Ansible-ize OpenStack Designate

Implement ansible role to deploy designate
and dependencies. The backend used is bind9.

Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>
Co-Authored-By: Eduardo Gonzalez <dabarren@gmail.com>

Depends-On: 6d0dc3e0f931c7c50b64a4659900cc50b0d860a2
Implements: blueprint ansible-designate
Change-Id: I34d8126e0cd8d71d5ced9b62f3776cc354fbb549

ansible/group_vars/all.yml

@@ -124,6 +124,11 @@ congress_api_port: "1789"
 
 cloudkitty_api_port: "8889"
 
+designate_api_port: "9001"
+designate_bind_port: "53"
+designate_mdns_port: "5354"
+designate_rndc_port: "953"
+
 iscsi_port: "3260"
 
 gnocchi_api_port: "8041"
@@ -272,6 +277,7 @@ enable_cinder_backend_nfs: "no"
 enable_cloudkitty: "no"
 enable_congress: "no"
 enable_etcd: "no"
+enable_designate: "no"
 enable_gnocchi: "no"
 enable_grafana: "no"
 enable_heat: "yes"
@@ -403,6 +409,10 @@ cinder_backup_mount_options_nfs: ""
 # Valid options are [ ceilometer, gnocchi ]
 cloudkitty_collector_backend: "ceilometer"
 
+#######################
+# Designate options
+#######################
+designate_ns_record: "sample.openstack.org"
 
 #######################
 # Nova options

ansible/inventory/all-in-one

@@ -154,6 +154,9 @@ control
 [octavia:children]
 control
 
+[designate:children]
+control
+
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
 #
@@ -450,3 +453,22 @@ octavia
 
 [octavia-worker:children]
 octavia
+
+# Designate
+[designate-api:children]
+designate
+
+[designate-central:children]
+designate
+
+[designate-mdns:children]
+designate
+
+[designate-worker:children]
+designate
+
+[designate-sink:children]
+designate
+
+[designate-backend-bind9:children]
+designate

ansible/inventory/multinode

@@ -170,6 +170,9 @@ control
 [octavia:children]
 control
 
+[designate:children]
+control
+
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
 #
@@ -466,3 +469,22 @@ octavia
 
 [octavia-worker:children]
 octavia
+
+# Designate
+[designate-api:children]
+designate
+
+[designate-central:children]
+designate
+
+[designate-mdns:children]
+designate
+
+[designate-worker:children]
+designate
+
+[designate-sink:children]
+designate
+
+[designate-backend-bind9:children]
+designate

ansible/roles/common/tasks/config.yml

@@ -77,6 +77,7 @@
     - { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
     - { name: "cinder", enabled: "{{ enable_cinder }}" }
     - { name: "cloudkitty", enabled: "{{ enable_cloudkitty }}" }
+    - { name: "designate", enabled: "{{ enable_designate }}" }
     - { name: "elasticsearch", enabled: "{{ enable_elasticsearch }}" }
     - { name: "glance", enabled: "{{ enable_glance }}" }
     - { name: "global", enabled: "yes" }

ansible/roles/common/templates/cron-logrotate-designate.conf.j2

@@ -0,0 +1,3 @@
+"/var/log/kolla/designate/*.log"
+{
+}

ansible/roles/common/templates/cron.json.j2

@@ -6,6 +6,7 @@
     ( 'ceilometer', enable_ceilometer ),
     ( 'cinder', enable_cinder ),
     ( 'cloudkitty', enable_cloudkitty ),
+    ( 'designate', enable_designate ),
     ( 'elasticsearch', enable_elasticsearch ),
     ( 'glance', enable_glance ),
     ( 'gnocchi', enable_gnocchi ),

ansible/roles/common/templates/heka-openstack.toml.j2

@@ -6,6 +6,6 @@ filename = "lua_decoders/os_openstack_log.lua"
 type = "LogstreamerInput"
 decoder = "openstack_log_decoder"
 log_directory = "/var/log/kolla"
-file_match = '(?P<Service>cloudkitty|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
+file_match = '(?P<Service>cloudkitty|designate|nova|glance|keystone|neutron|ceph|cinder|heat|murano|magnum|mistral|manila|octavia|searchlight|senlin|sahara|tacker)/(?P<Program>.*)\.log\.?(?P<Seq>\d*)$'
 priority = ["^Seq"]
 differentiator = ["Service", "_", "Program"]

