diff --git a/docker/centos/binary/designate/designate-api/Dockerfile b/docker/centos/binary/designate/designate-api/Dockerfile
index b68da474fd..926d88e9af 100644
--- a/docker/centos/binary/designate/designate-api/Dockerfile
+++ b/docker/centos/binary/designate/designate-api/Dockerfile
@@ -6,5 +6,6 @@ RUN yum install -y \
     && yum clean all
 
 COPY start.sh /start.sh
+COPY config-internal.sh config-external.sh /opt/kolla/
 
 CMD ["/start.sh"]
diff --git a/docker/centos/binary/designate/designate-api/config-external.sh b/docker/centos/binary/designate/designate-api/config-external.sh
new file mode 120000
index 0000000000..da641a6006
--- /dev/null
+++ b/docker/centos/binary/designate/designate-api/config-external.sh
@@ -0,0 +1 @@
+../../../../common/designate/designate-api/config-external.sh
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-api/config-internal.sh b/docker/centos/binary/designate/designate-api/config-internal.sh
new file mode 120000
index 0000000000..438a6fd752
--- /dev/null
+++ b/docker/centos/binary/designate/designate-api/config-internal.sh
@@ -0,0 +1 @@
+../../../../common/designate/designate-api/config-internal.sh
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-backend-bind9/Dockerfile b/docker/centos/binary/designate/designate-backend-bind9/Dockerfile
index 7f57786c4b..0c9baca2a4 100644
--- a/docker/centos/binary/designate/designate-backend-bind9/Dockerfile
+++ b/docker/centos/binary/designate/designate-backend-bind9/Dockerfile
@@ -6,5 +6,6 @@ RUN yum install -y bind \
     && cp -pr /var/named /opt/kolla/var-named
 
 COPY start.sh /start.sh
+COPY config-internal.sh config-external.sh /opt/kolla/
 
 CMD ["/start.sh"]
diff --git a/docker/centos/binary/designate/designate-backend-bind9/config-external.sh b/docker/centos/binary/designate/designate-backend-bind9/config-external.sh
new file mode 120000
index 0000000000..98eabc775e
--- /dev/null
+++ b/docker/centos/binary/designate/designate-backend-bind9/config-external.sh
@@ -0,0 +1 @@
+../../../../common/designate/designate-backend-bind9/config-external.sh
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-backend-bind9/config-internal.sh b/docker/centos/binary/designate/designate-backend-bind9/config-internal.sh
new file mode 120000
index 0000000000..7d7c0d0e4d
--- /dev/null
+++ b/docker/centos/binary/designate/designate-backend-bind9/config-internal.sh
@@ -0,0 +1 @@
+../../../../common/designate/designate-backend-bind9/config-internal.sh
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-central/Dockerfile b/docker/centos/binary/designate/designate-central/Dockerfile
index 59e0a0e324..4b7cca5006 100644
--- a/docker/centos/binary/designate/designate-central/Dockerfile
+++ b/docker/centos/binary/designate/designate-central/Dockerfile
@@ -6,5 +6,6 @@ RUN yum install -y \
     && yum clean all
 
 COPY start.sh /start.sh
+COPY config-internal.sh config-external.sh /opt/kolla/
 
 CMD ["/start.sh"]
diff --git a/docker/centos/binary/designate/designate-central/config-external.sh b/docker/centos/binary/designate/designate-central/config-external.sh
new file mode 120000
index 0000000000..abe5bcd395
--- /dev/null
+++ b/docker/centos/binary/designate/designate-central/config-external.sh
@@ -0,0 +1 @@
+../../../../common/designate/designate-central/config-external.sh
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-central/config-internal.sh b/docker/centos/binary/designate/designate-central/config-internal.sh
new file mode 120000
index 0000000000..94fcafd40c
--- /dev/null
+++ b/docker/centos/binary/designate/designate-central/config-internal.sh
@@ -0,0 +1 @@
+../../../../common/designate/designate-central/config-internal.sh
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-mdns/Dockerfile b/docker/centos/binary/designate/designate-mdns/Dockerfile
index 87f4fdfc81..3aa77d14f3 100644
--- a/docker/centos/binary/designate/designate-mdns/Dockerfile
+++ b/docker/centos/binary/designate/designate-mdns/Dockerfile
@@ -5,5 +5,6 @@ RUN yum install -y openstack-designate-mdns \
     && yum clean all
 
 COPY start.sh /start.sh
+COPY config-internal.sh config-external.sh /opt/kolla/
 
 CMD ["/start.sh"]
diff --git a/docker/centos/binary/designate/designate-mdns/config-external.sh b/docker/centos/binary/designate/designate-mdns/config-external.sh
new file mode 120000
index 0000000000..e450238fcc
--- /dev/null
+++ b/docker/centos/binary/designate/designate-mdns/config-external.sh
@@ -0,0 +1 @@
+../../../../common/designate/designate-mdns/config-external.sh
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-mdns/config-internal.sh b/docker/centos/binary/designate/designate-mdns/config-internal.sh
new file mode 120000
index 0000000000..c838250c92
--- /dev/null
+++ b/docker/centos/binary/designate/designate-mdns/config-internal.sh
@@ -0,0 +1 @@
+../../../../common/designate/designate-mdns/config-internal.sh
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-poolmanager/Dockerfile b/docker/centos/binary/designate/designate-poolmanager/Dockerfile
index 25581d3db8..a69a3acac9 100644
--- a/docker/centos/binary/designate/designate-poolmanager/Dockerfile
+++ b/docker/centos/binary/designate/designate-poolmanager/Dockerfile
@@ -8,5 +8,6 @@ RUN yum install -y \
     && yum clean all
 
