
diff --git a/ansible/roles/tacker/tasks/bootstrap_service.yml b/ansible/roles/tacker/tasks/bootstrap_service.yml
new file mode 100644
index 0000000000..039f3e6d99
--- /dev/null
+++ b/ansible/roles/tacker/tasks/bootstrap_service.yml
@@ -0,0 +1,20 @@
+---
+- name: Running tacker bootstrap container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    detach: False
+    environment:
+      KOLLA_BOOTSTRAP:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+    image: "{{ tacker_image_full }}"
+    labels:
+      BOOTSTRAP:
+    name: "bootstrap_tacker"
+    restart_policy: "never"
+    volumes:
+      - "{{ node_config_directory }}/tacker/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  run_once: True
+  delegate_to: "{{ groups['tacker'][0] }}"
diff --git a/ansible/roles/tacker/tasks/config.yml b/ansible/roles/tacker/tasks/config.yml
new file mode 100644
index 0000000000..b7d821d0dd
--- /dev/null
+++ b/ansible/roles/tacker/tasks/config.yml
@@ -0,0 +1,44 @@
+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item }}"
+    state: "directory"
+    recurse: yes
+  with_items:
+    - "tacker"
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item }}/config.json"
+  with_items:
+    - "tacker"
+
+- name: Copying over tacker.conf
+  merge_configs:
+    vars:
+      service_name: "{{ item }}"
+    sources:
+      - "{{ role_path }}/templates/tacker.conf.j2"
+      - "{{ node_custom_config }}/global.conf"
+      - "{{ node_custom_config }}/database.conf"
+      - "{{ node_custom_config }}/messaging.conf"
+      - "{{ node_custom_config }}/tacker.conf"
+      - "{{ node_custom_config }}/tacker/{{ item }}.conf"
+      - "{{ node_custom_config }}/tacker/{{ inventory_hostname }}/tacker.conf"
+    dest: "{{ node_config_directory }}/{{ item }}/tacker.conf"
+  with_items:
+    - "tacker"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/tacker/policy.json"
+  register: tacker_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/tacker/policy.json"
+    dest: "{{ node_config_directory }}/{{ item }}/policy.json"
+  with_items:
+    - "tacker"
+  when:
+    tacker_policy.stat.exists
diff --git a/ansible/roles/tacker/tasks/deploy.yml b/ansible/roles/tacker/tasks/deploy.yml
new file mode 100644
index 0000000000..5c48120b7c
--- /dev/null
+++ b/ansible/roles/tacker/tasks/deploy.yml
@@ -0,0 +1,8 @@
+---
+- include: register.yml
+
+- include: config.yml
+
+- include: bootstrap.yml
+
+- include: start.yml
diff --git a/ansible/roles/tacker/tasks/main.yml b/ansible/roles/tacker/tasks/main.yml
new file mode 100644
index 0000000000..b017e8b4ad
--- /dev/null
+++ b/ansible/roles/tacker/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- include: "{{ action }}.yml"
diff --git a/ansible/roles/tacker/tasks/pull.yml b/ansible/roles/tacker/tasks/pull.yml
new file mode 100644
index 0000000000..c1e1bd19af
--- /dev/null
+++ b/ansible/roles/tacker/tasks/pull.yml
@@ -0,0 +1,6 @@
+---
+- name: Pulling tacker image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ tacker_image_full }}"
diff --git a/ansible/roles/tacker/tasks/reconfigure.yml b/ansible/roles/tacker/tasks/reconfigure.yml
new file mode 100644
index 0000000000..60a29c0f06
--- /dev/null
+++ b/ansible/roles/tacker/tasks/reconfigure.yml
@@ -0,0 +1,64 @@
+---
+- name: Ensuring the containers up
+  kolla_docker:
+    name: "{{ item.name }}"
+    action: "get_container_state"
+  register: container_state
+  failed_when: container_state.Running == false
+  when: inventory_hostname in groups[item.group]
+  with_items:
+    - { name: tacker, group: tacker }
+
+- include: config.yml
+
+- name: Check the configs
+  command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
+  changed_when: false
+  failed_when: false
+  register: check_results
+  when: inventory_hostname in groups[item.group]
+  with_items:
+    - { name: tacker, group: tacker }
+
+# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
+# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
+# just remove the container and start again
+- name: Containers config strategy
+  kolla_docker:
+    name: "{{ item.name }}"
+    action: "get_container_env"
+  register: container_envs
+  when: inventory_hostname in groups[item.group]
+  with_items:
+    - { name: tacker, group: tacker }
+
+- name: Remove the containers
+  kolla_docker:
+    name: "{{ item[0]['name'] }}"
+    action: "remove_container"
+  register: remove_containers
+  when:
+    - config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
+    - item[2]['rc'] == 1
+    - inventory_hostname in groups[item[0]['group']]
+  with_together:
+    - [{ name: tacker, group: tacker }]
+    - "{{ container_envs.results }}"
+    - "{{ check_results.results }}"
+
+- include: start.yml
+  when: remove_containers.changed
+
+- name: Restart containers
+  kolla_docker:
+    name: "{{ item[0]['name'] }}"
+    action: "restart_container"
+  when:
+    - config_strategy == 'COPY_ALWAYS'
+    - item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
+    - item[2]['rc'] == 1
+    - inventory_hostname in groups[item[0]['group']]
+  with_together:
+    - [{ name: tacker, group: tacker }]
+    - "{{ container_envs.results }}"
+    - "{{ check_results.results }}"
diff --git a/ansible/roles/tacker/tasks/register.yml b/ansible/roles/tacker/tasks/register.yml
new file mode 100644
index 0000000000..c039e9afb1
--- /dev/null
+++ b/ansible/roles/tacker/tasks/register.yml
@@ -0,0 +1,40 @@
+---
+- name: Creating the Tacker service and endpoint
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=tacker
+        service_type=nfv-orchestration
+        description='Tacker Service'
+        endpoint_region={{ openstack_region_name }}
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_tacker_auth }}' }}"
