diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 4e70263ed2..36b7eb4499 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -452,6 +452,12 @@ keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keyston
 keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}"
 keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}"
 
+default_project_domain_name: "Default"
+default_project_domain_id: "default"
+
+default_user_domain_name: "Default"
+default_user_domain_id: "default"
+
 # Valid options are [ uuid, fernet ]
 keystone_token_provider: "uuid"
 fernet_token_expiry: 86400
diff --git a/ansible/roles/aodh/templates/aodh.conf.j2 b/ansible/roles/aodh/templates/aodh.conf.j2
index f93d717afd..4355cf4ee2 100644
--- a/ansible/roles/aodh/templates/aodh.conf.j2
+++ b/ansible/roles/aodh/templates/aodh.conf.j2
@@ -20,9 +20,9 @@ memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
 memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
-project_domain_name = default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = default
+user_domain_name = {{ default_user_domain_name }}
 username = {{ aodh_keystone_user }}
 password = {{ aodh_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -35,6 +35,6 @@ region_name = {{ openstack_region_name }}
 password = {{ aodh_keystone_password }}
 username = {{ aodh_keystone_user }}
 project_name = service
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 auth_type = password
diff --git a/ansible/roles/barbican/templates/barbican.conf.j2 b/ansible/roles/barbican/templates/barbican.conf.j2
index 343cb6b4db..33867fd14a 100644
--- a/ansible/roles/barbican/templates/barbican.conf.j2
+++ b/ansible/roles/barbican/templates/barbican.conf.j2
@@ -49,9 +49,9 @@ enable = True
 
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
-project_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
 project_name = service
-user_domain_id = default
+user_domain_id = {{ default_user_domain_id }}
 username = {{ barbican_keystone_user }}
 password = {{ barbican_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -71,6 +71,6 @@ region_name = {{ openstack_region_name }}
 password = {{ barbican_keystone_password }}
 username = {{ barbican_keystone_user }}
 project_name = service
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 auth_type = password
diff --git a/ansible/roles/ceilometer/templates/ceilometer.conf.j2 b/ansible/roles/ceilometer/templates/ceilometer.conf.j2
index 52b6614ffe..2bcf8e9591 100644
--- a/ansible/roles/ceilometer/templates/ceilometer.conf.j2
+++ b/ansible/roles/ceilometer/templates/ceilometer.conf.j2
@@ -36,9 +36,9 @@ metering_connection = mysql+pymysql://{{ ceilometer_database_user }}:{{ ceilomet
 
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
-project_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = Default
+user_domain_name = {{ default_user_domain_name }}
 username = {{ ceilometer_keystone_user }}
 password = {{ ceilometer_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -55,8 +55,8 @@ region_name = {{ openstack_region_name }}
 password = {{ ceilometer_keystone_password }}
 username = {{ ceilometer_keystone_user }}
 project_name = service
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 auth_type = password
 interface = internal
 
diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2
index 44803fc4d0..b5109d4d4a 100644
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@@ -82,8 +82,8 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ cinder_keystone_user }}
 password = {{ cinder_keystone_password }}
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
index 843fd2c672..90b121f8f7 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
@@ -13,8 +13,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ cloudkitty_keystone_user }}
 password = {{ cloudkitty_keystone_password }}
diff --git a/ansible/roles/congress/templates/congress.conf.j2 b/ansible/roles/congress/templates/congress.conf.j2
index c5b3734167..b2a10c3444 100644
--- a/ansible/roles/congress/templates/congress.conf.j2
+++ b/ansible/roles/congress/templates/congress.conf.j2
@@ -32,8 +32,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ congress_keystone_user }}
 password = {{ congress_keystone_password }}
diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2
index 68e163889d..402c4de5f8 100644
--- a/ansible/roles/designate/templates/designate.conf.j2
+++ b/ansible/roles/designate/templates/designate.conf.j2
@@ -20,8 +20,8 @@ workers = {{ openstack_service_workers }}
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ designate_keystone_user }}
 password = {{ designate_keystone_password }}
diff --git a/ansible/roles/freezer/templates/freezer-api.conf.j2 b/ansible/roles/freezer/templates/freezer-api.conf.j2
index 2d2cf122c6..8c082e67e8 100644
--- a/ansible/roles/freezer/templates/freezer-api.conf.j2
+++ b/ansible/roles/freezer/templates/freezer-api.conf.j2
@@ -12,8 +12,8 @@ bind_port = {{ freezer_api_port }}
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ freezer_keystone_user }}
 password = {{ freezer_keystone_password }}
diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2
index bf7b1ef4df..de565d7898 100644
--- a/ansible/roles/glance/templates/glance-api.conf.j2
+++ b/ansible/roles/glance/templates/glance-api.conf.j2
@@ -36,8 +36,8 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ glance_keystone_user }}
 password = {{ glance_keystone_password }}
diff --git a/ansible/roles/glance/templates/glance-registry.conf.j2 b/ansible/roles/glance/templates/glance-registry.conf.j2
index 7b2259982c..1e90941850 100644
--- a/ansible/roles/glance/templates/glance-registry.conf.j2
+++ b/ansible/roles/glance/templates/glance-registry.conf.j2
@@ -23,8 +23,8 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ glance_keystone_user }}
 password = {{ glance_keystone_password }}
diff --git a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 b/ansible/roles/gnocchi/templates/gnocchi.conf.j2
index 0910123fcb..835e063ca9 100644
--- a/ansible/roles/gnocchi/templates/gnocchi.conf.j2
+++ b/ansible/roles/gnocchi/templates/gnocchi.conf.j2
@@ -32,9 +32,9 @@ url = mysql+pymysql://{{ gnocchi_database_user }}:{{ gnocchi_database_password }
 
