diff --git a/elements/glance-api/README.md b/elements/glance-api/README.md
deleted file mode 100644
index a2c4f4d5..00000000
--- a/elements/glance-api/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-Installs the Glance API Service from github.
-
diff --git a/elements/glance-api/element-deps b/elements/glance-api/element-deps
deleted file mode 100644
index 2167c86f..00000000
--- a/elements/glance-api/element-deps
+++ /dev/null
@@ -1 +0,0 @@
-os-svc-install
diff --git a/elements/glance-api/install.d/05-glance-api b/elements/glance-api/install.d/05-glance-api
deleted file mode 100755
index 0e29a7cb..00000000
--- a/elements/glance-api/install.d/05-glance-api
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-set -eux
-
-os-svc-install -n glance-api -u glance -r https://github.com/openstack/glance.git -c "/opt/stack/glance/bin/glance-api"
diff --git a/elements/glance/README.md b/elements/glance/README.md
new file mode 100644
index 00000000..f808598c
--- /dev/null
+++ b/elements/glance/README.md
@@ -0,0 +1 @@
+Installs glance service from git.
diff --git a/elements/glance/element-deps b/elements/glance/element-deps
new file mode 100644
index 00000000..4ee9e862
--- /dev/null
+++ b/elements/glance/element-deps
@@ -0,0 +1,3 @@
+os-svc-install
+os-refresh-config
+os-config-applier
diff --git a/elements/glance/install.d/75-glance b/elements/glance/install.d/75-glance
new file mode 100755
index 00000000..e779c3f0
--- /dev/null
+++ b/elements/glance/install.d/75-glance
@@ -0,0 +1,13 @@
+#!/bin/bash
+set -eux
+
+# TODO: use trunk instead of folsom
+# trunk glance currently results in CRITICAL 'duplicate config entry log-format' errors:
+#    https://bugs.launchpad.net/ubuntu/+source/python-glanceclient/+bug/1131327
+os-svc-install -n glance -u glance -r https://github.com/openstack/glance.git -b stable/folsom
+
+mkdir -p /var/lib/glance/images && chown -R glance:glance /var/lib/glance/images
+os-svc-daemon glance-api glance glance-api "--debug --log-config /etc/glance/logging.conf"
+os-svc-daemon glance-reg glance glance-registry "--debug --log-config /etc/glance/logging.conf"
+
+install -m 0755 -o glance -g glance -d /var/log/glance
diff --git a/elements/glance/os-config-applier/etc/glance/glance-api-paste.ini b/elements/glance/os-config-applier/etc/glance/glance-api-paste.ini
new file mode 100644
index 00000000..811fe5d1
--- /dev/null
+++ b/elements/glance/os-config-applier/etc/glance/glance-api-paste.ini
@@ -0,0 +1,62 @@
+# Use this pipeline for no auth or image caching - DEFAULT
+[pipeline:glance-api]
+pipeline = versionnegotiation unauthenticated-context rootapp
+
+# Use this pipeline for image caching and no auth
+[pipeline:glance-api-caching]
+pipeline = versionnegotiation unauthenticated-context cache rootapp
+
+# Use this pipeline for caching w/ management interface but no auth
+[pipeline:glance-api-cachemanagement]
+pipeline = versionnegotiation unauthenticated-context cache cachemanage rootapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-api-keystone]
+pipeline = versionnegotiation authtoken context rootapp
+
+# Use this pipeline for keystone auth with image caching
+[pipeline:glance-api-keystone+caching]
+pipeline = versionnegotiation authtoken context cache rootapp
+
+# Use this pipeline for keystone auth with caching and cache management
+[pipeline:glance-api-keystone+cachemanagement]
+pipeline = versionnegotiation authtoken context cache cachemanage rootapp
+
+[composite:rootapp]
+paste.composite_factory = glance.api:root_app_factory
+/: apiversions
+/v1: apiv1app
+/v2: apiv2app
+
+[app:apiversions]
+paste.app_factory = glance.api.versions:create_resource
+
+[app:apiv1app]
+paste.app_factory = glance.api.v1.router:API.factory
+
+[app:apiv2app]
+paste.app_factory = glance.api.v2.router:API.factory
+
+[filter:versionnegotiation]
+paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
+
+[filter:cache]
+paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
+
+[filter:cachemanage]
+paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+auth_host = {{keystone.host}}
+auth_port = 35357
+auth_protocol = http
+admin_tenant_name = service
+admin_user = glance
+admin_password = {{service-password}}
diff --git a/elements/glance/os-config-applier/etc/glance/glance-api.conf b/elements/glance/os-config-applier/etc/glance/glance-api.conf
new file mode 100644
index 00000000..33a36393
--- /dev/null
+++ b/elements/glance/os-config-applier/etc/glance/glance-api.conf
@@ -0,0 +1,77 @@
+[DEFAULT]
+debug = True
+
+default_store = file
+
+bind_host = 0.0.0.0
+bind_port = 9292
+
+log_file = /var/log/glance/api.log
+
+sql_connection = {{glance.db}}
+
+workers = 1
+
+
+registry_host = 0.0.0.0
+registry_port = 9191
+notifier_strategy = noop
+
+rabbit_host = {{rabbit.host}}
+rabbit_port = 5672
+rabbit_use_ssl = false
