diff --git a/templates/kilo/glance-api-paste.ini b/templates/kilo/glance-api-paste.ini
new file mode 100644
index 00000000..86a4cdb1
--- /dev/null
+++ b/templates/kilo/glance-api-paste.ini
@@ -0,0 +1,77 @@
+# Use this pipeline for no auth or image caching - DEFAULT
+[pipeline:glance-api]
+pipeline = versionnegotiation osprofiler unauthenticated-context rootapp
+
+# Use this pipeline for image caching and no auth
+[pipeline:glance-api-caching]
+pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp
+
+# Use this pipeline for caching w/ management interface but no auth
+[pipeline:glance-api-cachemanagement]
+pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-api-keystone]
+pipeline = versionnegotiation osprofiler authtoken context  rootapp
+
+# Use this pipeline for keystone auth with image caching
+[pipeline:glance-api-keystone+caching]
+pipeline = versionnegotiation osprofiler authtoken context cache rootapp
+
+# Use this pipeline for keystone auth with caching and cache management
+[pipeline:glance-api-keystone+cachemanagement]
+pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-api-trusted-auth]
+pipeline = versionnegotiation osprofiler context rootapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user and uses cache management
+[pipeline:glance-api-trusted-auth+cachemanagement]
+pipeline = versionnegotiation osprofiler context cache cachemanage rootapp
+
+[composite:rootapp]
+paste.composite_factory = glance.api:root_app_factory
+/: apiversions
+/v1: apiv1app
+/v2: apiv2app
+
+[app:apiversions]
+paste.app_factory = glance.api.versions:create_resource
+
+[app:apiv1app]
+paste.app_factory = glance.api.v1.router:API.factory
+
+[app:apiv2app]
+paste.app_factory = glance.api.v2.router:API.factory
+
+[filter:versionnegotiation]
+paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
+
+[filter:cache]
+paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
+
+[filter:cachemanage]
+paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+delay_auth_decision = true
+
+[filter:gzip]
+paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = SECRET_KEY
+enabled = yes
diff --git a/templates/kilo/glance-api.conf b/templates/kilo/glance-api.conf
new file mode 100644
index 00000000..33d3d654
--- /dev/null
+++ b/templates/kilo/glance-api.conf
@@ -0,0 +1,89 @@
+[DEFAULT]
+verbose = {{ verbose }}
+use_syslog = {{ use_syslog }}
+debug = {{ debug }}
+workers = {{ workers }}
+
+known_stores = {{ known_stores }}
+{% if rbd_pool -%}
+default_store = rbd
+{% elif swift_store -%}
+default_store = swift
+{% else -%}
+default_store = file
+{% endif -%}
+
+bind_host = {{ bind_host }}
+
+{% if ext -%}
+bind_port = {{ ext }}
+{% elif bind_port -%}
+bind_port = {{ bind_port }}
+{% else -%}
+bind_port = 9292
+{% endif -%}
+
+log_file = /var/log/glance/api.log
+backlog = 4096
+
+registry_host = {{ registry_host }}
+registry_port = 9191
+registry_client_protocol = http
+
+{% if api_config_flags -%}
+{% for key, value in api_config_flags.iteritems() -%}
+{{ key }} = {{ value }}
+{% endfor -%}
+{% endif -%}
+
+{% if rabbitmq_host or rabbitmq_hosts -%}
+notification_driver = rabbit
+{% endif -%}
+
+{% if swift_store -%}
+swift_store_auth_version = 2
+swift_store_auth_address = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/v2.0/
+swift_store_user = {{ admin_tenant_name }}:{{ admin_user }}
+swift_store_key = {{ admin_password }}
+swift_store_create_container_on_put = True
+swift_store_container = glance
+swift_store_large_object_size = 5120
+swift_store_large_object_chunk_size = 200
+swift_enable_snet = False
+{% endif -%}
+
+{% if rbd_pool -%}
+rbd_store_ceph_conf = /etc/ceph/ceph.conf
+rbd_store_user = {{ rbd_user }}
+rbd_store_pool = {{ rbd_pool }}
+rbd_store_chunk_size = 8
+{% endif -%}
+
+delayed_delete = False
+scrub_time = 43200