ansible/roles/designate/defaults/main.yml

@@ -0,0 +1,55 @@
+---
+project_name: "designate"
+
+####################
+# Database
+####################
+designate_database_name: "designate"
+designate_database_user: "designate"
+designate_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+
+designate_pool_manager_database_name: "designate_pool_manager"
+designate_pool_manager_database_user: "designate_pool_manager"
+designate_pool_manager_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+
+
+####################
+# Docker
+####################
+
+designate_central_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-central"
+designate_central_tag: "{{ openstack_release }}"
+designate_central_image_full: "{{ designate_central_image }}:{{ designate_central_tag }}"
+
+designate_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-api"
+designate_api_tag: "{{ openstack_release }}"
+designate_api_image_full: "{{ designate_api_image }}:{{ designate_api_tag }}"
+
+designate_backend_bind9_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-backend-bind9"
+designate_backend_bind9_tag: "{{ openstack_release }}"
+designate_backend_bind9_image_full: "{{ designate_backend_bind9_image }}:{{ designate_backend_bind9_tag }}"
+
+designate_mdns_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-mdns"
+designate_mdns_tag: "{{ openstack_release }}"
+designate_mdns_image_full: "{{ designate_mdns_image }}:{{ designate_mdns_tag }}"
+
+designate_sink_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-sink"
+designate_sink_tag: "{{ openstack_release }}"
+designate_sink_image_full: "{{ designate_sink_image }}:{{ designate_sink_tag }}"
+
+designate_worker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-designate-worker"
+designate_worker_tag: "{{ openstack_release }}"
+designate_worker_image_full: "{{ designate_worker_image }}:{{ designate_worker_tag }}"
+
+####################
+# OpenStack
+####################
+designate_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
+designate_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}"
+designate_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ designate_api_port }}"
+
+designate_logging_debug: "{{ openstack_logging_debug }}"
+
+designate_keystone_user: "designate"
+
+openstack_designate_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"

ansible/roles/designate/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }

ansible/roles/designate/tasks/bootstrap.yml

@@ -0,0 +1,79 @@
+---
+- name: Creating Designate database
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m mysql_db
+    -a "login_host='{{ database_address }}'
+        login_port='{{ database_port }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ designate_database_name }}'"
+  register: database
+  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
+                    (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+  delegate_to: "{{ groups['designate-central'][0] }}"
+
+- name: Reading json from variable
+  set_fact:
+    database_created: "{{ (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+
+- name: Creating Designate Pool Manager database
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m mysql_db
+    -a "login_host='{{ database_address }}'
+        login_port='{{ database_port }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ designate_pool_manager_database_name }}'"
+  register: database_pool_manager
+  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and
+                    (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+  delegate_to: "{{ groups['designate-central'][0] }}"
+
+- name: Reading json from variable
+  set_fact:
+    database_pool_manager_created: "{{ (database_pool_manager.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+
+- name: Creating Designate database user and setting permissions
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m mysql_user
+    -a "login_host='{{ database_address }}'
+        login_port='{{ database_port }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ designate_database_name }}'
+        password='{{ designate_database_password }}'
+        host='%'
+        priv='{{ designate_database_name }}.*:ALL'
+        append_privs='yes'"
+  register: database_user_create
+  changed_when: "{{ database_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
+                    (database_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database_user_create.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+  delegate_to: "{{ groups['designate-central'][0] }}"
+
+- name: Creating Designate Pool Manager database user and setting permissions
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m mysql_user
+    -a "login_host='{{ database_address }}'
+        login_port='{{ database_port }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ designate_pool_manager_database_name }}'
+        password='{{ designate_pool_manager_database_password }}'
+        host='%'
+        priv='{{ designate_pool_manager_database_name }}.*:ALL'
+        append_privs='yes'"
+  register: database_pool_manager_user_create
+  changed_when: "{{ database_pool_manager_user_create.stdout.find('localhost | SUCCESS => ') != -1 and
+                    (database_pool_manager_user_create.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database_pool_manager_user_create.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+  delegate_to: "{{ groups['designate-central'][0] }}"
+
+- include: bootstrap_service.yml
+  when: database_created

ansible/roles/designate/tasks/bootstrap_service.yml

@@ -0,0 +1,20 @@
+---
+- name: Running Designate bootstrap container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    detach: False
+    environment:
+      KOLLA_BOOTSTRAP:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+    image: "{{ designate_central_image_full }}"
+    labels:
+      BOOTSTRAP:
+    name: "bootstrap_designate"
+    restart_policy: "never"
+    volumes:
+      - "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  run_once: True
+  delegate_to: "{{ groups['designate-central'][0] }}"

