diff --git a/manifests/db.pp b/manifests/db.pp
index b331cbcb4..1b79f4e94 100644
--- a/manifests/db.pp
+++ b/manifests/db.pp
@@ -44,7 +44,6 @@ class keystone::db (
 ) {
 
   include ::keystone::deps
-  include ::keystone::params
 
   # NOTE(spredzy): In order to keep backward compatibility we rely on the pick function
   # to use keystone::<myparam> if keystone::db::<myparam> isn't specified.
@@ -59,44 +58,14 @@ class keystone::db (
   validate_re($database_connection_real,
     '^(sqlite|mysql(\+pymysql)?|postgresql):\/\/(\S+:\S+@\S+\/\S+)?')
 
-  case $database_connection_real {
-    /^mysql(\+pymysql)?:\/\//: {
-      require 'mysql::bindings'
-      require 'mysql::bindings::python'
-      if $database_connection_real =~ /^mysql\+pymysql/ {
-        $backend_package = $::keystone::params::pymysql_package_name
-      } else {
-        $backend_package = false
-      }
-    }
-    /^postgresql:\/\//: {
-      $backend_package = false
-      require 'postgresql::lib::python'
-    }
-    /^sqlite:\/\//: {
-      $backend_package = $::keystone::params::sqlite_package_name
-    }
-    default: {
-      fail('Unsupported backend configured')
-    }
-  }
-
-  if $backend_package and !defined(Package[$backend_package]) {
-    package {'keystone-backend-package':
-      ensure => present,
-      name   => $backend_package,
-      tag    => ['openstack', 'keystone-package'],
-    }
-  }
-
-  keystone_config {
-    'database/connection':     value => $database_connection_real, secret => true;
-    'database/idle_timeout':   value => $database_idle_timeout_real;
-    'database/min_pool_size':  value => $database_min_pool_size_real;
-    'database/max_retries':    value => $database_max_retries_real;
-    'database/retry_interval': value => $database_retry_interval_real;
-    'database/max_pool_size':  value => $database_max_pool_size_real;
-    'database/max_overflow':   value => $database_max_overflow_real;
+  oslo::db { 'keystone_config':
+    connection     => $database_connection_real,
+    idle_timeout   => $database_idle_timeout_real,
+    min_pool_size  => $database_min_pool_size_real,
+    max_pool_size  => $database_max_pool_size_real,
+    max_retries    => $database_max_retries_real,
+    retry_interval => $database_retry_interval_real,
+    max_overflow   => $database_max_overflow_real,
   }
 
