diff --git a/hooks/glance_relations.py b/hooks/glance_relations.py
index 10b091f3..fa5da646 100755
--- a/hooks/glance_relations.py
+++ b/hooks/glance_relations.py
@@ -241,64 +241,15 @@ def keystone_joined(relation_id=None):
 
 
 def keystone_changed():
-    CONFIGS.write('/etc/glance/glance-api-paste.ini')
-    CONFIGS.write('/etc/glance/glance-registry-paste.ini')
+    if 'identity-service' not in CONFIGS.complete_contexts():
+        juju_log('INFO', 'identity-service relation incomplete. Peer not ready?')
+        return
 
     CONFIGS.write('/etc/glance/glance-api.conf')
     CONFIGS.write('/etc/glance/glance-registry.conf')
 
-    restart(*SERVICES)
-
-    # Configure any object-store / swift relations now that we have an
-    # identity-service
-    if relation_ids('object-store'):
-        object_store_joined()
-
-    # possibly configure HTTPS for API and registry
-    configure_https()
-
-    for r_id in relation_ids('identity-service'):
-        keystone_joined(relation_id=r_id)
-    for r_id in relation_ids('image-service'):
-        image_service_joined(relation_id=r_id)
-
-
-def keystone_changed(rid=None):
-    relation_data = relation_get_dict(relation_id=rid)
-
-    token = relation_data["admin_token"]
-    service_port = relation_data["service_port"]
-    auth_port = relation_data["auth_port"]
-    service_username = relation_data["service_username"]
-    service_password = relation_data["service_password"]
-    service_tenant = relation_data["service_tenant"]
-
-    if not token or not service_port or not auth_port or \
-        not service_username or not service_password or not service_tenant:
-        juju_log('INFO', 'keystone_changed: Peer not ready')
-        sys.exit(0)
-
-    if token == "-1":
-        juju_log('ERROR', 'keystone_changed: admin token error')
-        sys.exit(1)
-    juju_log('INFO', 'keystone_changed: Acquired admin token')
-
-    keystone_host = relation_data["auth_host"]
-
-    set_or_update(key='flavor', value='keystone', file='api', section="paste_deploy")
-    set_or_update(key='flavor', value='keystone', file='registry', section="paste_deploy")
-
-    section = "filter:authtoken"
-    for i in ['api-paste', 'registry-paste']:
-        set_or_update(key='service_host', value=keystone_host, file=i, section=section)
-        set_or_update(key='service_port', value=service_port, file=i, section=section)
-        set_or_update(key='auth_host', value=keystone_host, file=i, section=section)
-        set_or_update(key='auth_port', value=auth_port, file=i, section=section)
-        set_or_update(key='auth_uri', value="http://%s:%s/" % (keystone_host, service_port), file=i, section=section)
-        set_or_update(key='admin_token', value=token, file=i, section=section)
-        set_or_update(key='admin_tenant_name', value=service_tenant, file=i, section=section)
-        set_or_update(key='admin_user', value=service_username, file=i, section=section)
-        set_or_update(key='admin_password', value=service_password, file=i, section=section)
+    CONFIGS.write('/etc/glance/glance-api-paste.ini')
+    CONFIGS.write('/etc/glance/glance-registry-paste.ini')
 
     restart(*SERVICES)
 
@@ -310,10 +261,11 @@ def keystone_changed(rid=None):
     # possibly configure HTTPS for API and registry
     configure_https()
 
-    for r_id in relation_ids('identity-service'):
-        keystone_joined(relation_id=r_id)
-    for r_id in relation_ids('image-service'):
-        image_service_joined(relation_id=r_id)
+    # TODO: maybe this should be removed as it was added on the initial port.
+    #for r_id in relation_ids('identity-service'):
+    #    keystone_joined(relation_id=r_id)
+    #for r_id in relation_ids('image-service'):
+    #    image_service_joined(relation_id=r_id)
 
 
 def config_changed():
diff --git a/hooks/glance_utils.py b/hooks/glance_utils.py
index aafcc13d..42ebbac7 100755
--- a/hooks/glance_utils.py
+++ b/hooks/glance_utils.py
@@ -27,13 +27,23 @@ TEMPLATES = 'templates/'
 