ansible/roles/designate/tasks/config.yml

@@ -0,0 +1,96 @@
+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item }}"
+    state: "directory"
+    recurse: yes
+  with_items:
+    - "designate-api"
+    - "designate-central"
+    - "designate-mdns"
+    - "designate-sink"
+    - "designate-backend-bind9"
+    - "designate-worker"
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item }}/config.json"
+  with_items:
+    - "designate-api"
+    - "designate-central"
+    - "designate-mdns"
+    - "designate-sink"
+    - "designate-backend-bind9"
+    - "designate-worker"
+
+- name: Copying over designate.conf
+  merge_configs:
+    vars:
+      service_name: "{{ item }}"
+    sources:
+      - "{{ role_path }}/templates/designate.conf.j2"
+      - "{{ node_custom_config }}/global.conf"
+      - "{{ node_custom_config }}/database.conf"
+      - "{{ node_custom_config }}/messaging.conf"
+      - "{{ node_custom_config }}/designate.conf"
+      - "{{ node_custom_config }}/designate/{{ item }}.conf"
+      - "{{ node_custom_config }}/designate/{{ inventory_hostname }}/designate.conf"
+    dest: "{{ node_config_directory }}/{{ item }}/designate.conf"
+  with_items:
+    - "designate-api"
+    - "designate-central"
+    - "designate-mdns"
+    - "designate-sink"
+    - "designate-worker"
+
+- name: Copying over pools.yaml
+  template:
+    src:  "{{ item }}"
+    dest: "{{ node_config_directory }}/designate-worker/pools.yaml"
+  with_first_found:
+    - "{{ node_custom_config }}/designate/pools.yaml"
+    - "{{ role_path }}/templates/pools.yaml.j2"
+
+- name: Copying over named.conf
+  template:
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/designate-backend-bind9/named.conf"
+  with_first_found:
+    - "{{ node_custom_config }}/designate/designate-backend-bind9/{{ inventory_hostname }}/named.conf"
+    - "{{ node_custom_config }}/designate/designate-backend-bind9/named.conf"
+    - "{{ node_custom_config }}/designate/named.conf"
+    - "{{ role_path }}/templates/named.conf.j2"
+
+- name: Copying over rndc.conf
+  template:
+    src: "rndc.conf.j2"
+    dest: "{{ node_config_directory }}/{{ item }}/rndc.conf"
+  with_items:
+    - "designate-backend-bind9"
+    - "designate-worker"
+
+- name: Copying over rndc.key
+  template:
+    src: "rndc.key.j2"
+    dest: "{{ node_config_directory }}/{{ item }}/rndc.key"
+  with_items:
+    - "designate-backend-bind9"
+    - "designate-worker"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/designate/policy.json"
+  register: designate_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/designate/policy.json"
+    dest: "{{ node_config_directory }}/{{ item }}/policy.json"
+  with_items:
+    - "designate-api"
+    - "designate-central"
+    - "designate-mdns"
+    - "designate-sink"
+    - "designate-worker"
+  when:
+    designate_policy.stat.exists

ansible/roles/designate/tasks/deploy.yml

@@ -0,0 +1,25 @@
+---
+- include: register.yml
+  when: inventory_hostname in groups['designate-api']
+
+- include: config.yml
+  when: inventory_hostname in groups['designate-api'] or
+        inventory_hostname in groups['designate-central'] or
+        inventory_hostname in groups['designate-mdns'] or
+        inventory_hostname in groups['designate-worker'] or
+        inventory_hostname in groups['designate-sink'] or
+        inventory_hostname in groups['designate-backend-bind9']
+
+- include: bootstrap.yml
+  when: inventory_hostname in groups['designate-central']
+
+- include: start.yml
+  when: inventory_hostname in groups['designate-api'] or
+        inventory_hostname in groups['designate-central'] or
+        inventory_hostname in groups['designate-mdns'] or
+        inventory_hostname in groups['designate-worker'] or
+        inventory_hostname in groups['designate-sink'] or
+        inventory_hostname in groups['designate-backend-bind9']
+
+- include: update_pools.yml
+  when: inventory_hostname in groups['designate-worker'][0]

ansible/roles/designate/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include: "{{ action }}.yml"

ansible/roles/designate/tasks/precheck.yml

@@ -0,0 +1,48 @@
+- name: Get container facts
+  kolla_container_facts:
+    name:
+      - "{{ item }}"
+  register: container_facts
+  with_items:
+    - designate_api
+    - designate_backend_bind9
+
+- name: Checking free port for designate API
+  wait_for:
+    host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+    port: "{{ designate_api_port }}"
+    connect_timeout: 1
+    state: stopped
+  when:
+    - container_facts['designate_api'] is not defined
+    - inventory_hostname in groups['designate-api']
+
+- name: Checking free port for designate mdns
+  wait_for:
+    host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+    port: "{{ designate_mdns_port }}"
+    connect_timeout: 1
+    state: stopped
+  when:
+    - container_facts['designate_mdns'] is not defined
+    - inventory_hostname in groups['designate-mdns']
+
+- name: Checking free port for designate backend bind9 port
+  wait_for:
+    host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+    port: "{{ designate_bind_port }}"
+    connect_timeout: 1
+    state: stopped
+  when:
+    - container_facts['designate_backend_bind9'] is not defined
+    - inventory_hostname in groups['designate-backend-bind9']
+
+- name: Checking free port for designate backend rndc port
+  wait_for:
+    host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+    port: "{{ designate_rndc_port }}"
+    connect_timeout: 1
+    state: stopped
+  when:
+    - container_facts['designate_backend_bind9'] is not defined
+    - inventory_hostname in groups['designate-backend-bind9']

