diff --git a/conf/templates/nova/api-paste.ini.tpl b/conf/templates/nova/api-paste.ini.tpl
new file mode 100644
index 00000000..fb68d285
--- /dev/null
+++ b/conf/templates/nova/api-paste.ini.tpl
@@ -0,0 +1,158 @@
+############
+# Metadata #
+############
+[composite:metadata]
+use = egg:Paste#urlmap
+/: metaversions
+/latest: meta
+/2007-01-19: meta
+/2007-03-01: meta
+/2007-08-29: meta
+/2007-10-10: meta
+/2007-12-15: meta
+/2008-02-01: meta
+/2008-09-01: meta
+/2009-04-04: meta
+
+[pipeline:metaversions]
+pipeline = ec2faultwrap logrequest metaverapp
+
+[pipeline:meta]
+pipeline = ec2faultwrap logrequest metaapp
+
+[app:metaverapp]
+paste.app_factory = nova.api.metadata.handler:Versions.factory
+
+[app:metaapp]
+paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
+
+#######
+# EC2 #
+#######
+
+[composite:ec2]
+use = egg:Paste#urlmap
+/services/Cloud: ec2cloud
+
+[pipeline:ec2cloud]
+pipeline = ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor 
+# NOTE(vish): use the following pipeline for deprecated auth
+# pipeline = ec2faultwrap logrequest authenticate cloudrequest authorizer validator ec2executor
+# NOTE(vish): use the following pipeline for keystone auth
+# pipeline = ec2faultwrap logrequest ec2keystoneauth cloudrequest authorizer validator ec2executor
+
+[filter:ec2faultwrap]
+paste.filter_factory = nova.api.ec2:FaultWrapper.factory
+
+[filter:logrequest]
+paste.filter_factory = nova.api.ec2:RequestLogging.factory
+
+[filter:ec2lockout]
+paste.filter_factory = nova.api.ec2:Lockout.factory
+
+[filter:totoken]
+paste.filter_factory = nova.api.ec2:EC2Token.factory
+
+[filter:ec2keystoneauth]
+paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory
+
+[filter:ec2noauth]
+paste.filter_factory = nova.api.ec2:NoAuth.factory
+
+[filter:authenticate]
+paste.filter_factory = nova.api.ec2:Authenticate.factory
+
+[filter:cloudrequest]
+controller = nova.api.ec2.cloud.CloudController
+paste.filter_factory = nova.api.ec2:Requestify.factory
+
+[filter:authorizer]
+paste.filter_factory = nova.api.ec2:Authorizer.factory
+
+[filter:validator]
+paste.filter_factory = nova.api.ec2:Validator.factory
+
+[app:ec2executor]
+paste.app_factory = nova.api.ec2:Executor.factory
+
+#############
+# Openstack #
+#############
+
+[composite:osapi_compute]
+use = call:nova.api.openstack.urlmap:urlmap_factory
+/: oscomputeversions
+/v1.1: openstack_compute_api_v2
+/v2: openstack_compute_api_v2
+
+[composite:osapi_volume]
+use = call:nova.api.openstack.urlmap:urlmap_factory
+/: osvolumeversions
+/v1: openstack_volume_api_v1
+
+[pipeline:openstack_compute_api_v2]
+pipeline = faultwrap authtoken keystonecontext ratelimit osapi_compute_app_v2 
+# NOTE(vish): use the following pipeline for deprecated auth
+# pipeline = faultwrap auth ratelimit osapi_compute_app_v2
+# NOTE(vish): use the following pipeline for keystone auth
+# pipeline = faultwrap authtoken keystonecontext ratelimit osapi_compute_app_v2
+
+[pipeline:openstack_volume_api_v1]
+pipeline = faultwrap authtoken keystonecontext ratelimit osapi_volume_app_v1 
+# NOTE(vish): use the following pipeline for deprecated auth
+# pipeline = faultwrap auth ratelimit osapi_volume_app_v1
+# NOTE(vish): use the following pipeline for keystone auth
+# pipeline = faultwrap authtoken keystonecontext ratelimit osapi_volume_app_v1
+
+[filter:faultwrap]
+paste.filter_factory = nova.api.openstack:FaultWrapper.factory
+
+[filter:auth]
+paste.filter_factory = nova.api.openstack.auth:AuthMiddleware.factory
+
+[filter:noauth]
+paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
+
+[filter:ratelimit]
+paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
+
+[app:osapi_compute_app_v2]
+paste.app_factory = nova.api.openstack.compute:APIRouter.factory
+
+[pipeline:oscomputeversions]
+pipeline = faultwrap oscomputeversionapp
+
+[app:osapi_volume_app_v1]
+paste.app_factory = nova.api.openstack.volume:APIRouter.factory
+
+[app:oscomputeversionapp]
+paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
+
+[pipeline:osvolumeversions]
+pipeline = faultwrap osvolumeversionapp
+
+[app:osvolumeversionapp]
+paste.app_factory = nova.api.openstack.volume.versions:Versions.factory
+
+##########
+# Shared #
+##########
+
+[filter:keystonecontext]
+paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+service_protocol = http
+service_host = 127.0.0.1
+service_port = 5000
+auth_host = 127.0.0.1
+auth_port = 35357
+auth_protocol = http
+auth_uri = http://127.0.0.1:5000/
+# NOTE: you will have to replace the values below with an actual token
+# or user:password combination.