 }
diff --git a/manifests/init.pp b/manifests/init.pp
index d5195bd10..e4382e797 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -130,6 +130,26 @@
 #   This has no effects unless 'memcache_servers' is set.
 #   Default to $::os_service_default
 #
+# [*cache_config_prefix*]
+#   (Optional) Prefix for building the configuration dictionary for
+#   the cache region. This should not need to be changed unless there
+#   is another dogpile.cache region with the same configuration name.
+#   (string value)
+#   Defaults to $::os_service_default
+#
+# [*cache_expiration_time*]
+#   (Optional) Default TTL, in seconds, for any cached item in the
+#   dogpile.cache region. This applies to any cached method that
+#   doesn't have an explicit cache expiration time defined for it.
+#   (integer value)
+#   Defaults to $::os_service_default
+#
+# [*cache_proxies*]
+#   (Optional) Proxy classes to import that will affect the way the
+#   dogpile.cache backend functions. See the dogpile.cache documentation on
+#   changing-backend-behavior. (list value)
+#   Defaults to $::os_service_default
+#
 # [*token_caching*]
 #   (optional) Toggle for token system caching. This has no effects unless 'memcache_servers' is set.
 #   Default to $::os_service_default
@@ -222,7 +242,7 @@
 #
 # [*rabbit_ha_queues*]
 #   (Optional) Use HA queues in RabbitMQ.
-#   Defaults to undef.
+#   Defaults to $::os_service_default
 #
 # [*rabbit_password*]
 #   (optional) Password used to connect to rabbitmq.
@@ -274,11 +294,12 @@
 #   Defaults to $::os_service_default
 #
 # [*notification_driver*]
-#   RPC driver. Not enabled by default
+#   RPC driver. Not enabled by default (list value)
 #   Defaults to $::os_service_default
 #
 # [*notification_topics*]
 #   (optional) AMQP topics to publish to when using the RPC notification driver.
+#   (list value)
 #   Default to $::os_service_default
 #
 # [*notification_format*]
@@ -287,6 +308,7 @@
 #
 # [*control_exchange*]
 #   (optional) AMQP exchange to connect to if using RabbitMQ or Qpid
+#   (string value)
 #   Default to $::os_service_default
 #
 # [*public_bind_host*]
@@ -471,6 +493,11 @@
 #   the pool before it is closed.
 #   Defaults to $::os_service_default
 #
+# [*memcache_pool_connection_get_timeout*]
+#   (Optional) Number of seconds that an operation will wait to get a memcache
+#   client connection. (integer value)
+#   Defaults to $::os_service_default
+#
 # [*policy_driver*]
 #   Policy backend driver. (string value)
 #   Defaults to $::os_service_default.
@@ -526,103 +553,107 @@
 #
 class keystone(
   $admin_token,
-  $package_ensure                     = 'present',
-  $client_package_ensure              = 'present',
-  $public_bind_host                   = '0.0.0.0',
-  $admin_bind_host                    = '0.0.0.0',
-  $public_port                        = '5000',
-  $admin_port                         = '35357',
-  $verbose                            = undef,
-  $debug                              = undef,
-  $log_dir                            = undef,
-  $log_file                           = undef,
-  $use_syslog                         = undef,
-  $use_stderr                         = undef,
-  $log_facility                       = undef,
-  $catalog_type                       = 'sql',
-  $catalog_driver                     = false,
-  $catalog_template_file              = '/etc/keystone/default_catalog.templates',
-  $token_provider                     = 'uuid',
-  $token_driver                       = 'sql',
-  $token_expiration                   = 3600,
-  $revoke_driver                      = $::os_service_default,
-  $revoke_by_id                       = true,
-  $public_endpoint                    = $::os_service_default,
-  $admin_endpoint                     = $::os_service_default,
-  $enable_ssl                         = false,
-  $ssl_certfile                       = '/etc/keystone/ssl/certs/keystone.pem',
-  $ssl_keyfile                        = '/etc/keystone/ssl/private/keystonekey.pem',
-  $ssl_ca_certs                       = '/etc/keystone/ssl/certs/ca.pem',
-  $ssl_ca_key                         = '/etc/keystone/ssl/private/cakey.pem',
-  $ssl_cert_subject                   = '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
-  $cache_dir                          = '/var/cache/keystone',
-  $memcache_servers                   = $::os_service_default,
-  $manage_service                     = true,
-  $cache_backend                      = $::os_service_default,
-  $cache_backend_argument             = $::os_service_default,
-  $cache_enabled                      = $::os_service_default,
-  $cache_memcache_servers             = $::os_service_default,
-  $debug_cache_backend                = $::os_service_default,
-  $token_caching                      = $::os_service_default,
-  $enabled                            = true,
-  $database_connection                = undef,
-  $database_idle_timeout              = undef,
-  $database_max_retries               = undef,
-  $database_retry_interval            = undef,
-  $database_min_pool_size             = undef,
-  $database_max_pool_size             = undef,
-  $database_max_overflow              = undef,
-  $enable_pki_setup                   = false,
-  $signing_certfile                   = '/etc/keystone/ssl/certs/signing_cert.pem',
-  $signing_keyfile                    = '/etc/keystone/ssl/private/signing_key.pem',
-  $signing_ca_certs                   = '/etc/keystone/ssl/certs/ca.pem',
-  $signing_ca_key                     = '/etc/keystone/ssl/private/cakey.pem',
-  $signing_cert_subject               = '/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com',
-  $signing_key_size                   = 2048,
-  $rabbit_host                        = $::os_service_default,
-  $rabbit_hosts                       = $::os_service_default,
-  $rabbit_password                    = $::os_service_default,
-  $rabbit_port                        = $::os_service_default,
-  $rabbit_userid                      = $::os_service_default,
-  $rabbit_virtual_host                = $::os_service_default,
-  $rabbit_heartbeat_timeout_threshold = $::os_service_default,
-  $rabbit_heartbeat_rate              = $::os_service_default,
-  $rabbit_use_ssl                     = $::os_service_default,
-  $rabbit_ha_queues                   = undef,
-  $kombu_ssl_ca_certs                 = $::os_service_default,
-  $kombu_ssl_certfile                 = $::os_service_default,
-  $kombu_ssl_keyfile                  = $::os_service_default,
-  $kombu_ssl_version                  = $::os_service_default,
-  $notification_driver                = $::os_service_default,
-  $notification_topics                = $::os_service_default,
-  $notification_format                = $::os_service_default,
-  $control_exchange                   = $::os_service_default,
-  $validate_service                   = false,
-  $validate_insecure                  = false,
-  $validate_auth_url                  = false,
-  $validate_cacert                    = undef,
-  $paste_config                       = $::os_service_default,
-  $service_provider                   = $::keystone::params::service_provider,
-  $service_name                       = $::keystone::params::service_name,
-  $max_token_size                     = $::os_service_default,