ansible/roles/designate/tasks/pull.yml

@@ -0,0 +1,42 @@
+---
+- name: Pulling designate-api image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_api_image_full }}"
+  when: inventory_hostname in groups['designate-api']
+
+- name: Pulling designate-central image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_central_image_full }}"
+  when: inventory_hostname in groups['designate-central']
+
+- name: Pulling designate-mdns image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_mdns_image_full }}"
+  when: inventory_hostname in groups['designate-mdns']
+
+- name: Pulling designate-worker image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_worker_image_full }}"
+  when: inventory_hostname in groups['designate-worker']
+
+- name: Pulling designate-sink image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_sink_image_full }}"
+  when: inventory_hostname in groups['designate-sink']
+
+- name: Pulling designate-backend-bind9 image
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_backend_bind9_image_full }}"
+  when: inventory_hostname in groups['designate-backend-bind9']

ansible/roles/designate/tasks/reconfigure.yml

@@ -0,0 +1,93 @@
+---
+- name: Ensuring the containers up
+  kolla_docker:
+    name: "{{ item.name }}"
+    action: "get_container_state"
+  register: container_state
+  failed_when: container_state.Running == false
+  when:
+    - "{{ item.enabled|default(True) }}"
+    - inventory_hostname in groups[item.group]
+  with_items:
+    - { name: designate_central, group: designate-central }
+    - { name: designate_api, group: designate-api }
+    - { name: designate_mdns, group: designate-mdns }
+    - { name: designate_worker, group: designate-worker }
+    - { name: designate_sink, group: designate-sink }
+    - { name: designate_backend_bind9, group: designate-backend-bind9 }
+
+- include: config.yml
+
+- name: Check the configs
+  command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
+  changed_when: false
+  failed_when: false
+  register: check_results
+  when: inventory_hostname in groups[item.group]
+  with_items:
+    - { name: designate_central, group: designate-central }
+    - { name: designate_api, group: designate-api }
+    - { name: designate_mdns, group: designate-mdns }
+    - { name: designate_worker, group: designate-worker }
+    - { name: designate_sink, group: designate-sink }
+    - { name: designate_backend_bind9, group: designate-backend-bind9 }
+
+# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
+# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
+# just remove the container and start again
+- name: Containers config strategy
+  kolla_docker:
+    name: "{{ item.name }}"
+    action: "get_container_env"
+  register: container_envs
+  when: inventory_hostname in groups[item.group]
+  with_items:
+    - { name: designate_central, group: designate-central }
+    - { name: designate_api, group: designate-api }
+    - { name: designate_mdns, group: designate-mdns }
+    - { name: designate_worker, group: designate-worker }
+    - { name: designate_sink, group: designate-sink }
+    - { name: designate_backend_bind9, group: designate-backend-bind9 }
+
+- name: Remove the containers
+  kolla_docker:
+    name: "{{ item[0]['name'] }}"
+    action: "remove_container"
+  register: remove_containers
+  when:
+    - inventory_hostname in groups[item[0]['group']]
+    - config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
+    - item[2]['rc'] == 1
+  with_together:
+    - [{ name: designate_central, group: designate-central },
+       { name: designate_api, group: designate-api },
+       { name: designate_mdns, group: designate-mdns },
+       { name: designate_worker, group: designate-worker },
+       { name: designate_sink, group: designate-sink },
+       { name: designate_backend_bind9, group: designate-backend-bind9 }]
+    - "{{ container_envs.results }}"
+    - "{{ check_results.results }}"
+
+- include: start.yml
+  when: remove_containers.changed
+
+- name: Restart containers
+  kolla_docker:
+    name: "{{ item[0]['name'] }}"
+    action: "restart_container"
+  when:
+    - inventory_hostname in groups[item[0]['group']]
+    - config_strategy == 'COPY_ALWAYS'
+    - item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
+    - item[2]['rc'] == 1
+  with_together:
+    - [{ name: designate_central, group: designate-central },
+       { name: designate_api, group: designate-api },
+       { name: designate_mdns, group: designate-mdns },
+       { name: designate_worker, group: designate-worker },
+       { name: designate_sink, group: designate-sink },
+       { name: designate_backend_bind9, group: designate-backend-bind9 }]
+    - "{{ container_envs.results }}"
+    - "{{ check_results.results }}"
+
+- include: update_pools.yml