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
-project_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
 project_name = service
-user_domain_id = default
+user_domain_id = {{ default_user_domain_id }}
 username = {{ gnocchi_keystone_user }}
 password = {{ gnocchi_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2
index 0260ca4093..c58b0a7a3d 100644
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@@ -44,8 +44,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ heat_keystone_user }}
 password = {{ heat_keystone_password }}
@@ -70,7 +70,7 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-user_domain_id = default
+user_domain_id = {{ default_user_domain_id }}
 username = {{ heat_keystone_user }}
 password = {{ heat_keystone_password }}
 
diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
index 5ecdbd40b0..5b93100fe6 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
@@ -16,8 +16,8 @@ auth_url = {{ keystone_admin_url }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ ironic_inspector_keystone_user }}
 password = {{ ironic_inspector_keystone_password }}
@@ -31,8 +31,8 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ ironic_inspector_keystone_user }}
 password = {{ ironic_inspector_keystone_password }}
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index 4b91decbbb..db92ebd6cf 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -44,8 +44,8 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ ironic_keystone_user }}
 password = {{ ironic_keystone_password }}
diff --git a/ansible/roles/karbor/templates/karbor.conf.j2 b/ansible/roles/karbor/templates/karbor.conf.j2
index d9d86133b9..fa54d41422 100644
--- a/ansible/roles/karbor/templates/karbor.conf.j2
+++ b/ansible/roles/karbor/templates/karbor.conf.j2
@@ -14,7 +14,7 @@ connection = mysql+pymysql://{{ karbor_database_user }}:{{ karbor_database_passw
 max_retries = -1
 
 [trustee]
-user_domain_id = default
+user_domain_id = {{ default_user_domain_id }}
 username = {{ karbor_keystone_user }}
 password = {{ karbor_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -31,10 +31,10 @@ service_name = karbor
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
-project_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ karbor_keystone_user }}
 password = {{ karbor_keystone_password }}
diff --git a/ansible/roles/kuryr/templates/kuryr.conf.j2 b/ansible/roles/kuryr/templates/kuryr.conf.j2
index 04b94a0ec9..31eee0fd98 100644
--- a/ansible/roles/kuryr/templates/kuryr.conf.j2
+++ b/ansible/roles/kuryr/templates/kuryr.conf.j2
@@ -13,10 +13,10 @@ driver = kuryr.lib.binding.drivers.veth
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = Default
-project_domain_id = default
-user_domain_id = default
+user_domain_name = {{ default_user_domain_name }}
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 password = {{ kuryr_keystone_password }}
 username = {{ kuryr_keystone_user }}
diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2
index 46e715f1ff..8443511cb7 100644
--- a/ansible/roles/magnum/templates/magnum.conf.j2
+++ b/ansible/roles/magnum/templates/magnum.conf.j2
@@ -46,8 +46,8 @@ endpoint_type = internalURL
 