 COPY start.sh /start.sh
+COPY config-internal.sh config-external.sh /opt/kolla/
 
 CMD ["/start.sh"]
diff --git a/docker/centos/binary/designate/designate-poolmanager/config-external.sh b/docker/centos/binary/designate/designate-poolmanager/config-external.sh
new file mode 120000
index 0000000000..461acb12ac
--- /dev/null
+++ b/docker/centos/binary/designate/designate-poolmanager/config-external.sh
@@ -0,0 +1 @@
+../../../../common/designate/designate-poolmanager/config-external.sh
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-poolmanager/config-internal.sh b/docker/centos/binary/designate/designate-poolmanager/config-internal.sh
new file mode 120000
index 0000000000..6b43b0dddd
--- /dev/null
+++ b/docker/centos/binary/designate/designate-poolmanager/config-internal.sh
@@ -0,0 +1 @@
+../../../../common/designate/designate-poolmanager/config-internal.sh
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-sink/Dockerfile b/docker/centos/binary/designate/designate-sink/Dockerfile
index 5c7f58fb99..dffb6384a1 100644
--- a/docker/centos/binary/designate/designate-sink/Dockerfile
+++ b/docker/centos/binary/designate/designate-sink/Dockerfile
@@ -7,5 +7,6 @@ RUN yum install -y \
     && yum clean all
 
 COPY start.sh /start.sh
+COPY config-internal.sh config-external.sh /opt/kolla/
 
 CMD ["/start.sh"]
diff --git a/docker/centos/binary/designate/designate-sink/config-external.sh b/docker/centos/binary/designate/designate-sink/config-external.sh
new file mode 120000
index 0000000000..edc94e6e43
--- /dev/null
+++ b/docker/centos/binary/designate/designate-sink/config-external.sh
@@ -0,0 +1 @@
+../../../../common/designate/designate-sink/config-external.sh
\ No newline at end of file
diff --git a/docker/centos/binary/designate/designate-sink/config-internal.sh b/docker/centos/binary/designate/designate-sink/config-internal.sh
new file mode 120000
index 0000000000..713fc1b22c
--- /dev/null
+++ b/docker/centos/binary/designate/designate-sink/config-internal.sh
@@ -0,0 +1 @@
+../../../../common/designate/designate-sink/config-internal.sh
\ No newline at end of file
diff --git a/docker/common/designate/designate-api/config-external.sh b/docker/common/designate/designate-api/config-external.sh
new file mode 100644
index 0000000000..ce302ea0c5
--- /dev/null
+++ b/docker/common/designate/designate-api/config-external.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+SOURCE="/opt/kolla/designate/designate.conf"
+TARGET="/etc/designate/designate.conf"
+OWNER="designate"
+
+if [[ -f "$SOURCE" ]]; then
+    cp $SOURCE $TARGET
+    chown ${OWNER}: $TARGET
+    chmod 0644 $TARGET
+fi
diff --git a/docker/common/designate/designate-api/config-internal.sh b/docker/common/designate/designate-api/config-internal.sh
new file mode 100644
index 0000000000..aae50ea8f1
--- /dev/null
+++ b/docker/common/designate/designate-api/config-internal.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+set -e
+
+. /opt/kolla/kolla-common.sh
+. /opt/kolla/config-designate.sh
+
+CONF=/etc/designate/designate.conf
+
+check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_ADMIN_SERVICE_HOST \
+                    DESIGNATE_KEYSTONE_USER DESIGNATE_KEYSTONE_PASSWORD \
+                    KEYSTONE_AUTH_PROTOCOL ADMIN_TENANT_NAME \
+                    DESIGNATE_API_SERVICE_HOST DESIGNATE_API_SERVICE_PORT \
+                    KEYSTONE_ADMIN_SERVICE_PORT
+
+export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
+export SERVICE_ENDPOINT="${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v2.0"
+
+fail_unless_os_service_running keystone
+
+crux user-create \
+    -n ${DESIGNATE_KEYSTONE_USER} \
+    -p ${DESIGNATE_KEYSTONE_PASSWORD} \
+    -t ${ADMIN_TENANT_NAME} \
+    -r admin
+
+crux endpoint-create \
+    --remove-all \
+    -n ${DESIGNATE_KEYSTONE_USER} \
+    -t dns \
+    -I "${KEYSTONE_AUTH_PROTOCOL}://${DESIGNATE_API_SERVICE_HOST}:${DESIGNATE_API_SERVICE_PORT}/v1" \
+    -P "${KEYSTONE_AUTH_PROTOCOL}://${DESIGNATE_API_SERVICE_HOST}:${DESIGNATE_API_SERVICE_PORT}/v1" \
+    -A "${KEYSTONE_AUTH_PROTOCOL}://${DESIGNATE_API_SERVICE_HOST}:${DESIGNATE_API_SERVICE_PORT}/v1"
+
+crudini --set $CONF service:api api_paste_config "/usr/share/designate/api-paste.ini"
+crudini --set $CONF service:api api_port "${DESIGNATE_API_SERVICE_PORT}"
+
+exec /usr/bin/designate-api
diff --git a/docker/common/designate/designate-api/start.sh b/docker/common/designate/designate-api/start.sh
index aae50ea8f1..90d17bb530 100755
--- a/docker/common/designate/designate-api/start.sh
+++ b/docker/common/designate/designate-api/start.sh
@@ -1,37 +1,20 @@
 #!/bin/bash
-set -e
 