ansible/roles/designate/tasks/register.yml

@@ -0,0 +1,40 @@
+---
+- name: Creating the Designate service and endpoint
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=designate
+        service_type=dns
+        description='Designate DNS Service'
+        endpoint_region={{ openstack_region_name }}
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_designate_auth }}' }}"
+    -e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
+  register: designate_endpoint
+  changed_when: "{{ designate_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (designate_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: designate_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ designate_public_endpoint }}'}
+
+- name: Creating the Designate project, user, and role
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m kolla_keystone_user
+    -a "project=service
+        user=designate
+        password={{ designate_keystone_password }}
+        role=admin
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_designate_auth }}' }}"
+    -e "{'openstack_designate_auth':{{ openstack_designate_auth }}}"
+  register: designate_user
+  changed_when: "{{ designate_user.stdout.find('localhost | SUCCESS => ') != -1 and (designate_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: designate_user.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True

ansible/roles/designate/tasks/start.yml

@@ -0,0 +1,73 @@
+---
+- name: Starting designate-backend-bind9 container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_backend_bind9_image_full }}"
+    name: "designate_backend_bind9"
+    volumes:
+      - "{{ node_config_directory }}/designate-backend-bind9/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+      - "designate_backend_bind9:/var/lib/named/"
+  when: inventory_hostname in groups['designate-backend-bind9']
+
+- name: Starting designate-central container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_central_image_full }}"
+    name: "designate_central"
+    volumes:
+      - "{{ node_config_directory }}/designate-central/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['designate-central']
+
+- name: Starting designate-api container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_api_image_full }}"
+    name: "designate_api"
+    volumes:
+      - "{{ node_config_directory }}/designate-api/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['designate-api']
+
+- name: Starting designate-mdns container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_mdns_image_full }}"
+    name: "designate_mdns"
+    volumes:
+      - "{{ node_config_directory }}/designate-mdns/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['designate-mdns']
+
+- name: Starting designate-worker container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_worker_image_full }}"
+    name: "designate_worker"
+    volumes:
+      - "{{ node_config_directory }}/designate-worker/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['designate-worker']
+
+- name: Starting designate-sink container
+  kolla_docker:
+    action: "start_container"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ designate_sink_image_full }}"
+    name: "designate_sink"
+    volumes:
+      - "{{ node_config_directory }}/designate-sink/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla/"
+  when: inventory_hostname in groups['designate-sink']

ansible/roles/designate/tasks/update_pools.yml

@@ -0,0 +1,4 @@
+---
+- name: Update DNS pools
+  command: docker exec -t designate_worker designate-manage pool update --file /etc/designate/pools.yaml
+  when: inventory_hostname in groups['designate-worker'][0]

ansible/roles/designate/tasks/upgrade.yml

@@ -0,0 +1,8 @@
+---
+- include: config.yml
+
+- include: bootstrap_service.yml
+
+- include: start.yml
+
+- include: update_pools.yml

ansible/roles/designate/templates/designate-api.json.j2

@@ -0,0 +1,25 @@
+{
+    "command": "designate-api --config-file /etc/designate/designate.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/designate.conf",
+            "dest": "/etc/designate/designate.conf",
+            "owner": "designate",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/policy.json",
+            "dest": "/etc/designate/policy.json",
+            "owner": "designate",
+            "perm": "0600",
+            "optional": true
+        }
+    ],
+    "permissions": [
+        {
+            "path": "/var/log/kolla/designate",
+            "owner": "designate:designate",
+            "recurse": true
+        }
+    ]
+}

ansible/roles/designate/templates/designate-backend-bind9.json.j2

@@ -0,0 +1,35 @@
+{% set bind_cmd = 'named' if kolla_base_distro in ['ubuntu', 'debian'] else 'named' %}
+{% set bind_file = 'bind/named.conf' if kolla_base_distro in ['ubuntu', 'debian'] else 'named.conf' %}
+
+{
+    "command": "/usr/sbin/{{ bind_cmd }} -g",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/named.conf",
+            "dest": "/etc/{{ bind_file }}",
+            "owner": "root",
+            "perm": "0660"
+        },
+        {
+            "source": "{{ container_config_directory }}/rndc.conf",
+            "dest": "/etc/rndc.conf",
+            "owner": "root",
+            "perm": "0600",
+            "optional": true
+        },
+        {
+            "source": "{{ container_config_directory }}/rndc.key",
+            "dest": "/etc/rndc.key",
+            "owner": "root",
+            "perm": "0600",
+            "optional": true
+        }
+    ],
+    "permissions": [
+        {
+            "path": "/var/log/kolla/named",
+            "owner": "root:root",
+            "recurse": true
+        }
+    ]
+}