 [keystone_auth]
 auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
-user_domain_name = Default
-project_domain_name = Default
+user_domain_name = {{ default_user_domain_name }}
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
 password = {{ magnum_keystone_password }}
 username = {{ magnum_keystone_user }}
@@ -58,8 +58,8 @@ auth_version = v3
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_name = Default
-user_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
+user_domain_name = {{ default_user_domain_name }}
 project_name = service
 username = {{ magnum_keystone_user }}
 password = {{ magnum_keystone_password }}
diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2
index 22eb4058a1..332143069f 100644
--- a/ansible/roles/manila/templates/manila-share.conf.j2
+++ b/ansible/roles/manila/templates/manila-share.conf.j2
@@ -9,8 +9,8 @@ default_share_type = default_share_type
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
 project_name = service
@@ -25,8 +25,8 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
 project_name = service
@@ -42,8 +42,8 @@ url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port
 uth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
 project_name = service
diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2
index fa79fe4929..e95565ea55 100644
--- a/ansible/roles/manila/templates/manila.conf.j2
+++ b/ansible/roles/manila/templates/manila.conf.j2
@@ -30,8 +30,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ manila_keystone_user }}
 password = {{ manila_keystone_password }}
diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2
index bb66b8c7bb..6c409a065d 100644
--- a/ansible/roles/mistral/templates/mistral.conf.j2
+++ b/ansible/roles/mistral/templates/mistral.conf.j2
@@ -24,8 +24,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ mistral_keystone_user }}
 password = {{ mistral_keystone_password }}
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index 2980f3c41b..6f06e4c100 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -58,8 +58,8 @@ external_dns_driver = designate
 [nova]
 auth_url = {{ keystone_admin_url }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 region_name = {{ openstack_region_name }}
 project_name = service
 username = {{ nova_keystone_user }}
@@ -80,8 +80,8 @@ max_retries = -1
 auth_uri = {{ keystone_internal_url }}
 auth_url = {{ keystone_admin_url }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ neutron_keystone_user }}
 password = {{ neutron_keystone_password }}
@@ -120,8 +120,8 @@ url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ designate_keystone_user }}
 password = {{ designate_keystone_password }}
diff --git a/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2 b/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2
index fbdf92857b..c76bfd81f7 100644
--- a/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2
+++ b/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2
@@ -27,8 +27,8 @@ auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_po
 project_name = service
 username = {{ placement_keystone_user }}
 password = {{ placement_keystone_password }}
-project_domain_name = default
-user_domain_name = default
+project_domain_name = {{ default_project_domain_name }}
+user_domain_name = {{ default_user_domain_name }}
 os_region_name = {{ openstack_region_name }}
 
 [glance]
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index 83d592291a..e831fcce54 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -104,8 +104,8 @@ auth_url = {{ openstack_auth.auth_url }}/v3
 {% endif %}
 auth_type = password
 project_name = service
-user_domain_name = default
-project_domain_name = default
+user_domain_name = {{ default_user_domain_name }}
+project_domain_name = {{ default_project_domain_name }}
 {% if orchestration_engine != 'KUBERNETES' %}
 api_endpoint = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}/v1
 {% else %}
@@ -138,8 +138,8 @@ service_metadata_proxy = true
 
 auth_url = {{ keystone_admin_url }}
 auth_type = password
-project_domain_name = default
-user_domain_id = default
+project_domain_name = {{ default_project_domain_name }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ neutron_keystone_user }}
 password = {{ neutron_keystone_password }}
@@ -169,8 +169,8 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ nova_keystone_user }}
 password = {{ nova_keystone_password }}
@@ -236,9 +236,9 @@ auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_po
 {% endif %}
 username = {{ placement_keystone_user }}
 password = {{ placement_keystone_password }}
-user_domain_name = default
+user_domain_name = {{ default_user_domain_name }}
 project_name = service
-project_domain_name = default
+project_domain_name = {{ default_project_domain_name }}
 os_region_name = {{ openstack_region_name }}
 os_interface = internal
 
diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2
index 6c33e84589..e18fccd1b6 100644
--- a/ansible/roles/octavia/templates/octavia.conf.j2
+++ b/ansible/roles/octavia/templates/octavia.conf.j2
@@ -28,9 +28,9 @@ auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin
 auth_type = password
 username = {{ openstack_auth.username }}
 password = {{ keystone_admin_password }}
-user_domain_name = Default
+user_domain_name = {{ default_user_domain_name }}
 project_name = {{ openstack_auth.project_name }}
-project_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
 
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/panko/templates/panko.conf.j2 b/ansible/roles/panko/templates/panko.conf.j2
index 74e2157c6f..b6d0643b02 100644
--- a/ansible/roles/panko/templates/panko.conf.j2
+++ b/ansible/roles/panko/templates/panko.conf.j2
@@ -15,9 +15,9 @@ metering_connection = mysql+pymysql://{{ panko_database_user }}:{{ panko_databas
 
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
-project_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = Default
+user_domain_name = {{ default_user_domain_name }}
 username = {{ panko_keystone_user }}
 password = {{ panko_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
diff --git a/ansible/roles/sahara/templates/sahara.conf.j2 b/ansible/roles/sahara/templates/sahara.conf.j2
index 2dc715586e..62ade771f0 100644
--- a/ansible/roles/sahara/templates/sahara.conf.j2
+++ b/ansible/roles/sahara/templates/sahara.conf.j2
@@ -16,9 +16,9 @@ connection = mysql+pymysql://{{ sahara_database_user }}:{{ sahara_database_passw
 
