This page covers common configuration steps for OpenStack Designate deployments.
| File | Purpose | Location |
|---|---|---|
designate.conf |
Main configuration | /etc/designate/designate.conf |
policy.yaml |
RBAC policies | /etc/designate/policy.yaml |
api-paste.ini |
API middleware config | /etc/designate/api-paste.ini |
pools.yaml |
Backend DNS pools | /etc/designate/pools.yaml |
[storage:sqlalchemy]
connection = mysql+pymysql://designate:PASSWORD@controller/designate
max_pool_size = 10
max_overflow = 20
pool_timeout = 10
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASSWORD@controller:5672/
[oslo_messaging_rabbit]
rabbit_retry_interval = 1
rabbit_retry_backoff = 2
rabbit_max_retries = 0
rabbit_heartbeat_timeout_threshold = 60
rabbit_heartbeat_rate = 10
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = designate
password = DESIGNATE_KEY_PASSWORD
[service:api]
listen = 0.0.0.0:9001
api_base_uri = http://controller:9001/
enable_ssl_api = True
ssl_cert_file = /etc/designate/ssl/designate.crt
ssl_key_file = /etc/designate/ssl/designate.key
[DEFAULT]
log_dir = /var/log/designate
log_file = designate.log
debug = False
verbose = False
[loggers]
keys = root, designate
[handlers]
keys = console, file
[formatters]
keys = default, audit
- name: bind9_pool
description: BIND9 Backend Pool
nsd_type: bind9
masters:
- host: 10.0.0.10
port: 53
targets:
- type: bind9_rsabac128
host: 10.0.0.20
port: 53
key_file: /etc/designate/tsig/bind9.key
key_algorithm: hmac-rsa-sha256
- name: pdns_pool
description: PowerDNS Backend Pool
nsd_type: pdns4
masters:
- host: 10.0.0.10
port: 53
targets:
- type: pdns4
host: 10.0.0.20
port: 8081
api_endpoint: http://10.0.0.20:8081
api_key: PDNS_API_KEY
# Default pool
- name: default
description: Default Pool
nsd_type: bind9
masters:
- host: 10.0.0.10
port: 53
targets:
- type: bind9_rsabac128
host: 10.0.0.20
port: 53
# Secondary pool for specific zones
- name: pdns_pool
description: PowerDNS Pool
nsd_type: pdns4
masters:
- host: 10.0.0.30
port: 53
targets:
- type: pdns4
host: 10.0.0.40
port: 8081
Edit /etc/designate/policy.yaml:
# Zone management
"create_zone": "role:admin or role:dns_admin"
"update_zone": "role:admin or role:dns_admin or project:%(project_id)s"
"delete_zone": "role:admin or role:dns_admin"
"view_zone": "role:admin or role:dns_admin or project:%(project_id)s"
# Recordset management
"create_recordset": "role:admin or role:dns_admin or project:%(project_id)s"
"update_recordset": "role:admin or role:dns_admin or project:%(project_id)s"
"delete_recordset": "role:admin or role:dns_admin or project:%(project_id)s"
# Zone transfers
"create_zone_transfer": "role:admin or role:dns_admin"
"accept_zone_transfer": "role:admin or role:dns_admin"
# Quotas
"get_quota": "role:admin or role:dns_admin or project:%(project_id)s"
"set_quota": "role:admin"
[service:sink]
enabled = True
allowed_notification_events =
compute.instance.create.end
compute.instance.delete.end
compute.instance.resize.end
network.floating_ip.create.end
network.floating_ip.delete.end
[handler:nova]
format = %(hostname)s.%(zone)s
[quotas]
# Zones per project
zones = 100
# Recordsets per zone
recordset_records = 100
# Records per zone
records = 1000
# Zone transfers per project
zone_transfer_requests = 10
Restart services after configuration changes:
# Debian/Ubuntu
sudo systemctl restart designate-api designate-central designate-worker \
designate-producer designate-mdns designate-sink
# RHEL/Rocky/AlmaLinux
sudo systemctl restart designate-api designate-central designate-worker \
designate-producer designate-mdns designate-sink
sudo designate-manage config list
openstack zone create --email admin@example.com example.com.
openstack zone list
openstack recordset create --record '192.168.1.1' example.com. test A
# Check zone status
openstack zone show example.com.
# Check recordsets
openstack recordset list example.com.
curl http://localhost:9001/v2/ping
systemctl status designate-api
systemctl status designate-central
journalctl -u designate-api -f
| Issue | Solution |
|---|---|
| API returns 401 | Verify Keystone credentials in designate.conf |
| Zones not syncing | Check pools.yaml and backend connectivity |
| Database errors | Verify connection string and database user permissions |
| RabbitMQ connection failed | Check transport_url and RabbitMQ service status |
OpenStack Designate is complex enterprise software requiring deep OpenStack expertise. We provide specialized consulting for Designate configurations, multi-tenant DNS setups, backend integrations (BIND, PowerDNS, Infoblox), and production hardening. Contact office@linux-server-admin.com or visit our contact page.