diff --git a/ansible/roles/cinder/templates/cinder-wsgi.conf.j2 b/ansible/roles/cinder/templates/cinder-wsgi.conf.j2
index deb4447e73..b467bab02a 100644
--- a/ansible/roles/cinder/templates/cinder-wsgi.conf.j2
+++ b/ansible/roles/cinder/templates/cinder-wsgi.conf.j2
@@ -1,5 +1,5 @@
 {% if cinder_enable_tls_backend | bool %}
-{% if kolla_base_distro in ['centos']  %}
+{% if kolla_base_distro in ['centos', 'rocky']  %}
 LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
 {% else %}
 LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
diff --git a/ansible/roles/heat/templates/wsgi-heat-api-cfn.conf.j2 b/ansible/roles/heat/templates/wsgi-heat-api-cfn.conf.j2
index 8459acf809..27aea0dd07 100644
--- a/ansible/roles/heat/templates/wsgi-heat-api-cfn.conf.j2
+++ b/ansible/roles/heat/templates/wsgi-heat-api-cfn.conf.j2
@@ -1,7 +1,7 @@
 {% set heat_log_dir = '/var/log/kolla/heat' %}
 {% set binary_path = '/var/lib/kolla/venv/bin' %}
 {% if heat_enable_tls_backend | bool %}
-{% if kolla_base_distro in ['centos']  %}
+{% if kolla_base_distro in ['centos', 'rocky']  %}
 LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
 {% else %}
 LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
diff --git a/ansible/roles/heat/templates/wsgi-heat-api.conf.j2 b/ansible/roles/heat/templates/wsgi-heat-api.conf.j2
index 8500ee895e..d197f764a5 100644
--- a/ansible/roles/heat/templates/wsgi-heat-api.conf.j2
+++ b/ansible/roles/heat/templates/wsgi-heat-api.conf.j2
@@ -1,7 +1,7 @@
 {% set heat_log_dir = '/var/log/kolla/heat' %}
 {% set binary_path = '/var/lib/kolla/venv/bin' %}
 {% if heat_enable_tls_backend | bool %}
-{% if kolla_base_distro in ['centos']  %}
+{% if kolla_base_distro in ['centos', 'rocky']  %}
 LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
 {% else %}
 LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
diff --git a/ansible/roles/horizon/templates/horizon.conf.j2 b/ansible/roles/horizon/templates/horizon.conf.j2
index c0e2edb531..3d7aa08ec4 100644
--- a/ansible/roles/horizon/templates/horizon.conf.j2
+++ b/ansible/roles/horizon/templates/horizon.conf.j2
@@ -1,7 +1,7 @@
 {% set python_path = '/var/lib/kolla/venv/lib/python' + distro_python_version + '/site-packages' %}
 
 {% if horizon_enable_tls_backend | bool %}
-{% if kolla_base_distro in ['centos']  %}
+{% if kolla_base_distro in ['centos', 'rocky']  %}
 LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
 {% else %}
 LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
diff --git a/ansible/roles/ironic/templates/ironic-api-wsgi.conf.j2 b/ansible/roles/ironic/templates/ironic-api-wsgi.conf.j2
index 40b0546c8b..7e62ac2c87 100644
--- a/ansible/roles/ironic/templates/ironic-api-wsgi.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-api-wsgi.conf.j2
@@ -1,7 +1,7 @@
 {% set ironic_log_dir = '/var/log/kolla/ironic' %}
 {% set wsgi_directory = '/var/lib/kolla/venv/bin' %}
 {% if ironic_enable_tls_backend | bool %}
-{% if kolla_base_distro in ['centos']  %}
+{% if kolla_base_distro in ['centos', 'rocky']  %}
 LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
 {% else %}
 LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
diff --git a/ansible/roles/ironic/templates/ironic-tftp.json.j2 b/ansible/roles/ironic/templates/ironic-tftp.json.j2
index 46859ef61d..28b394e0cf 100644
--- a/ansible/roles/ironic/templates/ironic-tftp.json.j2
+++ b/ansible/roles/ironic/templates/ironic-tftp.json.j2
@@ -1,4 +1,13 @@
-{% set pxe_dir = ('/var/lib/ironic/tftpboot/grub' if kolla_base_distro in ['ubuntu', 'debian'] else '/var/lib/ironic/tftpboot/EFI/centos') if enable_ironic_pxe_uefi | bool else '/var/lib/ironic/tftpboot/pxelinux.cfg' %}
+{% if enable_ironic_pxe_uefi | bool %}