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
-project_domain_name = default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = default
+user_domain_name = {{ default_user_domain_name }}
 username = {{ sahara_keystone_user }}
 password = {{ sahara_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -41,8 +41,8 @@ region_name = {{ openstack_region_name }}
 password = {{ sahara_keystone_password }}
 username = {{ sahara_keystone_user }}
 project_name = service
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 auth_type = password
 
 [oslo_messaging_notifications]
diff --git a/ansible/roles/searchlight/templates/searchlight.conf.j2 b/ansible/roles/searchlight/templates/searchlight.conf.j2
index cf66c005df..2638707133 100644
--- a/ansible/roles/searchlight/templates/searchlight.conf.j2
+++ b/ansible/roles/searchlight/templates/searchlight.conf.j2
@@ -25,9 +25,9 @@ flavor = keystone
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
-project_domain_name = default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = default
+user_domain_name = {{ default_user_domain_name }}
 username = {{ searchlight_keystone_user }}
 password = {{ searchlight_keystone_password }}
 auth_type = password
diff --git a/ansible/roles/senlin/templates/senlin.conf.j2 b/ansible/roles/senlin/templates/senlin.conf.j2
index a9f9d5b724..0c116cbe46 100644
--- a/ansible/roles/senlin/templates/senlin.conf.j2
+++ b/ansible/roles/senlin/templates/senlin.conf.j2
@@ -32,8 +32,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ senlin_keystone_user }}
 password = {{ senlin_keystone_password }}
diff --git a/ansible/roles/solum/templates/solum.conf.j2 b/ansible/roles/solum/templates/solum.conf.j2
index 894eb945bd..7ecd449265 100644
--- a/ansible/roles/solum/templates/solum.conf.j2
+++ b/ansible/roles/solum/templates/solum.conf.j2
@@ -45,8 +45,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ solum_keystone_user }}
 password = {{ solum_keystone_password }}
diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2
index b4044155ec..117f54ed60 100644
--- a/ansible/roles/swift/templates/proxy-server.conf.j2
+++ b/ansible/roles/swift/templates/proxy-server.conf.j2
@@ -35,8 +35,8 @@ paste.filter_factory = keystonemiddleware.auth_token:filter_factory
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ swift_keystone_user }}
 password = {{ swift_keystone_password }}
diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2
index 2a126912c3..1dde691233 100644
--- a/ansible/roles/tacker/templates/tacker.conf.j2
+++ b/ansible/roles/tacker/templates/tacker.conf.j2
@@ -26,8 +26,8 @@ alarm_monitor_driver = ceilometer
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ nova_keystone_user }}
 password = {{ nova_keystone_password }}
@@ -42,8 +42,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ tacker_keystone_user }}
 password = {{ tacker_keystone_password }}
diff --git a/ansible/roles/trove/templates/trove.conf.j2 b/ansible/roles/trove/templates/trove.conf.j2
index 7280922045..3ebe97afdb 100644
--- a/ansible/roles/trove/templates/trove.conf.j2
+++ b/ansible/roles/trove/templates/trove.conf.j2
@@ -28,9 +28,9 @@ connection = mysql+pymysql://{{ trove_database_user }}:{{ trove_database_passwor
 
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
-project_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = Default
+user_domain_name = {{ default_user_domain_name }}
 username = {{ trove_keystone_user }}
 password = {{ trove_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
diff --git a/ansible/roles/watcher/templates/watcher.conf.j2 b/ansible/roles/watcher/templates/watcher.conf.j2
index 62cd15a5a3..60411b78d2 100644
--- a/ansible/roles/watcher/templates/watcher.conf.j2
+++ b/ansible/roles/watcher/templates/watcher.conf.j2
@@ -19,8 +19,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ watcher_keystone_user }}
 password = {{ watcher_keystone_password }}
@@ -33,8 +33,8 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ watcher_keystone_user }}
 password = {{ watcher_keystone_password }}
diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2
index 2901860a55..df1e9c38ba 100644
--- a/ansible/roles/zun/templates/zun.conf.j2
+++ b/ansible/roles/zun/templates/zun.conf.j2
@@ -31,8 +31,8 @@ service_name = zun
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ zun_keystone_user }}
 password = {{ zun_keystone_password }}
@@ -45,8 +45,8 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ zun_keystone_user }}
 password = {{ zun_keystone_password }}
@@ -60,8 +60,8 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ zun_keystone_user }}
 password = {{ zun_keystone_password }}
@@ -73,8 +73,8 @@ api_version = 2
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ zun_keystone_user }}
 password = {{ zun_keystone_password }}