+scrubber_datadir = /var/lib/glance/scrubber
+image_cache_dir = /var/lib/glance/image-cache/
+db_enforce_mysql_charset = False
+
+[glance_store]
+filesystem_store_datadir = /var/lib/glance/images/
+
+[image_format]
+disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso,root-tar
+
+{% if auth_host -%}
+[keystone_authtoken]
+identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/{{ auth_admin_prefix }}
+auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/{{ service_admin_prefix }}
+admin_tenant_name = {{ admin_tenant_name }}
+admin_user = {{ admin_user }}
+admin_password = {{ admin_password }}
+signing_dir = {{ signing_dir }}
+
+[paste_deploy]
+flavor = keystone
+{% endif %}
+
+{% include "parts/section-database" %}
+
+{% include "parts/section-rabbitmq" %}
diff --git a/templates/kilo/glance-registry-paste.ini b/templates/kilo/glance-registry-paste.ini
new file mode 100644
index 00000000..df403f6e
--- /dev/null
+++ b/templates/kilo/glance-registry-paste.ini
@@ -0,0 +1,30 @@
+# Use this pipeline for no auth - DEFAULT
+[pipeline:glance-registry]
+pipeline = osprofiler unauthenticated-context registryapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-registry-keystone]
+pipeline = osprofiler authtoken context registryapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-registry-trusted-auth]
+pipeline = osprofiler context registryapp
+
+[app:registryapp]
+paste.app_factory = glance.registry.api:API.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = SECRET_KEY
+enabled = yes
diff --git a/templates/kilo/glance-registry.conf b/templates/kilo/glance-registry.conf
new file mode 100644
index 00000000..5e4dd2ce
--- /dev/null
+++ b/templates/kilo/glance-registry.conf
@@ -0,0 +1,33 @@
+[DEFAULT]
+verbose = {{ verbose }}
+use_syslog = {{ use_syslog }}
+debug = {{ debug }}
+workers = {{ workers }}
+
+bind_host = {{ bind_host }}
+bind_port = 9191
+log_file = /var/log/glance/registry.log
+backlog = 4096
+api_limit_max = 1000
+limit_param_default = 25
+
+{% if registry_config_flags -%}
+{% for key, value in registry_config_flags.iteritems() -%}
+{{ key }} = {{ value }}
+{% endfor -%}
+{% endif -%}
+
+{% if auth_host -%}
+[keystone_authtoken]
+identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/{{ auth_admin_prefix }}
+auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/{{ service_admin_prefix }}
+admin_tenant_name = {{ admin_tenant_name }}
+admin_user = {{ admin_user }}
+admin_password = {{ admin_password }}
+signing_dir = {{ signing_dir }}
+
+[paste_deploy]
+flavor = keystone
+{% endif %}
+
+{% include "parts/section-database" %}
diff --git a/templates/parts/section-database b/templates/parts/section-database
index ae4a5ba0..de4c1e9d 100644
--- a/templates/parts/section-database
+++ b/templates/parts/section-database
@@ -1,4 +1,5 @@
 {% if database_host -%}
 [database]
 connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
+idle_timeout = 3600
 {% endif -%}
diff --git a/templates/parts/section-rabbitmq b/templates/parts/section-rabbitmq
new file mode 100644
index 00000000..df21178b
--- /dev/null
+++ b/templates/parts/section-rabbitmq
@@ -0,0 +1,22 @@
+{% if rabbitmq_host or rabbitmq_hosts -%}
+[oslo_messaging_rabbit]
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_virtual_host = {{ rabbitmq_virtual_host }}
+rabbit_password = {{ rabbitmq_password }}
+{% if rabbitmq_hosts -%}
+rabbit_hosts = {{ rabbitmq_hosts }}
+{% if rabbitmq_ha_queues -%}
+rabbit_ha_queues = True
+rabbit_durable_queues = False
+{% endif -%}
+{% else -%}
+rabbit_host = {{ rabbitmq_host }}
+{% endif -%}
+{% if rabbit_ssl_port -%}
+rabbit_use_ssl = True
+rabbit_port = {{ rabbit_ssl_port }}
+{% if rabbit_ssl_ca -%}
+kombu_ssl_ca_certs = {{ rabbit_ssl_ca }}
+{% endif -%}
+{% endif -%}
+{% endif -%}
\ No newline at end of file