+  {% if kolla_base_distro in ['debian', 'ubuntu'] %}
+    {% set pxe_dir = '/var/lib/ironic/tftpboot/grub' %}
+  {% elif kolla_base_distro in ['centos', 'rocky'] %}
+    {% set pxe_dir = '/var/lib/ironic/tftpboot/EFI/{{ kolla_base_distro }}' %}
+  {% endif %}
+{% else %}
+  {% set pxe_dir = '/var/lib/ironic/tftpboot/pxelinux.cfg' %}
+{% endif %}
+
 {% set pxe_cfg = 'grub.cfg' if enable_ironic_pxe_uefi | bool else 'default' %}
 
 {
diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
index bdb096167c..5ece77026e 100644
--- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -1,7 +1,7 @@
 {% set keystone_log_dir = '/var/log/kolla/keystone' %}
 {% set binary_path = '/var/lib/kolla/venv/bin' %}
 {% if keystone_enable_tls_backend | bool %}
-{% if kolla_base_distro in ['centos']  %}
+{% if kolla_base_distro in ['centos', 'rocky']  %}
 LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
 {% else %}
 LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
diff --git a/ansible/roles/nova/templates/nova-api-wsgi.conf.j2 b/ansible/roles/nova/templates/nova-api-wsgi.conf.j2
index f75d7ca83e..e84c194960 100644
--- a/ansible/roles/nova/templates/nova-api-wsgi.conf.j2
+++ b/ansible/roles/nova/templates/nova-api-wsgi.conf.j2
@@ -1,7 +1,7 @@
 {% set nova_log_dir = '/var/log/kolla/nova' %}
 {% set wsgi_directory = '/var/lib/kolla/venv/bin' %}
 {% if nova_enable_tls_backend | bool %}
-{% if kolla_base_distro in ['centos']  %}
+{% if kolla_base_distro in ['centos', 'rocky']  %}
 LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
 {% else %}
 LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
diff --git a/ansible/roles/octavia/templates/octavia-wsgi.conf.j2 b/ansible/roles/octavia/templates/octavia-wsgi.conf.j2
index b5e5d1dba8..e3a3a598c9 100644
--- a/ansible/roles/octavia/templates/octavia-wsgi.conf.j2
+++ b/ansible/roles/octavia/templates/octavia-wsgi.conf.j2
@@ -1,6 +1,6 @@
 {% set wsgi_directory = '/var/lib/kolla/venv/bin' %}
 {% if octavia_enable_tls_backend | bool %}
-{% if kolla_base_distro in ['centos']  %}
+{% if kolla_base_distro in ['centos', 'rocky']  %}
 LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
 {% else %}
 LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
diff --git a/ansible/roles/placement/templates/placement-api-wsgi.conf.j2 b/ansible/roles/placement/templates/placement-api-wsgi.conf.j2
index 37fece7bb1..2f2a9dc913 100644
--- a/ansible/roles/placement/templates/placement-api-wsgi.conf.j2
+++ b/ansible/roles/placement/templates/placement-api-wsgi.conf.j2
@@ -1,7 +1,7 @@
 {% set log_dir = '/var/log/kolla/placement' %}
 {% set wsgi_directory = '/var/lib/kolla/venv/bin' %}
 {% if placement_enable_tls_backend | bool %}
-{% if kolla_base_distro in ['centos']  %}
+{% if kolla_base_distro in ['centos', 'rocky']  %}
 LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
 {% else %}
 LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
diff --git a/tests/templates/globals-default.j2 b/tests/templates/globals-default.j2
index 19b8c9cac2..c71bbff2c8 100644
--- a/tests/templates/globals-default.j2
+++ b/tests/templates/globals-default.j2
@@ -141,10 +141,10 @@ kolla_enable_tls_external: "yes"
 kolla_enable_tls_internal: "yes"
 kolla_copy_ca_into_containers: "yes"
 kolla_enable_tls_backend: "yes"
-{% if base_distro == "ubuntu" or base_distro == "debian" %}
+{% if base_distro in ["debian", "ubuntu"] %}
 openstack_cacert: "/etc/ssl/certs/ca-certificates.crt"
 {% endif %}
-{% if base_distro == "centos" %}
+{% if base_distro in ["centos", "rocky"] %}
 openstack_cacert: "/etc/pki/tls/certs/ca-bundle.crt"
 {% endif %}
 kolla_admin_openrc_cacert: "{% raw %}{{ kolla_certificates_dir }}{% endraw %}/ca/root.crt"