ansible/roles/designate/templates/designate-central.json.j2

@@ -0,0 +1,25 @@
+{
+    "command": "designate-central --config-file /etc/designate/designate.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/designate.conf",
+            "dest": "/etc/designate/designate.conf",
+            "owner": "designate",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/policy.json",
+            "dest": "/etc/designate/policy.json",
+            "owner": "designate",
+            "perm": "0600",
+            "optional": true
+        }
+    ],
+    "permissions": [
+        {
+            "path": "/var/log/kolla/designate",
+            "owner": "designate:designate",
+            "recurse": true
+        }
+    ]
+}

ansible/roles/designate/templates/designate-mdns.json.j2

@@ -0,0 +1,25 @@
+{
+    "command": "designate-mdns --config-file /etc/designate/designate.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/designate.conf",
+            "dest": "/etc/designate/designate.conf",
+            "owner": "designate",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/policy.json",
+            "dest": "/etc/designate/policy.json",
+            "owner": "designate",
+            "perm": "0600",
+            "optional": true
+        }
+    ],
+    "permissions": [
+        {
+            "path": "/var/log/kolla/designate",
+            "owner": "designate:designate",
+            "recurse": true
+        }
+    ]
+}

ansible/roles/designate/templates/designate-sink.json.j2

@@ -0,0 +1,25 @@
+{
+    "command": "designate-sink --config-file /etc/designate/designate.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/designate.conf",
+            "dest": "/etc/designate/designate.conf",
+            "owner": "designate",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/policy.json",
+            "dest": "/etc/designate/policy.json",
+            "owner": "designate",
+            "perm": "0600",
+            "optional": true
+        }
+    ],
+    "permissions": [
+        {
+            "path": "/var/log/kolla/designate",
+            "owner": "designate:designate",
+            "recurse": true
+        }
+    ]
+}

ansible/roles/designate/templates/designate-worker.json.j2

@@ -0,0 +1,46 @@
+{
+    "command": "designate-worker --config-file /etc/designate/designate.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/designate.conf",
+            "dest": "/etc/designate/designate.conf",
+            "owner": "designate",
+            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/policy.json",
+            "dest": "/etc/designate/policy.json",
+            "owner": "designate",
+            "perm": "0600",
+            "optional": true
+        },
+        {
+            "source": "{{ container_config_directory }}/pools.yaml",
+            "dest": "/etc/designate/pools.yaml",
+            "owner": "designate",
+            "perm": "0600",
+            "optional": true
+        },
+        {
+            "source": "{{ container_config_directory }}/rndc.conf",
+            "dest": "/etc/designate/rndc.conf",
+            "owner": "designate",
+            "perm": "0600",
+            "optional": true
+        },
+        {
+            "source": "{{ container_config_directory }}/rndc.key",
+            "dest": "/etc/designate/rndc.key",
+            "owner": "designate",
+            "perm": "0600",
+            "optional": true
+        }
+    ],
+    "permissions": [
+        {
+            "path": "/var/log/kolla/designate",
+            "owner": "designate:designate",
+            "recurse": true
+        }
+    ]
+}

ansible/roles/designate/templates/designate.conf.j2

@@ -0,0 +1,88 @@
+[DEFAULT]
+
+debug = {{ designate_logging_debug }}
+
+log_dir = /var/log/kolla/designate
+
+transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[service:central]
+default_pool_id = {{ designate_pool_id }}
+
+[service:api]
+api_base_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}
+api_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+api_port = {{ designate_api_port }}
+enable_api_v1 = True
+enabled_extensions_v1 = 'diagnostics, quotas, reports, sync, touch'
+enable_api_v2 = True
+enabled_extensions_v2 = 'quotas, reports'
+
+
+[keystone_authtoken]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ designate_keystone_user }}
+password = {{ designate_keystone_password }}
+http_connect_timeout = 60
+
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[service:sink]
+enabled_notification_handlers = nova_fixed, neutron_floatingip
+workers = {{ openstack_service_workers }}
+
+[service:mdns]
+listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ designate_mdns_port }}
+workers = {{ openstack_service_workers }}
+
+[service:worker]
+enabled = True
+notify = True
+workers = {{ openstack_service_workers }}
+
+[service:pool_manager]
+cache_driver = sqlalchemy
+pool_id = {{ designate_pool_id }}
+workers = {{ openstack_service_workers }}
+
+[pool_manager_cache:sqlalchemy]
+connection = mysql+pymysql://{{ designate_pool_manager_database_user }}:{{ designate_pool_manager_database_password }}@{{ designate_pool_manager_database_address }}/{{ designate_pool_manager_database_name }}
+max_retries = 10
+idle_timeout = 3600
+
+[pool_manager_cache:memcache]
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[storage:sqlalchemy]
+connection = mysql+pymysql://{{ designate_database_user }}:{{ designate_database_password }}@{{ designate_database_address }}/{{ designate_database_name }}
+max_retries = 10
+idle_timeout = 3600
+
+[handler:nova_fixed]
+notification_topics = notifications_designate
+control_exchange = nova
+format = '(display_name)s.%(domain)s'
+
+[handler:neutron_floatingip]
+notification_topics = notifications_designate
+control_exchange = neutron
+format = '%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s'
+
+[oslo_messaging_notifications]
+topics = notifications_designate
+driver = messaging
+
+[oslo_messaging_rabbit]
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_hosts = {% for host in groups['rabbitmq'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[oslo_concurrency]
+lock_path = /var/lib/designate/tmp

