diff --git a/rpc_deployment/playbooks/openstack/nova-compute-keys.yml b/rpc_deployment/playbooks/openstack/nova-compute-keys.yml
index 25dbdce37d..82618a3a8c 100644
--- a/rpc_deployment/playbooks/openstack/nova-compute-keys.yml
+++ b/rpc_deployment/playbooks/openstack/nova-compute-keys.yml
@@ -17,6 +17,8 @@
   user: root
   roles:
     - nova_compute_sshkey_create
+  vars_files:
+    - inventory/group_vars/nova_all.yml
 
 - hosts: nova_compute[0]
   user: root
diff --git a/rpc_deployment/playbooks/openstack/nova-compute.yml b/rpc_deployment/playbooks/openstack/nova-compute.yml
index be1bdba4eb..f3a0803775 100644
--- a/rpc_deployment/playbooks/openstack/nova-compute.yml
+++ b/rpc_deployment/playbooks/openstack/nova-compute.yml
@@ -13,11 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- hosts: nova_compute[0]
-  user: root
-  roles:
-    - nova_compute_sshkey_create
-
 - hosts: nova_compute
   user: root
   roles:
diff --git a/rpc_deployment/roles/cinder_setup/tasks/main.yml b/rpc_deployment/roles/cinder_setup/tasks/main.yml
index 43a849dc22..cb081bf3c9 100644
--- a/rpc_deployment/roles/cinder_setup/tasks/main.yml
+++ b/rpc_deployment/roles/cinder_setup/tasks/main.yml
@@ -15,3 +15,5 @@
 
 - name: Perform a Cinder DB sync
   command: cinder-manage db sync
+  sudo: yes
+  sudo_user: "{{ system_user }}"
diff --git a/rpc_deployment/roles/heat_setup/tasks/main.yml b/rpc_deployment/roles/heat_setup/tasks/main.yml
index 6e92b1c163..40ba5174a5 100644
--- a/rpc_deployment/roles/heat_setup/tasks/main.yml
+++ b/rpc_deployment/roles/heat_setup/tasks/main.yml
@@ -15,3 +15,5 @@
 
 - name: Perform a Heat DB sync
   command: heat-manage db_sync
+  sudo: yes
+  sudo_user: "{{ system_user }}"
diff --git a/rpc_deployment/roles/horizon_setup/tasks/main.yml b/rpc_deployment/roles/horizon_setup/tasks/main.yml
index c7290e13e6..0232611bf7 100644
--- a/rpc_deployment/roles/horizon_setup/tasks/main.yml
+++ b/rpc_deployment/roles/horizon_setup/tasks/main.yml
@@ -13,5 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# Unlike the 'db sync' command run in other projects, we do not run this under
+# horizon's {{ system_user }} as horizon is run through Apache and logs are
+# written to as root
 - name: Run syncdb
   command: horizon-manage.py syncdb --noinput
diff --git a/rpc_deployment/roles/keystone_setup/tasks/keystone_token_cron.yml b/rpc_deployment/roles/keystone_setup/tasks/keystone_token_cron.yml
index 63997541ec..bcd24805d4 100644
--- a/rpc_deployment/roles/keystone_setup/tasks/keystone_token_cron.yml
+++ b/rpc_deployment/roles/keystone_setup/tasks/keystone_token_cron.yml
@@ -18,4 +18,4 @@
     name: "Clear out stale keystone tokens"
     minute: 0
     job: "keystone-manage token_flush"
-    user: keystone
+    user: "{{ system_user }}"
diff --git a/rpc_deployment/roles/neutron_setup/tasks/main.yml b/rpc_deployment/roles/neutron_setup/tasks/main.yml
index 804396634c..d0648b19a1 100644
--- a/rpc_deployment/roles/neutron_setup/tasks/main.yml
+++ b/rpc_deployment/roles/neutron_setup/tasks/main.yml
@@ -18,6 +18,8 @@
     neutron-db-manage --config-file {{ neutron_config }}
                       --config-file {{ neutron_plugin }}
                       upgrade {{ neutron_revision }}
+  sudo: yes
+  sudo_user: "{{ system_user }}"
   tags:
     - neutron_upgrade
 
@@ -25,6 +27,8 @@
   shell: "neutron-db-manage history | grep -w 'Revision ID: {{ neutron_revision }}'"
   register: neutron_dbmanage
   ignore_errors: True
+  sudo: yes
+  sudo_user: "{{ system_user }}"
   tags:
     - neutron_stamp
 
@@ -34,5 +38,7 @@
                       --config-file {{ neutron_plugin }} 
                       stamp {{ neutron_revision }}
   when: neutron_dbmanage.rc != 0
+  sudo: yes
+  sudo_user: "{{ system_user }}"
   tags:
     - neutron_stamp
diff --git a/rpc_deployment/roles/nova_compute_sshkey_create/tasks/main.yml b/rpc_deployment/roles/nova_compute_sshkey_create/tasks/main.yml
index 791ad495d2..64631c36e0 100644
--- a/rpc_deployment/roles/nova_compute_sshkey_create/tasks/main.yml
+++ b/rpc_deployment/roles/nova_compute_sshkey_create/tasks/main.yml
@@ -36,7 +36,9 @@
     - "/var/lib/nova/.ssh/id_rsa.pub"
 
 - name: Create the nova SSH key if it doesnt exist
-  shell: su - nova -c 'ssh-keygen -f /var/lib/nova/.ssh/id_rsa -t rsa -q -N ""'
+  command: ssh-keygen -f /var/lib/nova/.ssh/id_rsa -t rsa -q -N ""
+  sudo: yes
+  sudo_user: "{{ system_user }}"
 
 - name: Create empty 'authorized_keys' file
   file: path="/var/lib/nova/.ssh/authorized_keys" state="touch"
@@ -44,8 +46,8 @@
 - name: Change permissions on the generated keys
   file:
     path: "{{ item.path }}"
-    group: "nova"
-    owner: "nova"
+    group: "{{ system_user }}"
+    owner: "{{ system_user }}"
     mode: "{{ item.mode }}"
   with_items:
     - { path: "/var/lib/nova/.ssh/authorized_keys", mode: "0700" }
diff --git a/rpc_deployment/roles/nova_setup/tasks/main.yml b/rpc_deployment/roles/nova_setup/tasks/main.yml
index f7ce3e68eb..2a17f17032 100644
--- a/rpc_deployment/roles/nova_setup/tasks/main.yml
+++ b/rpc_deployment/roles/nova_setup/tasks/main.yml
@@ -15,3 +15,5 @@
 
 - name: Perform a Nova DB sync
   command: nova-manage db sync
+  sudo: yes
+  sudo_user: "{{ system_user }}"