+rabbit_userid = guest
+rabbit_password = {{rabbit.password}}
+rabbit_virtual_host = /
+rabbit_notification_exchange = glance
+rabbit_notification_topic = notifications
+rabbit_durable_queues = False
+
+# Configuration options if sending notifications via Qpid (these are
+# the defaults)
+qpid_notification_exchange = glance
+qpid_notification_topic = notifications
+qpid_host = localhost
+qpid_port = 5672
+qpid_username =
+qpid_password =
+qpid_sasl_mechanisms =
+qpid_reconnect_timeout = 0
+qpid_reconnect_limit = 0
+qpid_reconnect_interval_min = 0
+qpid_reconnect_interval_max = 0
+qpid_reconnect_interval = 0
+qpid_heartbeat = 5
+# Set to 'ssl' to enable SSL
+qpid_protocol = tcp
+qpid_tcp_nodelay = True
+
+filesystem_store_datadir = /var/lib/glance/images/
+
+swift_store_auth_version = 2
+swift_store_auth_address = {{keystone.host}}:5000/v2.0/
+
+swift_store_user = {{swift.store_user}}
+swift_store_key = {{swift.store_key}}
+swift_store_container = glance
+swift_store_create_container_on_put = False
+swift_store_large_object_size = 5120
+swift_store_large_object_chunk_size = 200
+swift_enable_snet = False
+
+delayed_delete = False
+scrub_time = 43200
+scrubber_datadir = /var/lib/glance/scrubber
+
+image_cache_dir = /var/lib/glance/image-cache/
+
+[keystone_authtoken]
+auth_host = {{keystone.host}}
+auth_port = 35357
+auth_protocol = http
+admin_tenant_name = service
+admin_user = glance
+admin_password = {{service-password}}
+
+[paste_deploy]
+flavor = keystone
diff --git a/elements/glance/os-config-applier/etc/glance/glance-cache.conf b/elements/glance/os-config-applier/etc/glance/glance-cache.conf
new file mode 100644
index 00000000..164d03fe
--- /dev/null
+++ b/elements/glance/os-config-applier/etc/glance/glance-cache.conf
@@ -0,0 +1,26 @@
+[DEFAULT]
+log_file = /var/log/glance/image-cache.log
+image_cache_dir = /var/lib/glance/image-cache/
+image_cache_stall_time = 86400
+image_cache_invalid_entry_grace_period = 3600
+image_cache_max_size = 10737418240
+
+registry_host = 0.0.0.0
+registry_port = 9191
+
+filesystem_store_datadir = /var/lib/glance/images/
+swift_store_auth_version = 2
+swift_store_auth_address = 127.0.0.1:5000/v2.0/
+swift_store_user = jdoe:jdoe
+swift_store_key = a86850deb2742ec3cb41518e26aa2d89
+swift_store_container = glance
+swift_store_create_container_on_put = False
+swift_store_large_object_size = 5120
+swift_store_large_object_chunk_size = 200
+swift_enable_snet = False
+
+s3_store_host = 127.0.0.1:8080/v1.0/
+s3_store_access_key = <20-char AWS access key>
+s3_store_secret_key = <40-char AWS secret key>
+s3_store_bucket = <lowercased 20-char aws access key>glance
+s3_store_create_bucket_on_put = False
diff --git a/elements/glance/os-config-applier/etc/glance/glance-registry-paste.ini b/elements/glance/os-config-applier/etc/glance/glance-registry-paste.ini
new file mode 100644
index 00000000..dfbb7136
--- /dev/null
+++ b/elements/glance/os-config-applier/etc/glance/glance-registry-paste.ini
@@ -0,0 +1,25 @@
+# Use this pipeline for no auth - DEFAULT
+[pipeline:glance-registry]
+pipeline = unauthenticated-context registryapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-registry-keystone]
+pipeline = authtoken context registryapp
+
+[app:registryapp]
+paste.app_factory = glance.registry.api.v1:API.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+auth_host = {{keystone.host}}
+auth_port = 35357
+auth_protocol = http
+admin_tenant_name = service
+admin_user = glance
+admin_password = {{service-password}}
diff --git a/elements/glance/os-config-applier/etc/glance/glance-registry.conf b/elements/glance/os-config-applier/etc/glance/glance-registry.conf
new file mode 100644
index 00000000..e8745f22
--- /dev/null
+++ b/elements/glance/os-config-applier/etc/glance/glance-registry.conf
@@ -0,0 +1,23 @@
+[DEFAULT]
+bind_host = 0.0.0.0
+bind_port = 9191
+
+log_file = /var/log/glance/registry.log
+backlog = 4096
+
+sql_connection = {{glance.db}}
+sql_idle_timeout = 3600
+
+api_limit_max = 1000
+limit_param_default = 25
+
+[keystone_authtoken]
+auth_host = {{keystone.host}}
+auth_port = 35357
+auth_protocol = http
+admin_tenant_name = service
+admin_user = glance
+admin_password = {{service-password}}
+
+[paste_deploy]
+flavor = keystone
diff --git a/elements/glance/os-config-applier/etc/glance/glance-scrubber.conf b/elements/glance/os-config-applier/etc/glance/glance-scrubber.conf
new file mode 100644
index 00000000..c986f32c
--- /dev/null
+++ b/elements/glance/os-config-applier/etc/glance/glance-scrubber.conf
@@ -0,0 +1,35 @@
+[DEFAULT]
+# Show more verbose log output (sets INFO log level output)
+#verbose = False
+
+# Show debugging output in logs (sets DEBUG log level output)
+#debug = False
+
+# Log to this file. Make sure you do not set the same log
+# file for both the API and registry servers!