+    -e "{'openstack_tacker_auth':{{ openstack_tacker_auth }}}"
+  register: tacker_endpoint
+  changed_when: "{{ tacker_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (tacker_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: tacker_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ tacker_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ tacker_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ tacker_public_endpoint }}'}
+
+- name: Creating the Tacker project, user, and role
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m kolla_keystone_user
+    -a "project=service
+        user=tacker
+        password={{ tacker_keystone_password }}
+        role=admin
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_tacker_auth }}' }}"
+    -e "{'openstack_tacker_auth':{{ openstack_tacker_auth }}}"
+  register: tacker_user
+  changed_when: "{{ tacker_user.stdout.find('localhost | SUCCESS => ') != -1 and (tacker_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: tacker_user.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
diff --git a/ansible/roles/tacker/tasks/start.yml b/ansible/roles/tacker/tasks/start.yml
new file mode 100644
index 0000000000..2d8214fe7b
--- /dev/null
+++ b/ansible/roles/tacker/tasks/start.yml
@@ -0,0 +1,11 @@
+---
+- name: Starting tacker container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ tacker_image_full }}"
+    name: "tacker"
+    volumes:
+      - "{{ node_config_directory }}/tacker/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
diff --git a/ansible/roles/tacker/tasks/upgrade.yml b/ansible/roles/tacker/tasks/upgrade.yml
new file mode 100644
index 0000000000..308053080c
--- /dev/null
+++ b/ansible/roles/tacker/tasks/upgrade.yml
@@ -0,0 +1,6 @@
+---
+- include: config.yml
+
+- include: bootstrap_service.yml
+
+- include: start.yml
diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2
new file mode 100644
index 0000000000..ebdc278c42
--- /dev/null
+++ b/ansible/roles/tacker/templates/tacker.conf.j2
@@ -0,0 +1,59 @@
+[DEFAULT]
+debug = {{ tacker_logging_debug }}
+
+log_dir = /var/log/kolla/tacker
+
+transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+bind_host = {{ api_interface_address }}
+bind_port = {{ tacker_server_port }}
+
+{% if enable_nova | bool %}
+nova_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}
+nova_admin_user_name = nova
+nova_admin_password = {{ nova_keystone_password }}
+nova_admin_tenant_id = service
+nova_admin_auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+
+[tacker_nova]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ nova_keystone_user }}
+password = {{ nova_keystone_password }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+{% endif %}
+
+[database]
+connection = mysql+pymysql://{{ tacker_database_user }}:{{ tacker_database_password }}@{{ tacker_database_address }}/{{ tacker_database_name }}
+max_retries = -1
+
+[keystone_authtoken]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ tacker_keystone_user }}
+password = {{ tacker_keystone_password }}
+
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+{% if enable_heat | bool %}
+[tacker_heat]
+heat_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1
+{% endif %}
+
+[oslo_messaging_notifications]
+{% if enable_ceilometer | bool %}
+driver = messagingv2
+topics = notifications
+{% else %}
+driver = noop
+{% endif %}
diff --git a/ansible/roles/tacker/templates/tacker.json.j2 b/ansible/roles/tacker/templates/tacker.json.j2
new file mode 100644
index 0000000000..81a519cf89
--- /dev/null
+++ b/ansible/roles/tacker/templates/tacker.json.j2
@@ -0,0 +1,25 @@
+{
+    "command": "tacker-server --config-file /etc/tacker/tacker.conf",
+    "config_files":[
+        {
+            "source": "{{ container_config_directory }}/tacker.conf",
+            "dest": "/etc/tacker/tacker.conf",
+            "owner": "tacker",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/policy.json",
+            "dest": "/etc/tacker/policy.json",
+            "owner": "tacker",
+            "perm": "0600",
+            "optional": true
+        }
+    ],
+    "permissions": [
+        {
+            "path": "/var/log/kolla/tacker",
+            "owner": "tacker:tacker",
+            "recurse": true
+        }
+    ]
+}
diff --git a/ansible/site.yml b/ansible/site.yml
index 62c53f5a4d..0055a13515 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -433,3 +433,10 @@
     - { role: searchlight,
         tags: searchlight,
         when: enable_searchlight | bool }
+
+- hosts: tacker
+  serial: '{{ serial|default("0") }}'
+  roles:
+    - { role: tacker,
+        tags: tacker,
+        when: enable_tacker | bool }
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index 2e13289802..c5b4d57acc 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -155,6 +155,7 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_solum: "no"
 #enable_swift: "no"
 #enable_telegraf: "no"
+#enable_tacker: "no"
 #enable_tempest: "no"
 #enable_watcher: "no"
 
diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml
index da095040a0..b37451d1bb 100644
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@@ -108,6 +108,9 @@ manila_keystone_password:
 
 searchlight_keystone_password:
 
+tacker_database_password:
+tacker_keystone_password:
+
 memcache_secret_key:
 
 nova_ssh_key:
diff --git a/releasenotes/notes/tacker-support-49dd2c2c1bd2ef61.yaml b/releasenotes/notes/tacker-support-49dd2c2c1bd2ef61.yaml
new file mode 100644
index 0000000000..ac98611120
--- /dev/null
+++ b/releasenotes/notes/tacker-support-49dd2c2c1bd2ef61.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - OpenStack Tacker NFV service Ansible support is included
+    in Kolla.