-. /opt/kolla/kolla-common.sh
-. /opt/kolla/config-designate.sh
+set -o errexit
+CMD="/usr/bin/designate-api"
+ARGS=""
 
-CONF=/etc/designate/designate.conf
+# Loading common functions.
+source /opt/kolla/kolla-common.sh
 
-check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_ADMIN_SERVICE_HOST \
-                    DESIGNATE_KEYSTONE_USER DESIGNATE_KEYSTONE_PASSWORD \
-                    KEYSTONE_AUTH_PROTOCOL ADMIN_TENANT_NAME \
-                    DESIGNATE_API_SERVICE_HOST DESIGNATE_API_SERVICE_PORT \
-                    KEYSTONE_ADMIN_SERVICE_PORT
+# Config-internal script exec out of this function, it does not return here.
+set_configs
 
-export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
-export SERVICE_ENDPOINT="${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v2.0"
+# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
+# of the KOLLA_BOOTSTRAP variable being set, including empty.
+if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
+    su -s /bin/sh -c "designate-manage db_sync" designate
+    exit 0
+fi
 
-fail_unless_os_service_running keystone
-
-crux user-create \
-    -n ${DESIGNATE_KEYSTONE_USER} \
-    -p ${DESIGNATE_KEYSTONE_PASSWORD} \
-    -t ${ADMIN_TENANT_NAME} \
-    -r admin
-
-crux endpoint-create \
-    --remove-all \
-    -n ${DESIGNATE_KEYSTONE_USER} \
-    -t dns \
-    -I "${KEYSTONE_AUTH_PROTOCOL}://${DESIGNATE_API_SERVICE_HOST}:${DESIGNATE_API_SERVICE_PORT}/v1" \
-    -P "${KEYSTONE_AUTH_PROTOCOL}://${DESIGNATE_API_SERVICE_HOST}:${DESIGNATE_API_SERVICE_PORT}/v1" \
-    -A "${KEYSTONE_AUTH_PROTOCOL}://${DESIGNATE_API_SERVICE_HOST}:${DESIGNATE_API_SERVICE_PORT}/v1"
-
-crudini --set $CONF service:api api_paste_config "/usr/share/designate/api-paste.ini"
-crudini --set $CONF service:api api_port "${DESIGNATE_API_SERVICE_PORT}"
-
-exec /usr/bin/designate-api
+exec $CMD $ARGS
diff --git a/docker/common/designate/designate-backend-bind9/config-external.sh b/docker/common/designate/designate-backend-bind9/config-external.sh
new file mode 100644
index 0000000000..ce302ea0c5
--- /dev/null
+++ b/docker/common/designate/designate-backend-bind9/config-external.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+SOURCE="/opt/kolla/designate/designate.conf"
+TARGET="/etc/designate/designate.conf"
+OWNER="designate"
+
+if [[ -f "$SOURCE" ]]; then
+    cp $SOURCE $TARGET
+    chown ${OWNER}: $TARGET
+    chmod 0644 $TARGET
+fi
diff --git a/docker/common/designate/designate-backend-bind9/config-internal.sh b/docker/common/designate/designate-backend-bind9/config-internal.sh
new file mode 100644
index 0000000000..90d2de676b
--- /dev/null
+++ b/docker/common/designate/designate-backend-bind9/config-internal.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+set -e
+
+. /opt/kolla/kolla-common.sh
+
+check_required_vars DESIGNATE_MASTERNS DESIGNATE_SLAVENS DESIGNATE_BIND9_RNDC_KEY \
+                    DESIGNATE_ALLOW_RECURSION
+
+NAMEDCFG=/etc/named.conf
+
+# /var/named is coming from a VOLUME definition but at first boot it needs to
+# be populated from the original container since else it would be missing some
+# Bind9 core files. These files have been saved during the build phase.
+
+if [ ! -f /var/named/named.ca ]; then
+    cp -pr /opt/kolla/var-named/* /var/named/
+fi
+
+# When rndc adds a new domain, bind adds the call in an nzf file in this
+# directory.
+chmod 770 /var/named
+chown root:named /var/named
+
+# Default Bind9 behavior is to enable recursion, disable if wanted.
+if [ "${DESIGNATE_ALLOW_RECURSION}" == "false" ]; then
+    sed -i -r "s/(recursion) yes/\1 no/" $NAMEDCFG
+fi
+
+sed -i -r "/listen-on port 53/d" $NAMEDCFG
+sed -i -r "/listen-on-v6/d" $NAMEDCFG
+sed -i -r "s,/\* Path to ISC DLV key \*/,allow-new-zones yes;," $NAMEDCFG
+sed -i -r "/allow-query .+;/d" $NAMEDCFG
+
+if ! grep -q rndc-key /etc/named.conf; then
+    cat >> /etc/named.conf <<EOF
+include "/etc/rndc.key";
+controls {
+    inet ${DESIGNATE_SLAVENS} allow { ${DESIGNATE_MASTERNS}; } keys { "rndc-key"; };
+};
+EOF
+fi
+
+cat > /etc/rndc.key <<EOF
+key "rndc-key" {
+    algorithm hmac-md5;
+    secret "${DESIGNATE_BIND9_RNDC_KEY}";
+};
+EOF
+cat > /etc/rndc.conf <<EOF
+options {
+    default-key "rndc-key";
+    default-server 127.0.0.1;
+    default-port 953;
+};
+EOF
+cat /etc/rndc.key >> /etc/rndc.conf
+chown named /etc/rndc.key
+
+# Launch and keep in the foreground.
+exec /usr/sbin/named -u named -g
diff --git a/docker/common/designate/designate-backend-bind9/start.sh b/docker/common/designate/designate-backend-bind9/start.sh
index 90d2de676b..180cb4f25e 100755
--- a/docker/common/designate/designate-backend-bind9/start.sh
+++ b/docker/common/designate/designate-backend-bind9/start.sh
@@ -1,60 +1,13 @@
 #!/bin/bash
-set -e
 