-  $sync_db                            = true,
-  $enable_fernet_setup                = false,
-  $fernet_key_repository              = '/etc/keystone/fernet-keys',
-  $fernet_max_active_keys             = $::os_service_default,
-  $default_domain                     = undef,
-  $enable_bootstrap                   = true,
-  $memcache_dead_retry                = $::os_service_default,
-  $memcache_socket_timeout            = $::os_service_default,
-  $memcache_pool_maxsize              = $::os_service_default,
-  $memcache_pool_unused_timeout       = $::os_service_default,
-  $policy_driver                      = $::os_service_default,
-  $using_domain_config                = false,
-  $domain_config_directory            = '/etc/keystone/domains',
-  $keystone_user                      = $::keystone::params::keystone_user,
-  $keystone_group                     = $::keystone::params::keystone_group,
+  $package_ensure                       = 'present',
+  $client_package_ensure                = 'present',
+  $public_bind_host                     = '0.0.0.0',
+  $admin_bind_host                      = '0.0.0.0',
+  $public_port                          = '5000',
+  $admin_port                           = '35357',
+  $verbose                              = undef,
+  $debug                                = undef,
+  $log_dir                              = undef,
+  $log_file                             = undef,
+  $use_syslog                           = undef,
+  $use_stderr                           = undef,
+  $log_facility                         = undef,
+  $catalog_type                         = 'sql',
+  $catalog_driver                       = false,
+  $catalog_template_file                = '/etc/keystone/default_catalog.templates',
+  $token_provider                       = 'uuid',
+  $token_driver                         = 'sql',
+  $token_expiration                     = 3600,
+  $revoke_driver                        = $::os_service_default,
+  $revoke_by_id                         = true,
+  $public_endpoint                      = $::os_service_default,
+  $admin_endpoint                       = $::os_service_default,
+  $enable_ssl                           = false,
+  $ssl_certfile                         = '/etc/keystone/ssl/certs/keystone.pem',
+  $ssl_keyfile                          = '/etc/keystone/ssl/private/keystonekey.pem',
+  $ssl_ca_certs                         = '/etc/keystone/ssl/certs/ca.pem',
+  $ssl_ca_key                           = '/etc/keystone/ssl/private/cakey.pem',
+  $ssl_cert_subject                     = '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
+  $cache_dir                            = '/var/cache/keystone',
+  $memcache_servers                     = $::os_service_default,
+  $manage_service                       = true,
+  $cache_backend                        = $::os_service_default,
+  $cache_backend_argument               = $::os_service_default,
+  $cache_enabled                        = $::os_service_default,
+  $cache_memcache_servers               = $::os_service_default,
+  $debug_cache_backend                  = $::os_service_default,
+  $cache_config_prefix                  = $::os_service_default,
+  $cache_expiration_time                = $::os_service_default,
+  $cache_proxies                        = $::os_service_default,
+  $token_caching                        = $::os_service_default,
+  $enabled                              = true,
+  $database_connection                  = undef,
+  $database_idle_timeout                = undef,
+  $database_max_retries                 = undef,
+  $database_retry_interval              = undef,
+  $database_min_pool_size               = undef,
+  $database_max_pool_size               = undef,
+  $database_max_overflow                = undef,
+  $enable_pki_setup                     = false,
+  $signing_certfile                     = '/etc/keystone/ssl/certs/signing_cert.pem',
+  $signing_keyfile                      = '/etc/keystone/ssl/private/signing_key.pem',
+  $signing_ca_certs                     = '/etc/keystone/ssl/certs/ca.pem',
+  $signing_ca_key                       = '/etc/keystone/ssl/private/cakey.pem',
+  $signing_cert_subject                 = '/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com',
+  $signing_key_size                     = 2048,
+  $rabbit_host                          = $::os_service_default,
+  $rabbit_hosts                         = $::os_service_default,
+  $rabbit_password                      = $::os_service_default,
+  $rabbit_port                          = $::os_service_default,
+  $rabbit_userid                        = $::os_service_default,
+  $rabbit_virtual_host                  = $::os_service_default,
+  $rabbit_heartbeat_timeout_threshold   = $::os_service_default,
+  $rabbit_heartbeat_rate                = $::os_service_default,
+  $rabbit_use_ssl                       = $::os_service_default,
+  $rabbit_ha_queues                     = $::os_service_default,
+  $kombu_ssl_ca_certs                   = $::os_service_default,
+  $kombu_ssl_certfile                   = $::os_service_default,
+  $kombu_ssl_keyfile                    = $::os_service_default,
+  $kombu_ssl_version                    = $::os_service_default,
+  $notification_driver                  = $::os_service_default,
+  $notification_topics                  = $::os_service_default,
+  $notification_format                  = $::os_service_default,
+  $control_exchange                     = $::os_service_default,
+  $validate_service                     = false,
+  $validate_insecure                    = false,
+  $validate_auth_url                    = false,
+  $validate_cacert                      = undef,
+  $paste_config                         = $::os_service_default,
+  $service_provider                     = $::keystone::params::service_provider,
+  $service_name                         = $::keystone::params::service_name,
+  $max_token_size                       = $::os_service_default,
+  $sync_db                              = true,
+  $enable_fernet_setup                  = false,
+  $fernet_key_repository                = '/etc/keystone/fernet-keys',
+  $fernet_max_active_keys               = $::os_service_default,
+  $default_domain                       = undef,
+  $enable_bootstrap                     = true,
+  $memcache_dead_retry                  = $::os_service_default,
+  $memcache_socket_timeout              = $::os_service_default,
+  $memcache_pool_maxsize                = $::os_service_default,
+  $memcache_pool_unused_timeout         = $::os_service_default,
+  $memcache_pool_connection_get_timeout = $::os_service_default,
+  $policy_driver                        = $::os_service_default,
+  $using_domain_config                  = false,
+  $domain_config_directory              = '/etc/keystone/domains',
+  $keystone_user                        = $::keystone::params::keystone_user,
+  $keystone_group                       = $::keystone::params::keystone_group,
   # DEPRECATED PARAMETERS
-  $admin_workers                      = max($::processorcount, 2),
-  $public_workers                     = max($::processorcount, 2),
+  $admin_workers                        = max($::processorcount, 2),
+  $public_workers                       = max($::processorcount, 2),
 ) inherits keystone::params {
 
