diff --git a/playbooks/roles/os_glance/defaults/main.yml b/playbooks/roles/os_glance/defaults/main.yml
index c5b6a22c1c..2645d445df 100644
--- a/playbooks/roles/os_glance/defaults/main.yml
+++ b/playbooks/roles/os_glance/defaults/main.yml
@@ -87,7 +87,10 @@ glance_service_adminuri: "{{ glance_service_adminuri_proto }}://{{ internal_lb_v
 glance_service_adminurl: "{{ glance_service_adminuri }}"
 
 ## Swift Options
-glance_swift_store_auth_address: "{{ keystone_service_internalurl }}"
+glance_swift_store_auth_address: "{{ keystone_service_internalurl_v3 }}"
+glance_swift_store_auth_version: 3
+glance_swift_store_user_domain: default
+glance_swift_store_project_domain: default
 glance_swift_store_user: "service:{{ glance_service_user_name }}"
 glance_swift_store_key: "{{ glance_service_password }}"
 glance_swift_store_region: "{{ glance_service_region }}"
@@ -112,7 +115,7 @@ glance_image_cache_max_size: 10737418240
 # glance_registry_workers: 16
 
 glance_task_executor: taskflow
-glance_digest_algorithm: sha1
+glance_digest_algorithm: sha256
 glance_http_keepalive: True
 
 ## Glance policy
@@ -178,4 +181,4 @@ glance_glance_registry_paste_ini_overrides: {}
 glance_glance_registry_conf_overrides: {}
 glance_glance_scrubber_conf_overrides: {}
 glance_glance_scheme_json_overrides: {}
-glance_policy_overrides: {}
\ No newline at end of file
+glance_policy_overrides: {}
diff --git a/playbooks/roles/os_glance/templates/glance-api-paste.ini.j2 b/playbooks/roles/os_glance/templates/glance-api-paste.ini.j2
index 029221ccf7..d4f36a267f 100644
--- a/playbooks/roles/os_glance/templates/glance-api-paste.ini.j2
+++ b/playbooks/roles/os_glance/templates/glance-api-paste.ini.j2
@@ -1,44 +1,45 @@
 # Use this pipeline for no auth or image caching - DEFAULT
 [pipeline:glance-api]
-pipeline = versionnegotiation osprofiler unauthenticated-context rootapp
+pipeline = healthcheck versionnegotiation osprofiler unauthenticated-context rootapp
 
 # Use this pipeline for image caching and no auth
 [pipeline:glance-api-caching]
-pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp
+pipeline = healthcheck versionnegotiation osprofiler unauthenticated-context cache rootapp
 
 # Use this pipeline for caching w/ management interface but no auth
 [pipeline:glance-api-cachemanagement]
-pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
+pipeline = healthcheck versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
 
 # Use this pipeline for keystone auth
 [pipeline:glance-api-keystone]
-pipeline = versionnegotiation osprofiler authtoken context rootapp
+pipeline = healthcheck versionnegotiation osprofiler authtoken context  rootapp
 
 # Use this pipeline for keystone auth with image caching
 [pipeline:glance-api-keystone+caching]
-pipeline = versionnegotiation osprofiler authtoken context cache rootapp
+pipeline = healthcheck versionnegotiation osprofiler authtoken context cache rootapp
 
 # Use this pipeline for keystone auth with caching and cache management
 [pipeline:glance-api-keystone+cachemanagement]
-pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp
+pipeline = healthcheck versionnegotiation osprofiler authtoken context cache cachemanage rootapp
 
 # Use this pipeline for authZ only. This means that the registry will treat a
 # user as authenticated without making requests to keystone to reauthenticate
 # the user.
 [pipeline:glance-api-trusted-auth]
-pipeline = versionnegotiation osprofiler context rootapp
+pipeline = healthcheck versionnegotiation osprofiler context rootapp
 