ansible/roles/designate/templates/named.conf.j2

@@ -0,0 +1,15 @@
+include "/etc/rndc.key";
+options {
+        listen-on port {{ designate_bind_port }} { {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }}; };
+        directory       "/var/lib/named";
+        allow-new-zones yes;
+        dnssec-validation auto;
+        auth-nxdomain no;
+        request-ixfr no;
+        recursion no;
+        minimal-responses yes;
+};
+
+controls {
+        inet {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }} port {{ designate_rndc_port }} allow { {% for host in groups['designate-worker'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}; {% endfor %} } keys { "rndc-key"; };
+};

ansible/roles/designate/templates/pools.yaml.j2

@@ -0,0 +1,28 @@
+- name: default-bind
+  id: {{ designate_pool_id }}
+  description: Default BIND9 Pool
+  attributes: {}
+  ns_records:
+    - hostname: {{ designate_ns_record }}.
+      priority: 1
+  nameservers:
+{% for host in groups['designate-backend-bind9'] %}
+    - host: {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}
+      port: {{ designate_bind_port }}
+{% endfor %}
+  targets:
+{% for bind_host in groups['designate-backend-bind9'] %}
+    - type: bind9
+      description: BIND9 Server {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
+      masters:
+{% for mdns_host in groups['designate-mdns'] %}
+        - host: {{ hostvars[mdns_host]['ansible_' + hostvars[mdns_host]['api_interface']]['ipv4']['address'] }}
+          port: 5354
+{% endfor %}
+      options:
+        host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
+        port: {{ designate_bind_port }}
+        rndc_host: {{ hostvars[bind_host]['ansible_' + hostvars[bind_host]['api_interface']]['ipv4']['address'] }}
+        rndc_port: {{ designate_rndc_port }}
+        rndc_key_file: /etc/designate/rndc.key
+{% endfor %}

ansible/roles/designate/templates/rndc.conf.j2

@@ -0,0 +1,6 @@
+#include "/etc/rndc.key";
+options {
+        default-key "rndc-key";
+        default-server {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }};
+        default-port {{ designate_rndc_port }};
+};

ansible/roles/designate/templates/rndc.key.j2

@@ -0,0 +1,4 @@
+key "rndc-key" {
+        algorithm hmac-md5;
+        secret "{{ designate_rndc_key }}";
+};

ansible/roles/haproxy/tasks/precheck.yml

@@ -36,6 +36,17 @@
     - "{{ 'cloudkitty_api' not in haproxy_stat }}"
     - inventory_hostname in groups['haproxy']
 
+- name: Checking free port for Designate API HAProxy
+  wait_for:
+    host: "{{ kolla_internal_vip_address }}"
+    port: "{{ designate_api_port }}"
+    connect_timeout: 1
+    state: stopped
+  when:
+    - enable_designate | bool
+    - inventory_hostname in groups['haproxy']
+    - "{{ 'designate_api' not in haproxy_stat }}"
+
 - name: Checking free port for Glance API HAProxy
   wait_for:
     host: "{{ kolla_internal_vip_address }}"
@@ -123,4 +134,3 @@
     - enable_watcher | bool
     - "{{ 'watcher_api' not in haproxy_stat }}"
     - inventory_hostname in groups['haproxy']
-

ansible/roles/haproxy/templates/haproxy.cfg.j2

@@ -650,6 +650,22 @@ listen congress_api_external
 {% endif %}
 {% endif %}
 
+{% if enable_designate | bool %}
+listen designate_api
+  bind {{ kolla_internal_vip_address }}:{{ designate_api_port }}
+{% for host in groups['designate-api'] %}
+  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% if haproxy_enable_external_vip | bool %}
+
+listen designate_api_external
+  bind {{ kolla_external_vip_address }}:{{ designate_api_port }} {{ tls_bind_info }}
+{% for host in groups['designate-api'] %}
+  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ designate_api_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+{% endif %}
+{% endif %}
+
 {% if enable_mistral | bool %}
 listen mistral_api
   bind {{ kolla_internal_vip_address }}:{{ mistral_api_port }}

ansible/roles/neutron/templates/neutron.conf.j2

@@ -91,9 +91,10 @@ memcached_servers = {% for host in groups['memcached'] %}{% if orchestration_eng
 {% endif %}
 