-. /opt/kolla/kolla-common.sh
+set -o errexit
+CMD="/usr/sbin/named"
+ARGS="-u named -g"
 
-check_required_vars DESIGNATE_MASTERNS DESIGNATE_SLAVENS DESIGNATE_BIND9_RNDC_KEY \
-                    DESIGNATE_ALLOW_RECURSION
+# Loading common functions.
+source /opt/kolla/kolla-common.sh
 
-NAMEDCFG=/etc/named.conf
+# Config-internal script exec out of this function, it does not return here.
+set_configs
 
-# /var/named is coming from a VOLUME definition but at first boot it needs to
-# be populated from the original container since else it would be missing some
-# Bind9 core files. These files have been saved during the build phase.
-
-if [ ! -f /var/named/named.ca ]; then
-    cp -pr /opt/kolla/var-named/* /var/named/
-fi
-
-# When rndc adds a new domain, bind adds the call in an nzf file in this
-# directory.
-chmod 770 /var/named
-chown root:named /var/named
-
-# Default Bind9 behavior is to enable recursion, disable if wanted.
-if [ "${DESIGNATE_ALLOW_RECURSION}" == "false" ]; then
-    sed -i -r "s/(recursion) yes/\1 no/" $NAMEDCFG
-fi
-
-sed -i -r "/listen-on port 53/d" $NAMEDCFG
-sed -i -r "/listen-on-v6/d" $NAMEDCFG
-sed -i -r "s,/\* Path to ISC DLV key \*/,allow-new-zones yes;," $NAMEDCFG
-sed -i -r "/allow-query .+;/d" $NAMEDCFG
-
-if ! grep -q rndc-key /etc/named.conf; then
-    cat >> /etc/named.conf <<EOF
-include "/etc/rndc.key";
-controls {
-    inet ${DESIGNATE_SLAVENS} allow { ${DESIGNATE_MASTERNS}; } keys { "rndc-key"; };
-};
-EOF
-fi
-
-cat > /etc/rndc.key <<EOF
-key "rndc-key" {
-    algorithm hmac-md5;
-    secret "${DESIGNATE_BIND9_RNDC_KEY}";
-};
-EOF
-cat > /etc/rndc.conf <<EOF
-options {
-    default-key "rndc-key";
-    default-server 127.0.0.1;
-    default-port 953;
-};
-EOF
-cat /etc/rndc.key >> /etc/rndc.conf
-chown named /etc/rndc.key
-
-# Launch and keep in the foreground.
-exec /usr/sbin/named -u named -g
+exec $CMD $ARGS
diff --git a/docker/common/designate/designate-central/config-external.sh b/docker/common/designate/designate-central/config-external.sh
new file mode 100644
index 0000000000..ce302ea0c5
--- /dev/null
+++ b/docker/common/designate/designate-central/config-external.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+SOURCE="/opt/kolla/designate/designate.conf"
+TARGET="/etc/designate/designate.conf"
+OWNER="designate"
+
+if [[ -f "$SOURCE" ]]; then
+    cp $SOURCE $TARGET
+    chown ${OWNER}: $TARGET
+    chmod 0644 $TARGET
+fi
diff --git a/docker/common/designate/designate-central/config-internal.sh b/docker/common/designate/designate-central/config-internal.sh
new file mode 100644
index 0000000000..44cf89130b
--- /dev/null
+++ b/docker/common/designate/designate-central/config-internal.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+set -e
+
+. /opt/kolla/kolla-common.sh
+. /opt/kolla/config-designate.sh
+
+check_required_vars MARIADB_SERVICE_HOST DB_ROOT_PASSWORD DESIGNATE_DB_NAME \
+                    DESIGNATE_DB_USER DESIGNATE_DB_PASSWORD INIT_DESIGNATE_DB
+
+fail_unless_db
+
+CONF=/etc/designate/designate.conf
+
+if [ "${INIT_DESIGNATE_DB}" == "true" ]; then
+    echo "Configuring database"
+    mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
+CREATE DATABASE IF NOT EXISTS ${DESIGNATE_DB_NAME};
+GRANT ALL PRIVILEGES ON ${DESIGNATE_DB_NAME}.* TO '${DESIGNATE_DB_USER}'@'%' IDENTIFIED BY '${DESIGNATE_DB_PASSWORD}'
+EOF
+
+    designate-manage database sync
+fi
+
+exec /usr/bin/designate-central
diff --git a/docker/common/designate/designate-central/start.sh b/docker/common/designate/designate-central/start.sh
index 44cf89130b..6a5af5adcb 100755
--- a/docker/common/designate/designate-central/start.sh
+++ b/docker/common/designate/designate-central/start.sh
@@ -1,24 +1,13 @@
 #!/bin/bash
-set -e
 