 # Use this pipeline for authZ only. This means that the registry will treat a
 # user as authenticated without making requests to keystone to reauthenticate
 # the user and uses cache management
 [pipeline:glance-api-trusted-auth+cachemanagement]
-pipeline = versionnegotiation osprofiler context cache cachemanage rootapp
+pipeline = healthcheck versionnegotiation osprofiler context cache cachemanage rootapp
 
 [composite:rootapp]
 paste.composite_factory = glance.api:root_app_factory
 /: apiversions
 /v1: apiv1app
 /v2: apiv2app
+/v3: apiv3app
 
 [app:apiversions]
 paste.app_factory = glance.api.versions:create_resource
@@ -49,6 +50,14 @@ paste.app_factory = glance.api.v1.router:API.factory
 [app:apiv2app]
 paste.app_factory = glance.api.v2.router:API.factory
 
+[app:apiv3app]
+paste.app_factory = glance.api.v3.router:API.factory
+
+[filter:healthcheck]
+paste.filter_factory = oslo_middleware:Healthcheck.factory
+backends = disable_by_file
+disable_by_file_path = /etc/glance/healthcheck_disable
+
 [filter:versionnegotiation]
 paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
 
diff --git a/playbooks/roles/os_glance/templates/glance-api.conf.j2 b/playbooks/roles/os_glance/templates/glance-api.conf.j2
index a7bb3b8bd3..adfd70da89 100644
--- a/playbooks/roles/os_glance/templates/glance-api.conf.j2
+++ b/playbooks/roles/os_glance/templates/glance-api.conf.j2
@@ -8,7 +8,6 @@ verbose = {{ verbose }}
 debug = {{ debug }}
 log_file = /var/log/glance/glance-api.log
 fatal_deprecations = {{ glance_fatal_deprecations }}
-use_syslog = False
 bind_host = {{ glance_api_bind_address }}
 bind_port = {{ glance_api_service_port }}
 http_keepalive = {{ glance_http_keepalive }}
@@ -25,22 +24,17 @@ enable_v1_registry = {{ glance_enable_v1_registry }}
 enable_v2_api = {{ glance_enable_v2_api }}
 enable_v2_registry = {{ glance_enable_v2_registry }}
 
+#
+# From oslo.messaging
+#
+
 {% if glance_ceilometer_enabled %}
 notification_driver = {{ glance_ceilometer_notification_driver }}
 {% else %}
 notification_driver = {{ glance_notification_driver }}
 {% endif %}
 {% if glance_notification_driver == "messaging" or (glance_ceilometer_notification_driver == "messagingv2" and glance_ceilometer_enabled) %}
-##### RPC MESSAGING OPTIONS #####
 rpc_backend = {{ glance_rpc_backend }}
-rabbit_hosts = {{ rabbitmq_servers }}
-rabbit_port = {{ rabbitmq_port }}
-rabbit_userid = {{ glance_rabbitmq_userid }}
-rabbit_password = {{ glance_rabbitmq_password }}
-rabbit_virtual_host = {{ glance_rabbitmq_vhost }}
-rabbit_notification_exchange = glance
-rabbit_notification_topic = notifications
-rabbit_durable_queues = False
 {% endif %}
 
 
@@ -87,18 +81,30 @@ policy_file = {{ glance_policy_file }}
 policy_default_rule = {{ glance_policy_default_rule }}
 policy_dirs = {{ glance_policy_dirs }}
 
+[oslo_messaging_rabbit]
+rabbit_hosts = {{ rabbitmq_servers }}
+rabbit_port = {{ rabbitmq_port }}
+rabbit_userid = {{ glance_rabbitmq_userid }}
+rabbit_password = {{ glance_rabbitmq_password }}
+rabbit_virtual_host = {{ glance_rabbitmq_vhost }}
+rabbit_notification_exchange = glance
+rabbit_notification_topic = notifications
+
 [paste_deploy]
 flavor = {{ glance_flavor }}
 