   include ::keystone::deps
@@ -640,18 +671,6 @@ class keystone(
     warning('Version string /v2.0/ should not be included in keystone::public_endpoint')
   }
 
-  if ! is_service_default($rabbit_use_ssl) and !$rabbit_use_ssl {
-    if ! is_service_default($kombu_ssl_ca_certs) and ($kombu_ssl_ca_certs) {
-      fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
-    }
-    if ! is_service_default($kombu_ssl_certfile) and ($kombu_ssl_certfile) {
-      fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
-    }
-    if ! is_service_default($kombu_ssl_keyfile) and ($kombu_ssl_keyfile) {
-      fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
-    }
-  }
-
   include ::keystone::db
   include ::keystone::params
 
@@ -741,15 +760,6 @@ class keystone(
   }
 
   keystone_config {
-    'cache/backend':                      value => $cache_backend;
-    'cache/backend_argument':             value => join(any2array($cache_backend_argument), ',');
-    'cache/debug_cache_backend':          value => $debug_cache_backend;
-    'cache/enabled':                      value => $cache_enabled_real;
-    'cache/memcache_dead_retry':          value => $memcache_dead_retry;
-    'cache/memcache_pool_maxsize':        value => $memcache_pool_maxsize;
-    'cache/memcache_pool_unused_timeout': value => $memcache_pool_unused_timeout;
-    'cache/memcache_servers':             value => join(any2array($cache_memcache_servers_real), ',');
-    'cache/memcache_socket_timeout':      value => $memcache_socket_timeout;
     'memcache/dead_retry':                value => $memcache_dead_retry;
     'memcache/pool_maxsize':              value => $memcache_pool_maxsize;
     'memcache/pool_unused_timeout':       value => $memcache_pool_unused_timeout;
@@ -758,6 +768,22 @@ class keystone(
     'token/caching':                      value => $token_caching;
   }
 