+admin_user = %SERVICE_USERNAME%
+admin_password = %SERVICE_PASSWORD%
+admin_token = %SERVICE_TOKEN%
+admin_tenant_name = %SERVICE_TENANT_NAME%
diff --git a/devstack/components/nova.py b/devstack/components/nova.py
index 4225600e..5a775ae7 100644
--- a/devstack/components/nova.py
+++ b/devstack/components/nova.py
@@ -123,15 +123,6 @@ ADD_PKGS = {
         ],
 }
 
-# Adjustments to nova paste pipeline for keystone
-PASTE_PIPELINE_KEYSTONE_ADJUST = {
-    'pipeline:ec2cloud': {'pipeline': 'ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor'},
-    'pipeline:ec2admin': {'pipeline': "ec2faultwrap logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor"},
-    'pipeline:openstack_compute_api_v2': {'pipeline': "faultwrap authtoken keystonecontext ratelimit osapi_compute_app_v2"},
-    'pipeline:openstack_volume_api_v1': {'pipeline': "faultwrap authtoken keystonecontext ratelimit osapi_volume_app_v1"},
-    'pipeline:openstack_api_v2': {'pipeline': 'faultwrap authtoken keystonecontext ratelimit osapi_app_v2'},
-}
-
 # What to start
 APP_OPTIONS = {
     #these are currently the core components/applications
@@ -398,33 +389,11 @@ class NovaInstaller(comp.PythonInstallComponent):
         sh.write_file(tgtfn, nova_conf)
         self.tracewriter.cfg_write(tgtfn)
 
-    def _config_adjust(self, contents, config_fn):
-        if config_fn not in ADJUST_CONFIGS:
-            return contents
-        if config_fn == PASTE_CONF and utils.service_enabled(settings.KEYSTONE, self.instances, False):
-            newcontents = contents
-            with io.BytesIO(contents) as stream:
-                config = cfg.IgnoreMissingConfigParser()
-                config.readfp(stream)
-                mods = 0
-                for section in PASTE_PIPELINE_KEYSTONE_ADJUST.keys():
-                    if config.has_section(section):
-                        section_vals = PASTE_PIPELINE_KEYSTONE_ADJUST.get(section)
-                        for (k, v) in section_vals.items():
-                            config.set(section, k, v)
-                            mods += 1
-                if mods > 0:
-                    with io.BytesIO() as outputstream:
-                        config.write(outputstream)
-                        outputstream.flush()
-                        newcontents = cfg.add_header(config_fn, outputstream.getvalue())
-            contents = newcontents
-        return contents
-
     def _get_source_config(self, config_fn):
         name = config_fn
         if config_fn == PASTE_CONF:
-            name = PASTE_SOURCE_FN
+            # Return the paste api template
+            return comp.PythonInstallComponent._get_source_config(self, PASTE_SOURCE_FN)
         elif config_fn == LOGGING_CONF:
             name = LOGGING_SOURCE_FN
         srcfn = sh.joinpths(self.cfgdir, "nova", name)