 [glance_store]
 default_store = {{ glance_default_store }}
 {% if glance_default_store == "file" %}
-stores = glance.store.filesystem.Store,glance.store.http.Store,glance.store.cinder.Store
+stores = file,http,cinder
 filesystem_store_datadir = {{ glance_system_user_home }}/images/
 {% elif glance_default_store == "swift" %}
-stores = glance.store.swift.Store,glance.store.http.Store,glance.store.cinder.Store
-swift_store_auth_version = 2
+stores = swift,http,cinder
+user_domain_id = {{ glance_swift_store_user_domain }}
+project_domain_id = {{ glance_swift_store_project_domain }}
+swift_store_auth_version = {{ glance_swift_store_auth_version }}
 swift_store_auth_address = {{ glance_swift_store_auth_address }}
+swift_store_auth_insecure = {{ keystone_service_internaluri_insecure | bool }}
 swift_store_user = {{ glance_swift_store_user }}
 swift_store_key = {{ glance_swift_store_key }}
 swift_store_region = {{ glance_swift_store_region }}
@@ -109,7 +115,7 @@ swift_store_large_object_chunk_size = {{ glance_swift_store_large_object_chunk_s
 swift_store_retry_get_count = 5
 swift_store_endpoint_type = {{ glance_swift_store_endpoint_type }}
 {% elif glance_default_store == "rbd" %}
-stores = glance.store.rbd.Store,glance.store.http.Store,glance.store.cinder.Store
+stores = rbd,http,cinder
 rbd_store_pool = {{ glance_rbd_store_pool }}
 rbd_store_user = {{ glance_rbd_store_user }}
 rbd_store_ceph_conf = /etc/ceph/ceph.conf
diff --git a/playbooks/roles/os_glance/templates/glance-cache.conf.j2 b/playbooks/roles/os_glance/templates/glance-cache.conf.j2
index c60d0ff43d..429c05f658 100644
--- a/playbooks/roles/os_glance/templates/glance-cache.conf.j2
+++ b/playbooks/roles/os_glance/templates/glance-cache.conf.j2
@@ -6,7 +6,6 @@ debug = {{ debug }}
 admin_password = {{ glance_service_password }}
 admin_user = {{ glance_service_user_name }}
 admin_tenant_name = {{ glance_service_project_name }}
-use_syslog = False
 image_cache_dir = {{ glance_system_user_home }}/cache/
 image_cache_stall_time = 86400
 image_cache_max_size = {{ glance_image_cache_max_size }}
diff --git a/playbooks/roles/os_glance/templates/glance-manage.conf.j2 b/playbooks/roles/os_glance/templates/glance-manage.conf.j2
index 19c6113b90..069a6e2674 100644
--- a/playbooks/roles/os_glance/templates/glance-manage.conf.j2
+++ b/playbooks/roles/os_glance/templates/glance-manage.conf.j2
@@ -3,7 +3,6 @@ verbose = {{ verbose }}
 debug = {{ debug }}
 log_file = /var/log/glance/glance-manage.log
 fatal_deprecations = {{ glance_fatal_deprecations }}
-use_syslog = False
 
 [database]
 connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ glance_galera_address }}/{{ glance_galera_database }}?charset=utf8
diff --git a/playbooks/roles/os_glance/templates/glance-registry-paste.ini.j2 b/playbooks/roles/os_glance/templates/glance-registry-paste.ini.j2
index a962043e38..ae6755298b 100644
--- a/playbooks/roles/os_glance/templates/glance-registry-paste.ini.j2
+++ b/playbooks/roles/os_glance/templates/glance-registry-paste.ini.j2
@@ -1,20 +1,25 @@
 # Use this pipeline for no auth - DEFAULT
 [pipeline:glance-registry]
-pipeline = osprofiler unauthenticated-context registryapp
+pipeline = healthcheck osprofiler unauthenticated-context registryapp
 