-. /opt/kolla/kolla-common.sh
-. /opt/kolla/config-designate.sh
+set -o errexit
+CMD="/usr/bin/designate-central"
+ARGS=""
 
-check_required_vars MARIADB_SERVICE_HOST DB_ROOT_PASSWORD DESIGNATE_DB_NAME \
-                    DESIGNATE_DB_USER DESIGNATE_DB_PASSWORD INIT_DESIGNATE_DB
+# Loading common functions.
+source /opt/kolla/kolla-common.sh
 
-fail_unless_db
+# Config-internal script exec out of this function, it does not return here.
+set_configs
 
-CONF=/etc/designate/designate.conf
-
-if [ "${INIT_DESIGNATE_DB}" == "true" ]; then
-    echo "Configuring database"
-    mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
-CREATE DATABASE IF NOT EXISTS ${DESIGNATE_DB_NAME};
-GRANT ALL PRIVILEGES ON ${DESIGNATE_DB_NAME}.* TO '${DESIGNATE_DB_USER}'@'%' IDENTIFIED BY '${DESIGNATE_DB_PASSWORD}'
-EOF
-
-    designate-manage database sync
-fi
-
-exec /usr/bin/designate-central
+exec $CMD $ARGS
diff --git a/docker/common/designate/designate-mdns/config-external.sh b/docker/common/designate/designate-mdns/config-external.sh
new file mode 100644
index 0000000000..ce302ea0c5
--- /dev/null
+++ b/docker/common/designate/designate-mdns/config-external.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+SOURCE="/opt/kolla/designate/designate.conf"
+TARGET="/etc/designate/designate.conf"
+OWNER="designate"
+
+if [[ -f "$SOURCE" ]]; then
+    cp $SOURCE $TARGET
+    chown ${OWNER}: $TARGET
+    chmod 0644 $TARGET
+fi
diff --git a/docker/common/designate/designate-mdns/config-internal.sh b/docker/common/designate/designate-mdns/config-internal.sh
new file mode 100644
index 0000000000..a3e5df2747
--- /dev/null
+++ b/docker/common/designate/designate-mdns/config-internal.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+. /opt/kolla/kolla-common.sh
+. /opt/kolla/config-designate.sh
+
+check_required_vars DESIGNATE_MASTERNS DESIGNATE_MDNS_PORT
+
+CONF=/etc/designate/designate.conf
+
+crudini --set $CONF service:mdns workers "1"
+crudini --set $CONF service:mdns host "${DESIGNATE_MASTERNS}"
+crudini --set $CONF service:mdns port "${DESIGNATE_MDNS_PORT}"
+crudini --set $CONF service:mdns tcp_backlog "100"
+crudini --set $CONF service:mdns all_tcp "False"
+
+exec /usr/bin/designate-mdns
diff --git a/docker/common/designate/designate-mdns/start.sh b/docker/common/designate/designate-mdns/start.sh
index a3e5df2747..ee3d19e33b 100755
--- a/docker/common/designate/designate-mdns/start.sh
+++ b/docker/common/designate/designate-mdns/start.sh
@@ -1,17 +1,13 @@
 #!/bin/bash
-set -e
 
-. /opt/kolla/kolla-common.sh
-. /opt/kolla/config-designate.sh
+set -o errexit
+CMD="/usr/bin/designate-mdns"
+ARGS=""
 
-check_required_vars DESIGNATE_MASTERNS DESIGNATE_MDNS_PORT
+# Loading common functions.
+source /opt/kolla/kolla-common.sh
 
-CONF=/etc/designate/designate.conf
+# Config-internal script exec out of this function, it does not return here.
+set_configs
 