 CONFIG_FILES = OrderedDict([
     ('/etc/glance/glance-registry.conf', {
-        'hook_contexts': [context.SharedDBContext()],
+        'hook_contexts': [context.SharedDBContext(),
+                          context.IdentityServiceContext()],
         'services': ['glance-registry']
     }),
     ('/etc/glance/glance-api.conf', {
-        'hook_contexts': [context.SharedDBContext()],
+        'hook_contexts': [context.SharedDBContext(),
+                          context.IdentityServiceContext()],
         'services': ['glance-api']
     }),
+    ('/etc/glance/glance-api-paste.ini', {
+        'hook_contexts': [context.IdentityServiceContext()],
+        'services': ['glance-api']
+    }),
+    ('/etc/glance/glance-registry-paste.ini', {
+        'hook_contexts': [context.IdentityServiceContext()],
+        'services': ['glance-registry']
+    }),
 ])
 
 def register_configs():
@@ -44,7 +54,9 @@ def register_configs():
                                           openstack_release='grizzly')
 
     confs = ['/etc/glance/glance-registry.conf',
-             '/etc/glance/glance-api.conf']
+             '/etc/glance/glance-api.conf',
+             '/etc/glance/glance-api-paste.ini',
+             '/etc/glance/glance-registry-paste.ini',]
 
     for conf in confs:
         configs.register(conf, CONFIG_FILES[conf]['hook_contexts'])
diff --git a/templates/essex/glance-api.conf b/templates/essex/glance-api.conf
new file mode 100644
index 00000000..f29f5d34
--- /dev/null
+++ b/templates/essex/glance-api.conf
@@ -0,0 +1,65 @@
+[DEFAULT]
+verbose = True
+debug = True
+default_store = file
+bind_host = 0.0.0.0
+bind_port = 9292
+log_file = /var/log/glance/api.log
+backlog = 4096
+workers = 0
+use_syslog = False
+registry_host = 0.0.0.0
+registry_port = 9191
+registry_client_protocol = http
+notifier_strategy = noop
+rabbit_host = localhost
+rabbit_port = 5672
+rabbit_use_ssl = false
+rabbit_userid = guest
+rabbit_password = guest
+rabbit_virtual_host = /
+rabbit_notification_exchange = glance
+rabbit_notification_topic = glance_notifications
+qpid_notification_exchange = glance
+qpid_notification_topic = glance_notifications
+qpid_host = localhost
+qpid_port = 5672
+qpid_username = 
+qpid_password = 
+qpid_sasl_mechanisms = 
+qpid_reconnect_timeout = 0
+qpid_reconnect_limit = 0
+qpid_reconnect_interval_min = 0
+qpid_reconnect_interval_max = 0
+qpid_reconnect_interval = 0
+qpid_heartbeat = 5
+qpid_protocol = tcp
+qpid_tcp_nodelay = True
+filesystem_store_datadir = /var/lib/glance/images/
+swift_store_auth_version = 2
+swift_store_auth_address = 127.0.0.1:35357/v2.0/
+swift_store_user = jdoe:jdoe
+swift_store_key = a86850deb2742ec3cb41518e26aa2d89
+swift_store_container = glance
+swift_store_create_container_on_put = False
+swift_store_large_object_size = 5120
+swift_store_large_object_chunk_size = 200
+swift_enable_snet = False
+s3_store_host = 127.0.0.1:8080/v1.0/
+s3_store_access_key = <20-char AWS access key>
+s3_store_secret_key = <40-char AWS secret key>
+s3_store_bucket = <lowercased 20-char aws access key>glance
+s3_store_create_bucket_on_put = False
+rbd_store_ceph_conf = /etc/ceph/ceph.conf
+rbd_store_user = glance
+rbd_store_pool = images
+rbd_store_chunk_size = 8
+delayed_delete = False
+scrub_time = 43200
+scrubber_datadir = /var/lib/glance/scrubber
+image_cache_dir = /var/lib/glance/image-cache/
+
+{% if auth_host %}
+[paste_deploy]
+flavor = keystone
+{% endif %}
diff --git a/templates/folsom/glance-api.conf b/templates/folsom/glance-api.conf
index e3570212..59136e19 100644
--- a/templates/folsom/glance-api.conf
+++ b/templates/folsom/glance-api.conf
@@ -74,4 +74,7 @@ admin_tenant_name = %SERVICE_TENANT_NAME%
 admin_user = %SERVICE_USER%
 admin_password = %SERVICE_PASSWORD%
 