 # Use this pipeline for keystone auth
 [pipeline:glance-registry-keystone]
-pipeline = osprofiler authtoken context registryapp
+pipeline = healthcheck osprofiler authtoken context registryapp
 
 # Use this pipeline for authZ only. This means that the registry will treat a
 # user as authenticated without making requests to keystone to reauthenticate
 # the user.
 [pipeline:glance-registry-trusted-auth]
-pipeline = osprofiler context registryapp
+pipeline = healthcheck osprofiler context registryapp
 
 [app:registryapp]
 paste.app_factory = glance.registry.api:API.factory
 
+[filter:healthcheck]
+paste.filter_factory = oslo_middleware:Healthcheck.factory
+backends = disable_by_file
+disable_by_file_path = /etc/glance/healthcheck_disable
+
 [filter:context]
 paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
 
diff --git a/playbooks/roles/os_glance/templates/glance-registry.conf.j2 b/playbooks/roles/os_glance/templates/glance-registry.conf.j2
index 5e0b087fa5..ac26de2498 100644
--- a/playbooks/roles/os_glance/templates/glance-registry.conf.j2
+++ b/playbooks/roles/os_glance/templates/glance-registry.conf.j2
@@ -8,7 +8,6 @@ verbose = {{ verbose }}
 debug = {{ debug }}
 fatal_deprecations = {{ glance_fatal_deprecations }}
 log_file = /var/log/glance/glance-registry.log
-use_syslog = False
 bind_host = {{ glance_registry_bind_address }}
 bind_port = {{ glance_registry_service_port }}
 http_keepalive = {{ glance_http_keepalive }}
@@ -19,10 +18,6 @@ limit_param_default = 25
 {% if glance_ceilometer_enabled %}
 notification_driver = {{ glance_notification_driver }}
 rpc_backend = {{ glance_rpc_backend }}
-rabbit_hosts = {{ rabbitmq_servers }}
-rabbit_userid = {{ glance_rabbitmq_userid }}
-rabbit_password = {{ glance_rabbitmq_password }}
-rabbit_virtual_host = {{ glance_rabbitmq_vhost }}
 {% endif %}
 
 [database]
@@ -52,6 +47,15 @@ memcache_secret_key = {{ memcached_encryption_key }}
 # if your keystone deployment uses PKI, and you value security over performance:
 check_revocations_for_cached = False
 
+[oslo_messaging_rabbit]
+rabbit_hosts = {{ rabbitmq_servers }}
+rabbit_port = {{ rabbitmq_port }}
+rabbit_userid = {{ glance_rabbitmq_userid }}
+rabbit_password = {{ glance_rabbitmq_password }}
+rabbit_virtual_host = {{ glance_rabbitmq_vhost }}
+rabbit_notification_exchange = glance
+rabbit_notification_topic = notifications
+
 [oslo_policy]
 policy_file = {{ glance_policy_file }}
 policy_default_rule = {{ glance_policy_default_rule }}
diff --git a/playbooks/roles/os_glance/templates/glance-scrubber.conf.j2 b/playbooks/roles/os_glance/templates/glance-scrubber.conf.j2
index 0382fef04e..0769b9892a 100644
--- a/playbooks/roles/os_glance/templates/glance-scrubber.conf.j2
+++ b/playbooks/roles/os_glance/templates/glance-scrubber.conf.j2
@@ -6,13 +6,10 @@ debug = {{ debug }}
 # Log to this file. Make sure you do not set the same log file for both the API
 # and registry servers!
 #
-# If `log_file` is omitted and `use_syslog` is false, then log messages are
+# If `log_file` is omitted then log messages are
 # sent to stdout as a fallback.
 log_file = /var/log/glance/scrubber.log
 
-# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
-#use_syslog: False
-
 # Should we run our own loop or rely on cron/scheduler to run us
 daemon = False