diff --git a/playbooks/group_vars/nodepool-builder_opendev.yaml b/playbooks/group_vars/nodepool-builder_opendev.yaml
index 81cac6a1aa..ccb4fda33d 100644
--- a/playbooks/group_vars/nodepool-builder_opendev.yaml
+++ b/playbooks/group_vars/nodepool-builder_opendev.yaml
@@ -1,4 +1,4 @@
-openstacksdk_config_dir: /home/nodepool/.config/openstack
-openstacksdk_config_owner: nodepool
-openstacksdk_config_group: nodepool
+openstacksdk_config_dir: /etc/openstack
+openstacksdk_config_owner: root
+openstacksdk_config_group: root
 openstacksdk_config_template: clouds/nodepool_clouds.yaml.j2
diff --git a/playbooks/roles/nodepool-builder/templates/docker-compose.yaml.j2 b/playbooks/roles/nodepool-builder/templates/docker-compose.yaml.j2
index ae46229323..55bcfa559c 100644
--- a/playbooks/roles/nodepool-builder/templates/docker-compose.yaml.j2
+++ b/playbooks/roles/nodepool-builder/templates/docker-compose.yaml.j2
@@ -12,12 +12,10 @@ services:
       - DEBUG=1
 
     volumes:
-      # NOTE(ianw): for non-containerised builds the base roles
-      # (configure-openstacksdk) have always deployed the cloud config
-      # in ~nodepool/.config.
-      - /home/nodepool/.config/openstack:/etc/openstack:ro
       # nodepool config
       - /etc/nodepool:/etc/nodepool:ro
+      # openstacksdk config
+      - /etc/openstack:/etc/openstack:ro
       # project-config
       - /opt/project-config:/opt/project-config:ro
       # dib temporary storage; see config in project-config
@@ -25,4 +23,4 @@ services:
       # dib image output; see config in project-config
       - /opt/nodepool_dib:/opt/nodepool_dib:rw
       # logs (builder + dib build logs under /build)
-      - /var/log/nodepool:/var/log/nodepool:rw
\ No newline at end of file
+      - /var/log/nodepool:/var/log/nodepool:rw
diff --git a/playbooks/templates/clouds/nodepool_builder_clouds.yaml.j2 b/playbooks/templates/clouds/nodepool_builder_clouds.yaml.j2
index 9c0e3f452f..8a7dbd62bf 100644
--- a/playbooks/templates/clouds/nodepool_builder_clouds.yaml.j2
+++ b/playbooks/templates/clouds/nodepool_builder_clouds.yaml.j2
@@ -3,7 +3,7 @@
 #
 # This file is deployed to nodepool builder hosts as
 #
-#   ~nodepool/.config/openstack/config/clouds.yaml
+#   {{ openstacksdk_config_dir }}/clouds.yaml
 #
 # and is used there to authenticate nodepool operations to clouds.
 # The naming should correspond that used in nodepool configuration
@@ -155,7 +155,7 @@ clouds:
     api_timeout: 60
     identity_api_version: 3
     floating_ip_source: None
-    cacert: /home/nodepool/.config/openstack/limestone_cacert.pem
+    cacert: '{{ openstacksdk_config_dir }}/limestone_cacert.pem'
   packethost:
     regions:
       - name: us-west-1
diff --git a/testinfra/test_nodepool.py b/testinfra/test_nodepool.py
index d591748ab2..46d11ba616 100644
--- a/testinfra/test_nodepool.py
+++ b/testinfra/test_nodepool.py
@@ -19,7 +19,12 @@ testinfra_hosts = ['nl01.openstack.org', 'nb01.openstack.org',
 
 
 def test_clouds_yaml(host):
-    clouds_yaml = host.file('/home/nodepool/.config/openstack/clouds.yaml')
+    if host.backend.get_hostname().endswith('openstack.org'):
+        cfg_file = '/home/nodepool/.config/openstack/clouds.yaml'
+    else:
+        cfg_file = '/etc/openstack/clouds.yaml'
+
+    clouds_yaml = host.file(cfg_file)
     assert clouds_yaml.exists
 
     assert b'password' in clouds_yaml.content