-crudini --set $CONF service:mdns workers "1"
-crudini --set $CONF service:mdns host "${DESIGNATE_MASTERNS}"
-crudini --set $CONF service:mdns port "${DESIGNATE_MDNS_PORT}"
-crudini --set $CONF service:mdns tcp_backlog "100"
-crudini --set $CONF service:mdns all_tcp "False"
-
-exec /usr/bin/designate-mdns
+exec $CMD $ARGS
diff --git a/docker/common/designate/designate-poolmanager/config-external.sh b/docker/common/designate/designate-poolmanager/config-external.sh
new file mode 100644
index 0000000000..ce302ea0c5
--- /dev/null
+++ b/docker/common/designate/designate-poolmanager/config-external.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+SOURCE="/opt/kolla/designate/designate.conf"
+TARGET="/etc/designate/designate.conf"
+OWNER="designate"
+
+if [[ -f "$SOURCE" ]]; then
+    cp $SOURCE $TARGET
+    chown ${OWNER}: $TARGET
+    chmod 0644 $TARGET
+fi
diff --git a/docker/common/designate/designate-poolmanager/config-internal.sh b/docker/common/designate/designate-poolmanager/config-internal.sh
new file mode 100644
index 0000000000..f5222b3f46
--- /dev/null
+++ b/docker/common/designate/designate-poolmanager/config-internal.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+set -e
+
+. /opt/kolla/kolla-common.sh
+. /opt/kolla/config-designate.sh
+
+check_required_vars DESIGNATE_MASTERNS DESIGNATE_BACKEND DESIGNATE_SLAVENS \
+                    DESIGNATE_MDNS_PORT DESIGNATE_DNS_PORT DESIGNATE_POOLMAN_POOLID \
+                    DESIGNATE_POOLMAN_TARGETS DESIGNATE_POOLMAN_NSS \
+                    DESIGNATE_POOLMAN_POOLID
+
+CONF=/etc/designate/designate.conf
+
+if [ "${DESIGNATE_BACKEND}" == "bind9" ]; then
+    TYPE="bind9"
+    OPTIONS="rndc_host: ${DESIGNATE_SLAVENS}, rndc_key_file: /etc/rndc.key"
+else
+    echo Unsupported backend: ${DESIGNATE_BACKEND}
+    exit
+fi
+
+crudini --set $CONF service:pool_manager workers "1"
+crudini --set $CONF service:pool_manager enable_recovery_timer "False"
+crudini --set $CONF service:pool_manager periodic_recovery_interval "120"
+crudini --set $CONF service:pool_manager enable_sync_timer "True"
+crudini --set $CONF service:pool_manager periodic_sync_interval "1800"
+crudini --set $CONF service:pool_manager poll_max_retries "10"
+crudini --set $CONF service:pool_manager poll_delay "5"
+crudini --set $CONF service:pool_manager poll_retry_interval "15"
+crudini --set $CONF service:pool_manager pool_id "${DESIGNATE_POOLMAN_POOLID}"
+crudini --set $CONF service:pool_manager cache_driver "noop"
+
+# TODO: use this to use memcached
+#crudini --set $CONF service:pool_manager cache_driver memcache
+#crudini --set $CONF service:pool_manager memcached_servers ${MEMCACHED_HOST}
+
+# Specify the id of the pool managed through pool_manager. Central gets
+# configured with this pool_id as well.
+crudini --set $CONF service:pool_manager pool_id "${DESIGNATE_POOLMAN_POOLID}"
+
+crudini --set $CONF pool:${DESIGNATE_POOLMAN_POOLID} nameservers "${DESIGNATE_POOLMAN_NSS}"
+crudini --set $CONF pool:${DESIGNATE_POOLMAN_POOLID} targets "${DESIGNATE_POOLMAN_TARGETS}"
+
+crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} type "${TYPE}"
+crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} options "${OPTIONS}"
+# This is the mdns container, which is the master nameserver.
+crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} masters "${DESIGNATE_MASTERNS}:${DESIGNATE_MDNS_PORT}"
+crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} host "${DESIGNATE_MASTERNS}"
+crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} port "${DESIGNATE_DNS_PORT}"
+
+crudini --set $CONF pool_nameserver:${DESIGNATE_POOLMAN_NSS} host "${DESIGNATE_MASTERNS}"
+crudini --set $CONF pool_nameserver:${DESIGNATE_POOLMAN_NSS} port "${DESIGNATE_DNS_PORT}"
+
+exec /usr/bin/designate-pool-manager
diff --git a/docker/common/designate/designate-poolmanager/start.sh b/docker/common/designate/designate-poolmanager/start.sh
index f5222b3f46..8601639990 100755
--- a/docker/common/designate/designate-poolmanager/start.sh
+++ b/docker/common/designate/designate-poolmanager/start.sh
@@ -1,54 +1,13 @@
 #!/bin/bash
-set -e
 
-. /opt/kolla/kolla-common.sh
-. /opt/kolla/config-designate.sh
+set -o errexit
+CMD="/usr/bin/designate-pool-manager"
+ARGS=""
 
-check_required_vars DESIGNATE_MASTERNS DESIGNATE_BACKEND DESIGNATE_SLAVENS \
-                    DESIGNATE_MDNS_PORT DESIGNATE_DNS_PORT DESIGNATE_POOLMAN_POOLID \
-                    DESIGNATE_POOLMAN_TARGETS DESIGNATE_POOLMAN_NSS \
-                    DESIGNATE_POOLMAN_POOLID
+# Loading common functions.
+source /opt/kolla/kolla-common.sh
 
-CONF=/etc/designate/designate.conf
+# Config-internal script exec out of this function, it does not return here.
+set_configs
 
