diff --git a/tasks/keystone_post_install.yml b/tasks/keystone_post_install.yml
index 3279f14f..5a97c520 100644
--- a/tasks/keystone_post_install.yml
+++ b/tasks/keystone_post_install.yml
@@ -13,9 +13,19 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: Copy keystone config
+- name: Retrieve default configuration files
+  uri:
+    url: "{{ item }}"
+    return_content: yes
+  with_items:
+    - "{{ keystone_git_config_lookup_location }}/{{ keystone_paste_git_file_path }}"
+    - "{{ keystone_git_config_lookup_location }}/{{ keystone_sso_callback_git_file_path }}"
+  register: _git_file_fetch
+
+- name: Copy keystone configuration files
   config_template:
-    src: "{{ item.src }}"
+    content: "{{ item.content | default(omit) }}"
+    src: "{{ item.src | default(omit) }}"
     dest: "{{ item.dest }}"
     owner: "root"
     group: "{{ keystone_system_group_name }}"
@@ -27,31 +37,14 @@
       dest: "/etc/keystone/keystone.conf"
       config_overrides: "{{ keystone_keystone_conf_overrides }}"
       config_type: "ini"
-  notify:
-    - Restart uWSGI on first node
-    - Restart uWSGI on other nodes
-    - Restart web server on first node
-    - Restart web server on other nodes
-
-- name: Retrieve and config_template upstream files
-  config_template:
-    content: "{{ lookup('pipe', item.content) | string }}"
-    dest: "{{ item.dest }}"
-    config_overrides: "{{ item.config_overrides }}"
-    config_type: "{{ item.config_type }}"
-  with_items:
     - dest: "/etc/keystone/keystone-paste.ini"
       config_overrides: "{{ keystone_keystone_paste_ini_overrides }}"
       config_type: "ini"
-      content: |
-        cat {{ keystone_paste_default_file_path }} 2>/dev/null || \
-        curl -s {{ keystone_git_config_lookup_location }}/{{ keystone_paste_git_file_path }}
+      content: "{{ keystone_paste_user_content | default(keystone_paste_default_content, true) }}"
     - dest: "/etc/keystone/policy.json-{{ keystone_venv_tag }}"
       config_overrides: "{{ keystone_policy_overrides }}"
       config_type: "json"
-      content: |
-        cat {{ keystone_policy_default_file_path }} 2>/dev/null || \
-        echo {}
+      content: "{{ keystone_policy_user_content | default('{}', true) }}"
   notify:
     - Restart uWSGI on first node
     - Restart uWSGI on other nodes
@@ -60,9 +53,7 @@
 
 - name: Copy Keystone Federation SP SSO callback template
   copy:
-    content: |
-        cat {{ keystone_sso_callback_file_path }} 2>/dev/null || \
-        curl -s {{ keystone_git_config_lookup_location }}/{{ keystone_sso_callback_git_file_path }}
+    content: "{{ keystone_sso_callback_user_content | default(keystone_sso_callback_default_content, true) }}"
     dest: "/etc/keystone/sso_callback_template.html"
     owner: "{{ keystone_system_user_name }}"
     group: "{{ keystone_system_group_name }}"
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 00000000..3fb4b7c4
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,26 @@
+---
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# These vars find a file on the deployment node, if it exists - otherwise the result is empty.
+keystone_paste_user_content: "{{ lookup('pipe', 'cat ' ~ keystone_paste_default_file_path ~ ' 2>/dev/null || true') }}"
+keystone_policy_user_content: "{{ lookup('pipe', 'cat ' ~ keystone_policy_default_file_path ~ ' 2>/dev/null || true') }}"
+keystone_sso_callback_user_content: "{{ lookup('pipe', 'cat ' ~  keystone_sso_callback_file_path ~ ' 2>/dev/null || true') }}"
+
+# These vars find the appropriate result content from the with_items loop
+keystone_paste_default_content: |
+  {{ _git_file_fetch.results | selectattr('item', 'equalto', keystone_git_config_lookup_location ~ '/' ~ keystone_paste_git_file_path) | map(attribute='content') | first }}
+
+keystone_sso_callback_default_content: |
+  {{ _git_file_fetch.results | selectattr('item', 'equalto', keystone_git_config_lookup_location ~ '/' ~ keystone_sso_callback_git_file_path) | map(attribute='content') | first }}