+  oslo::cache { 'keystone_config':
+    config_prefix                        => $cache_config_prefix,
+    expiration_time                      => $cache_expiration_time,
+    backend                              => $cache_backend,
+    backend_argument                     => $cache_backend_argument,
+    proxies                              => $cache_proxies,
+    enabled                              => $cache_enabled_real,
+    debug_cache_backend                  => $debug_cache_backend,
+    memcache_servers                     => $cache_memcache_servers_real,
+    memcache_dead_retry                  => $memcache_dead_retry,
+    memcache_socket_timeout              => $memcache_socket_timeout,
+    memcache_pool_maxsize                => $memcache_pool_maxsize,
+    memcache_pool_unused_timeout         => $memcache_pool_unused_timeout,
+    memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout,
+  }
+
   # configure based on the catalog backend
   if $catalog_driver {
     $catalog_driver_real = $catalog_driver
@@ -807,45 +833,33 @@ class keystone(
   keystone_config {
     'token/provider':              value => $token_provider;
     'DEFAULT/max_token_size':      value => $max_token_size;
-    'DEFAULT/notification_driver': value => $notification_driver;
-    'DEFAULT/notification_topics': value => $notification_topics;
     'DEFAULT/notification_format': value => $notification_format;
-    'DEFAULT/control_exchange':    value => $control_exchange;
   }
 
-  if ! is_service_default($rabbit_hosts) and $rabbit_hosts {
-    keystone_config {
-      'oslo_messaging_rabbit/rabbit_hosts':     value => join($rabbit_hosts, ',');
-    }
-  } else {
-    keystone_config {
-      'oslo_messaging_rabbit/rabbit_host':      value => $rabbit_host;
-      'oslo_messaging_rabbit/rabbit_port':      value => $rabbit_port;
-      'oslo_messaging_rabbit/rabbit_hosts':     ensure => absent;
-    }
+  oslo::messaging::default { 'keystone_config':
+    control_exchange => $control_exchange,
   }
 
-  if $rabbit_ha_queues != undef {
-    keystone_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => $rabbit_ha_queues }
-  } else {
-    if ! is_service_default($rabbit_hosts) and $rabbit_hosts {
-      keystone_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => true }
-    } else {
-      keystone_config { 'oslo_messaging_rabbit/rabbit_ha_queues': value => false }
-    }
+  oslo::messaging::notifications { 'keystone_config':
+    driver => $notification_driver,
+    topics => $notification_topics,
   }
 
-  keystone_config {
-    'oslo_messaging_rabbit/rabbit_use_ssl':               value => $rabbit_use_ssl;
-    'oslo_messaging_rabbit/rabbit_password':              value => $rabbit_password, secret => true;
-    'oslo_messaging_rabbit/rabbit_userid':                value => $rabbit_userid;
-    'oslo_messaging_rabbit/rabbit_virtual_host':          value => $rabbit_virtual_host;
-    'oslo_messaging_rabbit/heartbeat_timeout_threshold':  value => $rabbit_heartbeat_timeout_threshold;
-    'oslo_messaging_rabbit/heartbeat_rate':               value => $rabbit_heartbeat_rate;
-    'oslo_messaging_rabbit/kombu_ssl_ca_certs':           value => $kombu_ssl_ca_certs;
-    'oslo_messaging_rabbit/kombu_ssl_certfile':           value => $kombu_ssl_certfile;
-    'oslo_messaging_rabbit/kombu_ssl_keyfile':            value => $kombu_ssl_keyfile;
-    'oslo_messaging_rabbit/kombu_ssl_version':            value => $kombu_ssl_version;
+  oslo::messaging::rabbit { 'keystone_config':
+    kombu_ssl_version           => $kombu_ssl_version,
+    kombu_ssl_keyfile           => $kombu_ssl_keyfile,
+    kombu_ssl_certfile          => $kombu_ssl_certfile,
+    kombu_ssl_ca_certs          => $kombu_ssl_ca_certs,
+    rabbit_host                 => $rabbit_host,
+    rabbit_port                 => $rabbit_port,
+    rabbit_hosts                => $rabbit_hosts,
+    rabbit_use_ssl              => $rabbit_use_ssl,
+    rabbit_userid               => $rabbit_userid,
+    rabbit_password             => $rabbit_password,
+    rabbit_virtual_host         => $rabbit_virtual_host,
+    rabbit_ha_queues            => $rabbit_ha_queues,
+    heartbeat_timeout_threshold => $rabbit_heartbeat_timeout_threshold,
+    heartbeat_rate              => $rabbit_heartbeat_rate,
   }
 