-if [ "${DESIGNATE_BACKEND}" == "bind9" ]; then
-    TYPE="bind9"
-    OPTIONS="rndc_host: ${DESIGNATE_SLAVENS}, rndc_key_file: /etc/rndc.key"
-else
-    echo Unsupported backend: ${DESIGNATE_BACKEND}
-    exit
-fi
-
-crudini --set $CONF service:pool_manager workers "1"
-crudini --set $CONF service:pool_manager enable_recovery_timer "False"
-crudini --set $CONF service:pool_manager periodic_recovery_interval "120"
-crudini --set $CONF service:pool_manager enable_sync_timer "True"
-crudini --set $CONF service:pool_manager periodic_sync_interval "1800"
-crudini --set $CONF service:pool_manager poll_max_retries "10"
-crudini --set $CONF service:pool_manager poll_delay "5"
-crudini --set $CONF service:pool_manager poll_retry_interval "15"
-crudini --set $CONF service:pool_manager pool_id "${DESIGNATE_POOLMAN_POOLID}"
-crudini --set $CONF service:pool_manager cache_driver "noop"
-
-# TODO: use this to use memcached
-#crudini --set $CONF service:pool_manager cache_driver memcache
-#crudini --set $CONF service:pool_manager memcached_servers ${MEMCACHED_HOST}
-
-# Specify the id of the pool managed through pool_manager. Central gets
-# configured with this pool_id as well.
-crudini --set $CONF service:pool_manager pool_id "${DESIGNATE_POOLMAN_POOLID}"
-
-crudini --set $CONF pool:${DESIGNATE_POOLMAN_POOLID} nameservers "${DESIGNATE_POOLMAN_NSS}"
-crudini --set $CONF pool:${DESIGNATE_POOLMAN_POOLID} targets "${DESIGNATE_POOLMAN_TARGETS}"
-
-crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} type "${TYPE}"
-crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} options "${OPTIONS}"
-# This is the mdns container, which is the master nameserver.
-crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} masters "${DESIGNATE_MASTERNS}:${DESIGNATE_MDNS_PORT}"
-crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} host "${DESIGNATE_MASTERNS}"
-crudini --set $CONF pool_target:${DESIGNATE_POOLMAN_TARGETS} port "${DESIGNATE_DNS_PORT}"
-
-crudini --set $CONF pool_nameserver:${DESIGNATE_POOLMAN_NSS} host "${DESIGNATE_MASTERNS}"
-crudini --set $CONF pool_nameserver:${DESIGNATE_POOLMAN_NSS} port "${DESIGNATE_DNS_PORT}"
-
-exec /usr/bin/designate-pool-manager
+exec $CMD $ARGS
diff --git a/docker/common/designate/designate-sink/config-external.sh b/docker/common/designate/designate-sink/config-external.sh
new file mode 100644
index 0000000000..ce302ea0c5
--- /dev/null
+++ b/docker/common/designate/designate-sink/config-external.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+SOURCE="/opt/kolla/designate/designate.conf"
+TARGET="/etc/designate/designate.conf"
+OWNER="designate"
+
+if [[ -f "$SOURCE" ]]; then
+    cp $SOURCE $TARGET
+    chown ${OWNER}: $TARGET
+    chmod 0644 $TARGET
+fi
diff --git a/docker/common/designate/designate-sink/config-internal.sh b/docker/common/designate/designate-sink/config-internal.sh
new file mode 100644
index 0000000000..a6a3a4bacb
--- /dev/null
+++ b/docker/common/designate/designate-sink/config-internal.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+set -e
+
+. /opt/kolla/kolla-common.sh
+. /opt/kolla/config-designate.sh
+
+CONF=/etc/designate/designate.conf
+
+configure_nova_handler() {
+    local DOMAIN_ID=$1
+
+    crudini --set $CONF handler:nova_fixed domain_id "$DOMAIN_ID"
+    crudini --set $CONF handler:nova_fixed notification_topics "notifications"
+    crudini --set $CONF handler:nova_fixed control_exchange "nova"
+    # Configuring multiple record formats
+    for FORMAT in $DESIGNATE_SINK_NOVA_FORMATS; do
+        crudini --set $CONF handler:nova_fixed format "$FORMAT"
+    done
+}
+
+configure_neutron_handler() {
+    local DOMAIN_ID=$1
+
+    crudini --set $CONF handler:neutron_floatingip domain_id "$DOMAIN_ID"
+    crudini --set $CONF handler:neutron_floatingip notification_topics "notifications"
+    crudini --set $CONF handler:neutron_floatingip control_exchange "neutron"
+    # Configuring multiple record formats
+    for FORMAT in $DESIGNATE_SINK_NEUTRON_FORMATS; do
+        crudini --set $CONF handler:neutron_floatingip format "$FORMAT"
+    done
+}
+
+check_required_vars DESIGNATE_API_SERVICE_HOST DESIGNATE_API_SERVICE_PORT \
+                    DESIGNATE_DEFAULT_POOL_NS_RECORD
+
+check_for_os_service_endpoint designate DESIGNATE_API_SERVICE_HOST DESIGNATE_API_SERVICE_PORT || exit $?
+
+if [ -z "$DESIGNATE_SINK_NOVA_DOMAIN_NAME" && -z "$DESIGNATE_SINK_NEUTRON_DOMAIN_NAME" ]; then
+    echo "Please specify either Nova or Neutron domain name for Designate Sink"
+    exit 1
+fi
+
+designate server-create --name ${DESIGNATE_DEFAULT_POOL_NS_RECORD}
+if [ $? != 0 ]; then
+    echo "Creating server failed" 1>&2
+    exit 1
+fi
+
+if [ -n "$DESIGNATE_SINK_NOVA_DOMAIN_NAME" ]; then
+    NOVA_DOMAIN_ID=$(get_or_create_domain $DESIGNATE_SINK_NOVA_DOMAIN_NAME)
+    configure_nova_handler $NOVA_DOMAIN_ID
+    HANDLERS="nova_fixed"
+fi
+
+if [ -n "$DESIGNATE_SINK_NEUTRON_DOMAIN_NAME" ]; then
+    NEUTRON_DOMAIN_ID=$(get_or_create_domain $DESIGNATE_SINK_NEUTRON_DOMAIN_NAME)
+    configure_neutron_handler $NEUTRON_DOMAIN_ID
+    [ -n "$HANDLERS" ] && HANDLERS+=","
+    HANDLERS+="neutron_floatingip"
+fi
+
+crudini --set $CONF service:sink enabled_notification_handlers "$HANDLERS"
+
+exec /usr/bin/designate-sink
diff --git a/docker/common/designate/designate-sink/start.sh b/docker/common/designate/designate-sink/start.sh
index a6a3a4bacb..41637a5f62 100755
--- a/docker/common/designate/designate-sink/start.sh
+++ b/docker/common/designate/designate-sink/start.sh
@@ -1,64 +1,13 @@
 #!/bin/bash
-set -e
 
