diff --git a/defaults/main.yml b/defaults/main.yml
index 4a53f143..c60a8187 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -29,15 +29,7 @@ keystone_developer_constraints:
 
 # Name of the virtual env to deploy into
 keystone_venv_tag: untagged
-keystone_venv_bin: "/openstack/venvs/keystone-{{ keystone_venv_tag }}/bin"
-
-# Set this to enable or disable installing in a venv
-keystone_venv_enabled: true
-
-# The bin path defaults to the venv path however if installation in a
-#  venv is disabled the bin path will be dynamically set based on the
-#  system path used when the installing.
-keystone_bin: "{{ keystone_venv_bin }}"
+keystone_bin: "/openstack/venvs/keystone-{{ keystone_venv_tag }}/bin"
 
 keystone_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/keystone.tgz
 
diff --git a/releasenotes/notes/os-keystone-only-install-venv-b766568ee8d40354.yaml b/releasenotes/notes/os-keystone-only-install-venv-b766568ee8d40354.yaml
new file mode 100644
index 00000000..d2eca846
--- /dev/null
+++ b/releasenotes/notes/os-keystone-only-install-venv-b766568ee8d40354.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - Installation of keystone and its dependent pip packages will now only
+    occur within a Python virtual environment. The ``keystone_venv_enabled``
+    variable has been removed.
diff --git a/tasks/keystone_install.yml b/tasks/keystone_install.yml
index 671ef7e5..a2a0b7d4 100644
--- a/tasks/keystone_install.yml
+++ b/tasks/keystone_install.yml
@@ -66,7 +66,6 @@
     get_md5: False
   when:
     - not keystone_developer_mode | bool
-    - keystone_venv_enabled | bool
   register: local_venv_stat
 
 - name: Get remote venv checksum
@@ -75,7 +74,6 @@
     return_content: True
   when:
     - not keystone_developer_mode | bool
-    - keystone_venv_enabled | bool
   register: remote_venv_checksum
 
 # TODO: When project moves to ansible 2 we can pass this a sha256sum which will:
@@ -92,57 +90,44 @@
   register: get_venv
   when:
     - not keystone_developer_mode | bool
-    - keystone_venv_enabled | bool
     - (local_venv_stat.stat.exists == False or
         {{ local_venv_stat.stat.checksum is defined and local_venv_stat.stat.checksum != remote_venv_checksum.content | trim }})
 
 - name: Set keystone get_venv fact
   set_fact:
     keystone_get_venv: "{{ get_venv }}"
-  when: keystone_venv_enabled | bool
 
 - name: Remove existing venv
   file:
-    path: "{{ keystone_venv_bin | dirname }}"
+    path: "{{ keystone_bin | dirname }}"
     state: absent
   when:
-    - keystone_venv_enabled | bool
     - keystone_get_venv | changed
 
 - name: Create keystone venv dir
   file:
-    path: "{{ keystone_venv_bin | dirname }}"
+    path: "{{ keystone_bin | dirname }}"
     state: directory
+  register: keystone_venv_dir
   when:
     - not keystone_developer_mode | bool
-    - keystone_venv_enabled | bool
-    - keystone_get_venv | changed
 
 - name: Unarchive pre-built venv
   unarchive:
     src: "/var/cache/{{ keystone_venv_download_url | basename }}"
-    dest: "{{ keystone_venv_bin | dirname }}"
+    dest: "{{ keystone_bin | dirname }}"
     copy: "no"
   when:
     - not keystone_developer_mode | bool
-    - keystone_venv_enabled | bool
-    - keystone_get_venv | changed
+    - keystone_get_venv | changed or keystone_venv_dir | changed
   notify:
     - Restart Apache
 