   keystone_config {
diff --git a/manifests/logging.pp b/manifests/logging.pp
index 37320a23b..6d9b53296 100644
--- a/manifests/logging.pp
+++ b/manifests/logging.pp
@@ -55,6 +55,11 @@
 #    Defaults to $::os_service_default
 #    Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s'
 #
+# [*logging_user_identity_format*]
+#   (Optional) Defines the format string for %(user_identity)s that is used in logging_context_format_string.
+#   Defaults to $::os_service_default
+#   Example: '%(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s'
+#
 #  [*log_config_append*]
 #    The name of an additional logging configuration file.
 #    Defaults to $::os_service_default
@@ -96,6 +101,12 @@
 #    (optional) Format string for %%(asctime)s in log records.
 #    Defaults to $::os_service_default
 #    Example: 'Y-%m-%d %H:%M:%S'
+#
+# [*watch_log_file*]
+#   (Optional) Uses logging handler designed to watch file system (boolean value).
+#   Defaults to $::os_service_default
+#
+
 
 class keystone::logging(
   $use_syslog                    = $::os_service_default,
@@ -109,6 +120,7 @@ class keystone::logging(
   $logging_default_format_string = $::os_service_default,
   $logging_debug_format_suffix   = $::os_service_default,
   $logging_exception_prefix      = $::os_service_default,
+  $logging_user_identity_format  = $::os_service_default,
   $log_config_append             = $::os_service_default,
   $default_log_levels            = $::os_service_default,
   $publish_errors                = $::os_service_default,
@@ -116,6 +128,7 @@ class keystone::logging(
   $instance_format               = $::os_service_default,
   $instance_uuid_format          = $::os_service_default,
   $log_date_format               = $::os_service_default,
+  $watch_log_file                = $::os_service_default,
 ) {
 
   include ::keystone::deps
@@ -130,31 +143,27 @@ class keystone::logging(
   $verbose_real  = pick($::keystone::verbose,$verbose)
   $debug_real = pick($::keystone::debug,$debug)
 
-  if is_service_default($default_log_levels) {
-    $default_log_levels_real = $default_log_levels
-  } else {
-    $default_log_levels_real = join(sort(join_keys_to_values($default_log_levels, '=')), ',')
-  }
-
-  keystone_config {
-    'DEFAULT/use_syslog' :                    value => $use_syslog_real;
-    'DEFAULT/use_stderr' :                    value => $use_stderr_real;
-    'DEFAULT/syslog_log_facility' :           value => $log_facility_real;
-    'DEFAULT/log_dir' :                       value => $log_dir_real;
-    'DEFAULT/log_file':                       value => $log_file_real;
-    'DEFAULT/verbose' :                       value => $verbose_real;
-    'DEFAULT/debug' :                         value => $debug_real;
-    'DEFAULT/default_log_levels' :            value => $default_log_levels_real;
-    'DEFAULT/logging_context_format_string' : value => $logging_context_format_string;
-    'DEFAULT/logging_default_format_string' : value => $logging_default_format_string;
-    'DEFAULT/logging_debug_format_suffix' :   value => $logging_debug_format_suffix;
-    'DEFAULT/logging_exception_prefix' :      value => $logging_exception_prefix;
-    'DEFAULT/log_config_append' :             value => $log_config_append;
-    'DEFAULT/publish_errors' :                value => $publish_errors;
-    'DEFAULT/fatal_deprecations' :            value => $fatal_deprecations;
-    'DEFAULT/instance_format' :               value => $instance_format;
-    'DEFAULT/instance_uuid_format' :          value => $instance_uuid_format;
-    'DEFAULT/log_date_format' :               value => $log_date_format;
+  oslo::log { 'keystone_config':
+    debug                         => $debug_real,
+    verbose                       => $verbose_real,
+    log_config_append             => $log_config_append,
+    log_date_format               => $log_date_format,
+    log_file                      => $log_file_real,
+    log_dir                       => $log_dir_real,
+    watch_log_file                => $watch_log_file,
+    use_syslog                    => $use_syslog_real,
+    syslog_log_facility           => $log_facility_real,
+    use_stderr                    => $use_stderr_real,
+    logging_context_format_string => $logging_context_format_string,
+    logging_default_format_string => $logging_default_format_string,
+    logging_debug_format_suffix   => $logging_debug_format_suffix,
+    logging_exception_prefix      => $logging_exception_prefix,
+    logging_user_identity_format  => $logging_user_identity_format,
+    default_log_levels            => $default_log_levels,
+    publish_errors                => $publish_errors,
+    instance_format               => $instance_format,
+    instance_uuid_format          => $instance_uuid_format,
+    fatal_deprecations            => $fatal_deprecations,
   }
 