 [oslo_messaging_notifications]
-{% if enable_ceilometer | bool or enable_searchlight | bool %}
+{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
 driver = messagingv2
-topics = notifications
+{% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %}
+topics = {{ topics|reject("equalto", "")|list|join(",") }}
 {% else %}
 driver = noop
 {% endif %}

ansible/roles/nova/templates/nova.conf.j2

@@ -50,7 +50,7 @@ compute_driver = libvirt.LibvirtDriver
 # Though my_ip is not used directly, lots of other variables use $my_ip
 my_ip = {{ api_interface_address }}
 
-{% if enable_ceilometer | bool or enable_searchlight | bool %}
+{% if enable_ceilometer | bool or enable_searchlight | bool or enable_designate | bool %}
 instance_usage_audit = True
 instance_usage_audit_period = hour
 notify_on_state_change = vm_and_task_state
@@ -185,9 +185,10 @@ rbd_secret_uuid = {{ rbd_secret_uuid }}
 compute = auto
 
 [oslo_messaging_notifications]
-{% if enable_ceilometer | bool or enable_searchlight | bool %}
+{% if enable_ceilometer | bool or enable_searchlight | bool  or enable_designate | bool %}
 driver = messagingv2
-topics = notifications
+{% set topics=["notifications" if enable_ceilometer | bool else "", "notifications_designate" if enable_designate | bool else ""] %}
+topics = {{ topics|reject("equalto", "")|list|join(",") }}
 {% else %}
 driver = noop
 {% endif %}

ansible/site.yml

@@ -401,6 +401,19 @@
         tags: tempest,
         when: enable_tempest | bool }
 
+- name: Apply role designate
+  hosts:
+    - designate-api
+    - designate-central
+    - designate-mdns
+    - designate-worker
+    - designate-sink
+  serial: '{{ serial|default("0") }}'
+  roles:
+    - { role: designate,
+        tags: designate,
+        when: enable_designate | bool }
+
 - name: Apply role rally
   hosts: rally
   serial: '{{ serial|default("0") }}'

etc/kolla/globals.yml

@@ -129,6 +129,7 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_cinder_backend_nfs: "no"
 #enable_cloudkitty: "no"
 #enable_congress: "no"
+#enable_designate: "no"
 #enable_destroy_images: "no"
 #enable_etcd: "no"
 #enable_gnocchi: "no"
@@ -228,6 +229,12 @@ kolla_internal_vip_address: "10.10.10.254"
 #cinder_backup_mount_options_nfs: ""
 
 
+#######################
+# Designate options
+#######################
+designate_ns_record: "sample.openstack.org"
+
+
 #########################
 # Nova - Compute Options
 #########################

etc/kolla/passwords.yml

@@ -58,6 +58,14 @@ cloudkitty_keystone_password:
 sahara_database_password:
 sahara_keystone_password:
 
+designate_database_password:
+designate_pool_manager_database_password:
+designate_keystone_password:
+# This option must be UUID4 value in string format
+designate_pool_id:
+# This option must be HMAC-MD5 value in string format
+designate_rndc_key:
+
 swift_keystone_password:
 swift_hash_path_suffix:
 swift_hash_path_prefix:

kolla/cmd/genpwd.py

@@ -13,12 +13,14 @@
 # limitations under the License.
 
 import argparse
+import hmac
 import os
 import random
 import string
 import sys
 
 from Crypto.PublicKey import RSA
+from hashlib import md5
 from oslo_utils import uuidutils
 import yaml
 
@@ -51,7 +53,7 @@ def main():
     # These keys should be random uuids
     uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid',
                  'gnocchi_project_id', 'gnocchi_resource_id',
-                 'gnocchi_user_id']
+                 'gnocchi_user_id', 'designate_pool_id']
 
     # SSH key pair
     ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
@@ -60,6 +62,9 @@ def main():
     # If these keys are None, leave them as None
     blank_keys = ['docker_registry_password']
 
+    # HMAC-MD5 keys
+    hmac_md5_keys = ['designate_rndc_key']
+
     # length of password
     length = 40
 
@@ -82,6 +87,10 @@ def main():
                 continue
             if k in uuid_keys:
                 passwords[k] = uuidutils.generate_uuid()
+            elif k in hmac_md5_keys:
+                passwords[k] = (hmac.new(
+                    uuidutils.generate_uuid(), '', md5)
+                    .digest().encode('base64')[:-1])
             else:
                 passwords[k] = ''.join([
                     random.SystemRandom().choice(

releasenotes/notes/ansible-designate-948c56a8e14d5029.yaml

@@ -0,0 +1,6 @@
+---
+prelude: >
+    Designate is an OpenStack project, providing DNSaaS.
+features:
+  - Designate deployment through Ansible with Bind9
+    as backend for DNS.