+{% if auth_host %}
 [paste_deploy]
+flavor = keystone
+{% endif %}
diff --git a/templates/glance-api-paste.ini b/templates/glance-api-paste.ini
new file mode 100644
index 00000000..67098b30
--- /dev/null
+++ b/templates/glance-api-paste.ini
@@ -0,0 +1,51 @@
+[pipeline:glance-api]
+pipeline = versionnegotiation context apiv1app
+
+[pipeline:glance-api-keystone]
+pipeline = versionnegotiation authtoken context apiv1app
+
+[pipeline:glance-api-caching]
+pipeline = versionnegotiation context cache apiv1app
+
+[pipeline:glance-api-keystone+caching]
+pipeline = versionnegotiation authtoken context cache apiv1app
+
+[pipeline:glance-api-cachemanagement]
+pipeline = versionnegotiation context cache cachemanage apiv1app
+
+[pipeline:glance-api-keystone+cachemanagement]
+pipeline = versionnegotiation authtoken context cache cachemanage apiv1app
+
+[app:apiv1app]
+paste.app_factory = glance.common.wsgi:app_factory
+glance.app_factory = glance.api.v1.router:API
+
+[filter:versionnegotiation]
+paste.filter_factory = glance.common.wsgi:filter_factory
+glance.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter
+
+[filter:cache]
+paste.filter_factory = glance.common.wsgi:filter_factory
+glance.filter_factory = glance.api.middleware.cache:CacheFilter
+
+[filter:cachemanage]
+paste.filter_factory = glance.common.wsgi:filter_factory
+glance.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter
+
+[filter:context]
+paste.filter_factory = glance.common.wsgi:filter_factory
+glance.filter_factory = glance.common.context:ContextMiddleware
+
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+service_protocol = {{ service_protocol }}
+service_host = {{ service_host }}
+service_port = {{ service_port }}
+auth_host = {{ auth_host }}
+auth_port = {{ auth_port }}
+auth_protocol = {{ auth_protocol }}
+auth_uri = http://{{ service_host }}:{{ service_port }}/
+admin_tenant_name = {{ admin_tenant_name }}
+admin_user = {{ admin_user }}
+admin_password = {{ admin_password }}
+admin_token = {{ admin_token }}
diff --git a/templates/glance-registry-paste.ini b/templates/glance-registry-paste.ini
new file mode 100644
index 00000000..81aa76a0
--- /dev/null
+++ b/templates/glance-registry-paste.ini
@@ -0,0 +1,28 @@
+[pipeline:glance-registry]
+pipeline = context registryapp
+
+[pipeline:glance-registry-keystone]
+pipeline = authtoken context registryapp
+
+[app:registryapp]
+paste.app_factory = glance.common.wsgi:app_factory
+glance.app_factory = glance.registry.api.v1:API
+
+[filter:context]
+context_class = glance.registry.context.RequestContext
+paste.filter_factory = glance.common.wsgi:filter_factory
+glance.filter_factory = glance.common.context:ContextMiddleware
+
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+service_protocol = {{ service_protocol }}
+service_host = {{ service_host }}
+service_port = {{ service_port }}
+auth_host = {{ auth_host }}
+auth_port = {{ auth_port }}
+auth_protocol = {{ auth_protocol }}
+auth_uri = http://{{ service_host }}:{{ service_port }}/
+admin_tenant_name = {{ admin_tenant_name }}
+admin_user = {{ admin_user }}
+admin_password = {{ admin_password }}
+admin_token = {{ admin_token }
diff --git a/templates/glance-registry.conf b/templates/glance-registry.conf
index 0912920d..4686b841 100644
--- a/templates/glance-registry.conf
+++ b/templates/glance-registry.conf
@@ -12,3 +12,8 @@ sql_idle_timeout = 3600
 api_limit_max = 1000
 limit_param_default = 25
 use_syslog = False
+
+{% if auth_host %}
+[paste_deploy]
+flavor = keystone
+{% endif %}