diff --git a/defaults/main.yml b/defaults/main.yml
index 53f4a366..d6691ee1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -289,7 +289,12 @@ neutron_rpc_workers: "{{ [[(ansible_facts['processor_vcpus']//ansible_facts['pro
 neutron_service_project_name: service
 neutron_service_project_domain_id: default
 neutron_service_user_domain_id: default
-neutron_service_role_name: admin
+neutron_service_role_names:
+  - admin
+  - service
+neutron_service_token_roles:
+  - service
+neutron_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
 neutron_service_user_name: neutron
 neutron_service_name: neutron
 neutron_service_type: network
diff --git a/tasks/main.yml b/tasks/main.yml
index b07f3742..b84e2771 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -203,7 +203,7 @@
     _service_users:
       - name: "{{ neutron_service_user_name }}"
         password: "{{ neutron_service_password }}"
-        role: "{{ neutron_service_role_name }}"
+        role: "{{ neutron_service_role_names }}"
     _service_endpoints:
       - service: "{{ neutron_service_name }}"
         interface: "public"
diff --git a/templates/neutron.conf.j2 b/templates/neutron.conf.j2
index 2f76e82d..8d63c05f 100644
--- a/templates/neutron.conf.j2
+++ b/templates/neutron.conf.j2
@@ -188,6 +188,10 @@ username = {{ neutron_service_user_name }}
 password = {{ neutron_service_password }}
 region_name = {{ keystone_service_region }}
 
+service_token_roles_required = {{ neutron_service_token_roles_required | bool }}
+service_token_roles = {{ neutron_service_token_roles | join(',') }}
+service_type = {{ neutron_service_type }}
+
 memcached_servers = {{ neutron_memcached_servers }}
 token_cache_time = 300
 # Prevent cache poisoning if sharing a memcached server