diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 0d0100d8a2..1c09a33830 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -1,7 +1,5 @@
 ---
-# The options in this file can be overridden in 'globals.yml', but typically
-# shouldn't be modified. A comment describing why the option exists should be
-# included before each option.
+# The options in this file can be overridden in 'globals.yml'
 
 # Ansible Docker module bug. This can be removed when Ansible 2.0 arrives
 # https://github.com/ansible/ansible-modules-core/issues/1227
@@ -19,10 +17,57 @@ node_templates_directory: "/usr/share/kolla/templates"
 # The directory to store the config files on the destination node
 node_config_directory: "/opt/kolla/config"
 
-# All services have ports that need to be referenced on a global scale between
-# the different services. This prevents setting the ports in the defaults for
-# each role.
+###################
+# Kolla options
+###################
+# Valid options are [ CONFIG_EXTERNAL_COPY_ONCE, CONFIG_EXTERNAL_COPY_ALWAYS ]
+config_strategy: "CONFIG_EXTERNAL_COPY_ONCE"
 
+# Valid options are [ centos, fedora, oraclelinux, ubuntu ]
+kolla_base_distro: "centos"
+# Valid options are [ binary, source ]
+kolla_install_type: "binary"
+
+# Value set in the public_url endpoint in Keystone
+kolla_external_address: "{{ kolla_internal_address }}"
+
+
+####################
+# Database options
+####################
+database_address: "{{ kolla_internal_address }}"
+database_user: "root"
+
+
+####################
+# Docker options
+####################
+docker_registry:
+docker_namespace: "kollaglue"
+docker_registry_username:
+docker_insecure_registry: "False"
+
+# Valid options are [ missing, always ]
+docker_pull_policy: "always"
+
+# Valid options are [ no, on-failure, always ]
+docker_restart_policy: "always"
+
+# '0' means unlimited retries
+docker_restart_policy_retry: "10"
+
+
+####################
+# Networking options
+####################
+api_interface: "{{ network_interface }}"
+storage_interface: "{{ network_interface }}"
+tunnel_interface: "{{ network_interface }}"
+
+# Valid options are [ openvswitch, linuxbridge ]
+neutron_plugin_agent: "openvswitch"
+
+# The default ports used by each service.
 mariadb_port: "3306"
 mariadb_wsrep_port: "4567"
 mariadb_ist_port: "4568"
@@ -47,18 +92,17 @@ neutron_server_port: "9696"
 
 cinder_api_port: "8776"
 
-# These roles are required for Kolla to be operation, however a savvy deployer
-# could disable some of these required roles and run thier own services.
-enable_glance: "yes"
-enable_haproxy: "yes"
-enable_keystone: "yes"
-enable_mariadb: "yes"
-enable_neutron: "yes"
-enable_nova: "yes"
-enable_rabbitmq: "yes"
 
+####################
+# Openstack options
+####################
+openstack_release: "latest"
+openstack_logging_verbose: "True"
+openstack_logging_debug: "False"
 
-# Openstack authentication strings. You should only need to adjust these if you
+openstack_region_name: "RegionOne"
+
+# Openstack authentication string. You should only need to override these if you
 # are changing the admin tenant/project or user.
 openstack_auth:
     auth_url: "http://{{ kolla_internal_address }}:{{ keystone_admin_port }}"
@@ -73,3 +117,28 @@ openstack_auth_v2:
     username: "admin"
     password: "{{ keystone_admin_password }}"
     project_name: "admin"
+
+# These roles are required for Kolla to be operation, however a savvy deployer
+# could disable some of these required roles and run thier own services.
+enable_glance: "yes"
+enable_haproxy: "yes"
+enable_keystone: "yes"
+enable_mariadb: "yes"
+enable_neutron: "yes"
+enable_nova: "yes"
+enable_rabbitmq: "yes"
+
+# Additional option OpenStack services are specified here
+enable_cinder: "no"
+
+
+####################
+# RabbitMQ options
+####################
+rabbitmq_user: "openstack"
+
+
+#################################
+# Cinder - Block Storage options
+#################################
+cinder_volume_driver: "lvm"
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index d31a1b6176..47467f3b26 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -1,45 +1,36 @@
 ---
-# Please specify all passwords/secrets in the "/etc/kolla/passwords.yml"
+# You can use this file to override _any_ variable throughout Kolla.
+# Additional options can be found in the 'kolla/group_vars/all.yml' file.
 