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index d15cc9eaf..d0c0ef41d 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -12,8 +12,6 @@ class keystone::params {
       $keystone_wsgi_script_path    = '/usr/lib/cgi-bin/keystone'
       $keystone_wsgi_script_source  = '/usr/share/keystone/wsgi.py'
       $python_memcache_package_name = 'python-memcache'
-      $sqlite_package_name          = 'python-pysqlite2'
-      $pymysql_package_name         = 'python-pymysql'
       $mellon_package_name          = 'libapache2-mod-auth-mellon'
       case $::operatingsystem {
         'Debian': {
@@ -29,10 +27,8 @@ class keystone::params {
       $service_name                 = 'openstack-keystone'
       $keystone_wsgi_script_path    = '/var/www/cgi-bin/keystone'
       $python_memcache_package_name = 'python-memcached'
-      $sqlite_package_name          = undef
       $service_provider             = undef
       $keystone_wsgi_script_source  = '/usr/share/keystone/keystone.wsgi'
-      $pymysql_package_name         = undef
       $mellon_package_name          = 'mod_auth_mellon'
     }
   }
diff --git a/manifests/policy.pp b/manifests/policy.pp
index 65e2f301d..a484208eb 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -37,5 +37,5 @@ class keystone::policy (
   }
 
   create_resources('openstacklib::policy::base', $policies)
-
+  oslo::policy { 'keystone_config': policy_file => $policy_path }
 }
diff --git a/metadata.json b/metadata.json
index cdd636a95..d667b7c88 100644
--- a/metadata.json
+++ b/metadata.json
@@ -34,6 +34,7 @@
     { "name": "puppetlabs/apache", "version_requirement": ">=1.2.0 <2.0.0" },
     { "name": "puppetlabs/inifile", "version_requirement": ">=1.0.0 <2.0.0" },
     { "name": "puppetlabs/stdlib", "version_requirement": ">=4.0.0 <5.0.0" },
-    { "name": "openstack/openstacklib", "version_requirement": ">=8.0.0 <9.0.0 " }
+    { "name": "openstack/openstacklib", "version_requirement": ">=8.0.0 <9.0.0 " },
+    { "name": "openstack/puppet-oslo", "version_requirement": "<9.0.0 " }
   ]
 }
diff --git a/releasenotes/notes/switch_to_oslo-b7caf6d5906e29dc.yaml b/releasenotes/notes/switch_to_oslo-b7caf6d5906e29dc.yaml
new file mode 100644
index 000000000..fc6923a0c
--- /dev/null
+++ b/releasenotes/notes/switch_to_oslo-b7caf6d5906e29dc.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - Switch to puppet-oslo resource usage (instead of
+    manual configuration file editing).
diff --git a/spec/classes/keystone_db_spec.rb b/spec/classes/keystone_db_spec.rb
index 2bcfb9e18..2a9e8162a 100644
--- a/spec/classes/keystone_db_spec.rb
+++ b/spec/classes/keystone_db_spec.rb
@@ -89,10 +89,10 @@ describe 'keystone::db' do
       end
 
