diff --git a/ansible/roles/keystone/tasks/bootstrap.yml b/ansible/roles/keystone/tasks/bootstrap.yml
index c2bbf1a02a..0e4c98ca4a 100644
--- a/ansible/roles/keystone/tasks/bootstrap.yml
+++ b/ansible/roles/keystone/tasks/bootstrap.yml
@@ -6,9 +6,9 @@
   vars:
     container_detach: False
     container_environment:
-      BOOTSTRAP:
-      CONFIG_STRATEGY: "{{ config_strategy }}"
+      KOLLA_BOOTSTRAP:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
     container_image: "{{ docker_keystone_image_full }}"
     container_name: "bootstrap_keystone"
     container_volumes:
-      - "{{ node_config_directory }}/keystone/:/opt/kolla/configs/keystone/:ro"
+      - "{{ node_config_directory }}/keystone/:/opt/kolla/keystone/:ro"
diff --git a/ansible/roles/keystone/tasks/config.yml b/ansible/roles/keystone/tasks/config.yml
index 6a6a12eac2..905e3d9372 100644
--- a/ansible/roles/keystone/tasks/config.yml
+++ b/ansible/roles/keystone/tasks/config.yml
@@ -14,3 +14,8 @@
       - "{{ node_templates_directory }}/keystone/keystone.conf_messaging"
       - "{{ node_templates_directory }}/keystone/keystone.conf_augment"
     config_dest: "{{ node_config_directory }}/keystone/keystone.conf"
+
+- name: Copying over config(s)
+  template:
+    src: "wsgi-keystone.conf.j2"
+    dest: "{{ node_config_directory }}/keystone/wsgi-keystone.conf"
diff --git a/ansible/roles/keystone/tasks/start.yml b/ansible/roles/keystone/tasks/start.yml
index a1d999ef57..692ffc25e9 100644
--- a/ansible/roles/keystone/tasks/start.yml
+++ b/ansible/roles/keystone/tasks/start.yml
@@ -2,8 +2,8 @@
 - include: ../../start.yml
   vars:
     container_environment:
-      CONFIG_STRATEGY: "{{ config_strategy }}"
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
     container_image: "{{ docker_keystone_image_full }}"
     container_name: "keystone"
     container_volumes:
-      - "{{ node_config_directory }}/keystone/:/opt/kolla/configs/keystone/:ro"
+      - "{{ node_config_directory }}/keystone/:/opt/kolla/keystone/:ro"
diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2
index 9dc45cb0a3..4ea79a5662 100644
--- a/ansible/roles/keystone/templates/keystone.conf.j2
+++ b/ansible/roles/keystone/templates/keystone.conf.j2
@@ -2,12 +2,7 @@
 verbose = {{ keystone_logging_verbose }}
 debug = {{ keystone_logging_debug }}
 
-bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
-
 admin_token = {{ keystone_admin_token }}
 
-public_endpoint = http://{{ keystone_public_address }}:{{ keystone_public_port }}
-admin_endpoint = http://{{ keystone_admin_address }}:{{ keystone_admin_port }}
-
 [database]
 connection = mysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
new file mode 100644
index 0000000000..71180002fd
--- /dev/null
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -0,0 +1,28 @@
+Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ keystone_public_port }}
+Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ keystone_admin_port }}
+
+<VirtualHost *:{{ keystone_public_port }}>
+    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
+    WSGIProcessGroup keystone-public
+    WSGIScriptAlias / /var/www/cgi-bin/keystone/main
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    <IfVersion >= 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    </IfVersion>
+    ErrorLog /var/log/keystone/keystone.log
+    CustomLog /var/log/keystone/keystone_access.log combined
+</VirtualHost>
+
+<VirtualHost *:{{ keystone_admin_port }}>
+    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
+    WSGIProcessGroup keystone-admin
+    WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    <IfVersion >= 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    </IfVersion>
+    ErrorLog /var/log/keystone/keystone.log
+    CustomLog /var/log/keystone/keystone_access.log combined
+</VirtualHost>
diff --git a/docker/common/keystone/config-external.sh b/docker/common/keystone/config-external.sh
index 76e4acfff2..54df0f3a1e 100644
--- a/docker/common/keystone/config-external.sh
+++ b/docker/common/keystone/config-external.sh
@@ -1,5 +1,11 @@
 #!/bin/bash
 
+if [[ -f /opt/kolla/keystone/wsgi-keystone.conf ]]; then
+    cp /opt/kolla/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
+    chown root:keystone /etc/httpd/conf.d/wsgi-keystone.conf
+    chmod 0644 /etc/httpd/conf.d/wsgi-keystone.conf
+fi
+
 if [[ -f /opt/kolla/keystone/keystone.conf ]]; then
     cp /opt/kolla/keystone/keystone.conf /etc/keystone/keystone.conf
     chown keystone: /etc/keystone/keystone.conf
diff --git a/docker/common/keystone/start.sh b/docker/common/keystone/start.sh
index 4dce4c7575..a7b2462b32 100755
--- a/docker/common/keystone/start.sh
+++ b/docker/common/keystone/start.sh
@@ -2,17 +2,19 @@
 
 set -o errexit
 
-CMD="/usr/bin/keystone-all"
-ARGS=""
+CMD="/usr/sbin/httpd"
+ARGS="-DFOREGROUND"
 
-# loading common functions
+# Loading common functions.
 source /opt/kolla/kolla-common.sh
 
+# Config-internal script exec out of this function, it does not return here.
 set_configs
 
-# Bootstrap and exit if BOOTSTRAP variable is set
+# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
+# of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    su -c "keystone-manage db_sync" keystone
+    su -s /bin/sh -c "keystone-manage db_sync" keystone
     exit 0
 fi