 ###################
 # Kolla options
 ###################
-config_strategy: "CONFIG_EXTERNAL_COPY_ONCE"
+# Valid options are [ CONFIG_EXTERNAL_COPY_ONCE, CONFIG_EXTERNAL_COPY_ALWAYS ]
+#config_strategy: "CONFIG_EXTERNAL_COPY_ONCE"
 
-kolla_base_distro: "centos"
-kolla_install_type: "binary"
+# Valid options are [ centos, fedora, oraclelinux, ubuntu ]
+#kolla_base_distro: "centos"
 
-# The Public address used to communicate with Openstack
-# This must be set, but it can be an private ip. It can also be the same as the
-# internal address.
-kolla_external_address: "openstack.example.com"
+# Valid options are [ binary, source ]
+#kolla_install_type: "binary"
+
+# This should be a VIP, an unused IP on your network that will float between
+# the hosts running keepalived for high-availibility. When running an All-In-One
+# without haproxy and keepalived, this should be the first IP on your
+# 'network_interface' as set in the Networking section below.
 kolla_internal_address: "10.10.10.254"
 
-
-####################
-# Database options
-####################
-database_address: "{{ kolla_internal_address }}"
-database_user: "root"
+# The Public address used to communicate with Openstack as set in the public_url
+# for the endpoints that will be created. It defaults to kolla_internal_address
+# but can be overridden in your globals.yml to a public address. It is up to the
+# deployer to ensure that that public address maps to the environment correctly.
+# It is recommended to use a DNS name as well, but not required.
+#kolla_external_address: "{{ kolla_internal_address }}"
 
 
 ####################
 # Docker options
 ####################
-docker_registry:
-docker_namespace: "kollaglue"
-docker_registry_username:
-docker_insecure_registry: "False"
-
-# Valid options are [ missing, always ]
-docker_pull_policy: "always"
-
-# Valid options are [ no, on-failure, always ]
-docker_restart_policy: "always"
-
-# '0' means unlimited retries
-docker_restart_policy_retry: "10"
-
 ### Example: Private repository with authentication
 #
 # docker_registry: "172.16.0.10:5000"
@@ -48,41 +39,45 @@ docker_restart_policy_retry: "10"
 # docker_registry_password: "correcthorsebatterystaple"
 # docker_insecure_registry: "False"
 
+# The default behaviour when running the playbooks is to pull the latest image
+# available when running the playbooks. If a newer image is found, it will pull
+# that new image and recreate the containers. If this is not the behaviour you
+# want, this should be set to 'missing'
+# Valid options are [ always, missing ]
+#docker_pull_policy: "always"
+
 
 ####################
 # Networking options
 ####################
-# The interface to use for various services types
+# This interface is what all your api services will be bound to by default.
+# Additionally, all vxlan/tunnel and storage network traffic will go over this
+# interface by default. This interface must contain an IPv4 address.
 network_interface: "eth0"
+
+# These can be adjusted for even more customization. The default is the same as
+# the 'network_interface'. These interfaces must container an IPv4 address.
+#api_interface: "{{ network_interface }}"
+#storage_interface: "{{ network_interface }}"
+#tunnel_interface: "{{ network_interface }}"
+
+# This is the raw interface given to neutron as its external network port. Even
+# though an IP address can exist on this interface, it will be unusable in most
+# configurations. It is recommended this interface not be configured with any IP
+# addresses for that reason.
 neutron_external_interface: "eth1"
 
-# These can be adjusted for even more customization
-api_interface: "{{ network_interface }}"
-storage_interface: "{{ network_interface }}"
-tunnel_interface: "{{ network_interface }}"
-
-# Valid options are [ openvswitch, linuxbridge ]
-neutron_plugin_agent: "openvswitch"
-
 
 ####################
-# Openstack options
+# OpenStack options
 ####################
-openstack_release: "latest"
-openstack_logging_verbose: "True"
-openstack_logging_debug: "False"
+# This option is used to specify the tag to use when pulling the Docker images
+#openstack_release: "latest"
 
-openstack_region_name: "RegionOne"
+# Use these options to set the various log levels across all OpenStack projects
+#openstack_logging_verbose: "True"
+#openstack_logging_debug: "False"
 
-
-####################
-# RabbitMQ options
-####################
-rabbitmq_user: "openstack"
-
-
-#################################
-## Cinder - Block Storage options
-#################################
-enable_cinder: "no"
-cinder_volume_driver: "lvm"
+# OpenStack services can be enabled or disabled with these options
+#enable_cinder: "yes"
+#enable_heat: "no"