-. /opt/kolla/kolla-common.sh
-. /opt/kolla/config-designate.sh
+set -o errexit
+CMD="/usr/bin/designate-sink"
+ARGS=""
 
-CONF=/etc/designate/designate.conf
+# Loading common functions.
+source /opt/kolla/kolla-common.sh
 
-configure_nova_handler() {
-    local DOMAIN_ID=$1
+# Config-internal script exec out of this function, it does not return here.
+set_configs
 
-    crudini --set $CONF handler:nova_fixed domain_id "$DOMAIN_ID"
-    crudini --set $CONF handler:nova_fixed notification_topics "notifications"
-    crudini --set $CONF handler:nova_fixed control_exchange "nova"
-    # Configuring multiple record formats
-    for FORMAT in $DESIGNATE_SINK_NOVA_FORMATS; do
-        crudini --set $CONF handler:nova_fixed format "$FORMAT"
-    done
-}
-
-configure_neutron_handler() {
-    local DOMAIN_ID=$1
-
-    crudini --set $CONF handler:neutron_floatingip domain_id "$DOMAIN_ID"
-    crudini --set $CONF handler:neutron_floatingip notification_topics "notifications"
-    crudini --set $CONF handler:neutron_floatingip control_exchange "neutron"
-    # Configuring multiple record formats
-    for FORMAT in $DESIGNATE_SINK_NEUTRON_FORMATS; do
-        crudini --set $CONF handler:neutron_floatingip format "$FORMAT"
-    done
-}
-
-check_required_vars DESIGNATE_API_SERVICE_HOST DESIGNATE_API_SERVICE_PORT \
-                    DESIGNATE_DEFAULT_POOL_NS_RECORD
-
-check_for_os_service_endpoint designate DESIGNATE_API_SERVICE_HOST DESIGNATE_API_SERVICE_PORT || exit $?
-
-if [ -z "$DESIGNATE_SINK_NOVA_DOMAIN_NAME" && -z "$DESIGNATE_SINK_NEUTRON_DOMAIN_NAME" ]; then
-    echo "Please specify either Nova or Neutron domain name for Designate Sink"
-    exit 1
-fi
-
-designate server-create --name ${DESIGNATE_DEFAULT_POOL_NS_RECORD}
-if [ $? != 0 ]; then
-    echo "Creating server failed" 1>&2
-    exit 1
-fi
-
-if [ -n "$DESIGNATE_SINK_NOVA_DOMAIN_NAME" ]; then
-    NOVA_DOMAIN_ID=$(get_or_create_domain $DESIGNATE_SINK_NOVA_DOMAIN_NAME)
-    configure_nova_handler $NOVA_DOMAIN_ID
-    HANDLERS="nova_fixed"
-fi
-
-if [ -n "$DESIGNATE_SINK_NEUTRON_DOMAIN_NAME" ]; then
-    NEUTRON_DOMAIN_ID=$(get_or_create_domain $DESIGNATE_SINK_NEUTRON_DOMAIN_NAME)
-    configure_neutron_handler $NEUTRON_DOMAIN_ID
-    [ -n "$HANDLERS" ] && HANDLERS+=","
-    HANDLERS+="neutron_floatingip"
-fi
-
-crudini --set $CONF service:sink enabled_notification_handlers "$HANDLERS"
-
-exec /usr/bin/designate-sink
+exec $CMD $ARGS