-- name: Update virtualenv path
-  command: >
-    virtualenv-tools --update-path=auto {{ keystone_venv_bin | dirname }}
-  when:
-    - not keystone_developer_mode | bool
-    - keystone_venv_enabled | bool
-    - keystone_get_venv | success
-
-- name: Install pip packages (venv)
+- name: Install pip packages
   pip:
     name: "{{ item }}"
     state: latest
-    virtualenv: "{{ keystone_venv_bin | dirname }}"
+    virtualenv: "{{ keystone_bin | dirname }}"
     virtualenv_site_packages: "no"
     extra_args: "{{ pip_install_options_fact }}"
   register: install_packages
@@ -151,23 +136,10 @@
   delay: 2
   with_items: keystone_pip_packages
   when:
-    - keystone_venv_enabled | bool
     - keystone_get_venv | failed or keystone_developer_mode | bool
   notify:
     - Restart Apache
 
-- name: Install pip packages (no venv)
-  pip:
-    name: "{{ item }}"
-    state: latest
-    extra_args: "{{ pip_install_options_fact }}"
-  register: install_packages
-  until: install_packages|success
-  retries: 5
-  delay: 2
-  with_items: keystone_pip_packages
-  when:
-    - not keystone_developer_mode | bool
-    - not keystone_venv_enabled | bool
-  notify:
-    - Restart Apache
+- name: Update virtualenv path
+  command: >
+    virtualenv-tools --update-path=auto {{ keystone_bin | dirname }}
diff --git a/tasks/keystone_post_install.yml b/tasks/keystone_post_install.yml
index 5414a336..85d31766 100644
--- a/tasks/keystone_post_install.yml
+++ b/tasks/keystone_post_install.yml
@@ -60,15 +60,3 @@
     - { src: "keystone-wsgi.py.j2", dest: "/var/www/cgi-bin/keystone/main", mode: "0755" }
   notify:
     - Restart Apache
-
-- name: Get keystone command path
-  command: which keystone
-  register: keystone_command_path
-  when:
-    - not keystone_venv_enabled | bool
-
-- name: Set keystone command path
-  set_fact:
-    keystone_bin: "{{ keystone_command_path.stdout | dirname }}"
-  when:
-    - not keystone_venv_enabled | bool
diff --git a/tasks/keystone_pre_install.yml b/tasks/keystone_pre_install.yml
index defd96de..40d4ff0a 100644
--- a/tasks/keystone_pre_install.yml
+++ b/tasks/keystone_pre_install.yml
@@ -65,15 +65,6 @@
     - { path: "/var/www/cgi-bin", owner: root, group: root }
     - { path: "/var/www/cgi-bin/keystone" }
 
-- name: Create keystone venv dir
-  file:
-    path: "{{ item.path }}"
-    state: directory
-  with_items:
-    - { path: "/openstack/venvs" }
-    - { path: "{{ keystone_venv_bin }}" }
-  when: keystone_venv_enabled | bool
-
 - name: Test for log directory or link
   shell: |
     if [ -h "/var/log/keystone"  ]; then
diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2
index e17c8ddd..9328303a 100644
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@@ -1,7 +1,7 @@
 # {{ ansible_managed }}
 
 <VirtualHost *:{{ keystone_service_port }}>
-    WSGIDaemonProcess     keystone-service user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} {% if keystone_venv_enabled | bool %}python-path={{ keystone_venv_bin | dirname }}/lib/python2.7/site-packages{% endif %}
+    WSGIDaemonProcess     keystone-service user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} python-path={{ keystone_bin | dirname }}/lib/python2.7/site-packages
 
     WSGIProcessGroup      keystone-service
     WSGIScriptAlias       / /var/www/cgi-bin/keystone/main
@@ -59,7 +59,7 @@
 </VirtualHost>
 
 <VirtualHost *:{{ keystone_admin_port }}>
-    WSGIDaemonProcess     keystone-admin user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} {% if keystone_venv_enabled | bool %}python-path={{ keystone_venv_bin | dirname }}/lib/python2.7/site-packages{% endif %}
+    WSGIDaemonProcess     keystone-admin user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} python-path={{ keystone_bin | dirname }}/lib/python2.7/site-packages
 
     WSGIProcessGroup      keystone-admin
     WSGIScriptAlias       / /var/www/cgi-bin/keystone/admin