+log_file = /var/log/glance/scrubber.log
+
+# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
+#use_syslog = False
+
+# Should we run our own loop or rely on cron/scheduler to run us
+daemon = False
+
+# Loop time between checking for new items to schedule for delete
+wakeup_time = 300
+
+# Directory that the scrubber will use to remind itself of what to delete
+# Make sure this is also set in glance-api.conf
+scrubber_datadir = /var/lib/glance/scrubber
+
+# Only one server in your deployment should be designated the cleanup host
+cleanup_scrubber = False
+
+# pending_delete items older than this time are candidates for cleanup
+cleanup_scrubber_time = 86400
+
+# Address to find the registry server for cleanups
+registry_host = 0.0.0.0
+
+# Port the registry server is listening on
+registry_port = 9191
diff --git a/elements/glance/os-config-applier/etc/glance/logging.conf b/elements/glance/os-config-applier/etc/glance/logging.conf
new file mode 100644
index 00000000..8e68e2f9
--- /dev/null
+++ b/elements/glance/os-config-applier/etc/glance/logging.conf
@@ -0,0 +1,52 @@
+[loggers]
+keys=root,api,registry,combined
+
+[formatters]
+keys=normal,normal_with_name,debug
+
+[handlers]
+keys=production,devel
+
+[logger_root]
+level=NOTSET
+handlers=devel
+
+[logger_glance]
+level=INFO
+handlers=devel
+
+[logger_api]
+level=DEBUG
+handlers=devel
+qualname=api
+
+[logger_registry]
+level=DEBUG
+handlers=devel
+qualname=glance-registry
+
+[logger_combined]
+level=DEBUG
+handlers=devel
+qualname=glance-combined
+
+[handler_production]
+class=handlers.SysLogHandler
+level=ERROR
+formatter=normal_with_name
+args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
+
+[handler_devel]
+class=StreamHandler
+level=NOTSET
+formatter=debug
+args=(sys.stdout,)
+
+[formatter_normal]
+format=%(asctime)s %(levelname)s %(message)s
+
+[formatter_normal_with_name]
+format=(%(name)s): %(asctime)s %(levelname)s %(message)s
+
+[formatter_debug]
+format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s 
diff --git a/elements/glance/os-config-applier/etc/glance/policy.json b/elements/glance/os-config-applier/etc/glance/policy.json
new file mode 100644
index 00000000..30ef83cf
--- /dev/null
+++ b/elements/glance/os-config-applier/etc/glance/policy.json
@@ -0,0 +1,4 @@
+{
+    "default": "",
+    "manage_image_cache": "role:admin"
+}
diff --git a/elements/glance/os-config-applier/etc/glance/schema-image.json b/elements/glance/os-config-applier/etc/glance/schema-image.json
new file mode 100644
index 00000000..01de2a97
--- /dev/null
+++ b/elements/glance/os-config-applier/etc/glance/schema-image.json
@@ -0,0 +1,16 @@
+{
+    "kernel_id": {
+        "type": "string",
+        "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
+        "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image."
+    },
+    "ramdisk_id": {
+        "type": "string",
+        "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
+        "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image."
+    },
+    "instance_uuid": {
+        "type": "string",
+        "description": "ID of instance used to create this image."
+    }
+}
diff --git a/elements/glance/os-refresh-config/post-configure.d/75-glance b/elements/glance/os-refresh-config/post-configure.d/75-glance
new file mode 100755
index 00000000..eb548a05
--- /dev/null
+++ b/elements/glance/os-refresh-config/post-configure.d/75-glance
@@ -0,0 +1,5 @@
+#!/bin/bash
+set -eu
+
+service glance-api restart
+service glance-reg restart