       it 'install the proper backend package' do
-        is_expected.to contain_package('keystone-backend-package').with(
+        is_expected.to contain_package('db_backend_package').with(
           :ensure => 'present',
           :name   => 'python-pymysql',
-          :tag    => ['openstack', 'keystone-package']
+          :tag    => ['openstack']
         )
       end
     end
@@ -111,7 +111,7 @@ describe 'keystone::db' do
       let :params do
         { :database_connection     => 'mysql+pymysql://keystone:keystone@localhost/keystone', }
       end
-      it { is_expected.not_to contain_package('keystone-backend-package') }
+      it { is_expected.not_to contain_package('db_backend_package') }
     end
   end
 
diff --git a/spec/classes/keystone_policy_spec.rb b/spec/classes/keystone_policy_spec.rb
index 1414df6fb..2b2537642 100644
--- a/spec/classes/keystone_policy_spec.rb
+++ b/spec/classes/keystone_policy_spec.rb
@@ -20,6 +20,7 @@ describe 'keystone::policy' do
         :key   => 'context_is_admin',
         :value => 'foo:bar'
       })
+      is_expected.to contain_keystone_config('oslo_policy/policy_file').with_value('/etc/keystone/policy.json')
     end
   end
 
diff --git a/spec/classes/keystone_spec.rb b/spec/classes/keystone_spec.rb
index c9afc5e74..4872edd26 100644
--- a/spec/classes/keystone_spec.rb
+++ b/spec/classes/keystone_spec.rb
@@ -237,7 +237,7 @@ describe 'keystone' do
       if param_hash['rabbit_ha_queues']
         is_expected.to contain_keystone_config('oslo_messaging_rabbit/rabbit_ha_queues').with_value(param_hash['rabbit_ha_queues'])
       else
-        is_expected.to contain_keystone_config('oslo_messaging_rabbit/rabbit_ha_queues').with_value(false)
+        is_expected.to contain_keystone_config('oslo_messaging_rabbit/rabbit_ha_queues').with_value('<SERVICE DEFAULT>')
       end
 
     end
@@ -635,7 +635,6 @@ describe 'keystone' do
     it { is_expected.to contain_keystone_config('cache/memcache_servers').with_value('SERVER3:11211,SERVER4:11211') }
   end
 
-
   describe 'do not configure memcache servers when not set' do
     let :params do
       default_params
@@ -691,8 +690,8 @@ describe 'keystone' do
       default_params
     end
 
-    it { is_expected.to contain_keystone_config('DEFAULT/notification_driver').with_value('<SERVICE DEFAULT>') }
-    it { is_expected.to contain_keystone_config('DEFAULT/notification_topics').with_value('<SERVICE DEFAULT>') }
+    it { is_expected.to contain_keystone_config('oslo_messaging_notifications/driver').with_value('<SERVICE DEFAULT>') }
+    it { is_expected.to contain_keystone_config('oslo_messaging_notifications/topics').with_value('<SERVICE DEFAULT>') }
     it { is_expected.to contain_keystone_config('DEFAULT/notification_format').with_value('<SERVICE DEFAULT>') }
     it { is_expected.to contain_keystone_config('DEFAULT/control_exchange').with_value('<SERVICE DEFAULT>') }
   end
@@ -748,15 +747,15 @@ describe 'keystone' do
   describe 'setting notification settings' do
     let :params do
       default_params.merge({
-        :notification_driver   => 'keystone.openstack.common.notifier.rpc_notifier',
-        :notification_topics   => 'notifications',
+        :notification_driver   => ['keystone.openstack.common.notifier.rpc_notifier'],
+        :notification_topics   => ['notifications'],
         :notification_format   => 'cadf',
         :control_exchange      => 'keystone'
       })
     end
 
-    it { is_expected.to contain_keystone_config('DEFAULT/notification_driver').with_value('keystone.openstack.common.notifier.rpc_notifier') }
-    it { is_expected.to contain_keystone_config('DEFAULT/notification_topics').with_value('notifications') }
+    it { is_expected.to contain_keystone_config('oslo_messaging_notifications/driver').with_value('keystone.openstack.common.notifier.rpc_notifier') }
+    it { is_expected.to contain_keystone_config('oslo_messaging_notifications/topics').with_value('notifications') }
     it { is_expected.to contain_keystone_config('DEFAULT/notification_format').with_value('cadf') }
     it { is_expected.to contain_keystone_config('DEFAULT/control_exchange').with_value('keystone') }
   end