diff --git a/manifests/config.pp b/manifests/config.pp
new file mode 100644
index 000000000..0a1eaf537
--- /dev/null
+++ b/manifests/config.pp
@@ -0,0 +1,19 @@
+#
+# Can be used to specify configuration
+# sections in keystone
+#
+# It will assume that the config
+#
+#
+define keystone::config(
+  $config    = {},
+  $file_name = regsubst($name, ':', '_', 'G'),
+  $content   = template("keystone/${name}.erb"),
+  $order     = undef
+) {
+  concat::fragment { $name:
+    target  => '/etc/keystone/keystone.conf',
+    content => $content,
+    order   => $order,
+  }
+}
diff --git a/templates/DEFAULT.erb b/templates/DEFAULT.erb
new file mode 100644
index 000000000..57fb2f557
--- /dev/null
+++ b/templates/DEFAULT.erb
@@ -0,0 +1,10 @@
+[DEFAULT]
+bind_host     = <%= config['bind_host'] %>
+public_port   = <%= config['public_port'] %>
+admin_port    = <%= config['admin_port'] %>
+admin_token   = <%= config['admin_token'] %>
+compute_port  = <%= config['compute_port'] %>
+verbose       = <%= config['log_verbose'] %>
+debug         = <%= config['log_debug'] %>
+log_file      = /var/log/keystone/keystone.log
+use_syslog    = <%= config['use_syslog'] %>
diff --git a/templates/footer.erb b/templates/footer.erb
new file mode 100644
index 000000000..481f0fbb1
--- /dev/null
+++ b/templates/footer.erb
@@ -0,0 +1,68 @@
+
+[token]
+driver = keystone.token.backends.kvs.Token
+expiration = 86400
+
+[policy]
+driver = keystone.policy.backends.rules.Policy
+
+[ec2]
+driver = keystone.contrib.ec2.backends.sql.Ec2
+
+[filter:debug]
+paste.filter_factory = keystone.common.wsgi:Debug.factory
+
+[filter:token_auth]
+paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
+
+[filter:admin_token_auth]
+paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
+
+[filter:xml_body]
+paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
+
+[filter:json_body]
+paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
+
+[filter:crud_extension]
+paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
+
+[filter:ec2_extension]
+paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
+
+[filter:s3_extension]
+paste.filter_factory = keystone.contrib.s3:S3Extension.factory
+
+[app:public_service]
+paste.app_factory = keystone.service:public_app_factory
+
+[app:admin_service]
+paste.app_factory = keystone.service:admin_app_factory
+
+[pipeline:public_api]
+pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service
+
+[pipeline:admin_api]
+pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service
+
+[app:public_version_service]
+paste.app_factory = keystone.service:public_version_app_factory
+
+[app:admin_version_service]
+paste.app_factory = keystone.service:admin_version_app_factory
+
+[pipeline:public_version_api]
+pipeline = xml_body public_version_service
+
+[pipeline:admin_version_api]
+pipeline = xml_body admin_version_service
+
+[composite:main]
+use = egg:Paste#urlmap
+/v2.0 = public_api
+/ = public_version_api
+
+[composite:admin]
+use = egg:Paste#urlmap
+/v2.0 = admin_api
+/ = admin_version_api
diff --git a/templates/identity.erb b/templates/identity.erb
new file mode 100644
index 000000000..46cbf960b
--- /dev/null
+++ b/templates/identity.erb
@@ -0,0 +1,2 @@
+[identity]
+driver = keystone.identity.backends.sql.Identity
diff --git a/templates/ldap.erb b/templates/ldap.erb
new file mode 100644
index 000000000..055eb8cc1
--- /dev/null
+++ b/templates/ldap.erb
@@ -0,0 +1,9 @@
+[ldap]
+url = ldap://localhost
+tree_dn = dc=example,dc=com
+user_tree_dn = ou=Users,dc=example,dc=com
+role_tree_dn = ou=Roles,dc=example,dc=com
+tenant_tree_dn = ou=Groups,dc=example,dc=com
+user = dc=Manager,dc=example,dc=com
+password = freeipa4all
+suffix = cn=example,cn=com
diff --git a/templates/sql.erb b/templates/sql.erb
new file mode 100644
index 000000000..cc8a1ae7f
--- /dev/null
+++ b/templates/sql.erb
@@ -0,0 +1,6 @@
+[<%= name %>]
+connection    = mysql://<%= "#{config['user']}:#{config['password']}@#{config['host']}/#{config['dbname']}" %>
+idle_timeout  = <%= config['idle_timeout'] %>
+min_pool_size = <%= config['min_pool_size'] %>
+max_pool_size = <%= config['max_pool_size'] %>
+pool_timeout  = <%= config['pool_timeout'] %>
diff --git a/templates/sql_catalog.erb b/templates/sql_catalog.erb
new file mode 100644
index 000000000..08163848d
--- /dev/null
+++ b/templates/sql_catalog.erb
@@ -0,0 +1,2 @@
+[catalog]
+driver=keystone.catalog.backends.sql.Catalog
diff --git a/templates/template_catalog.erb b/templates/template_catalog.erb
new file mode 100644
index 000000000..30f923af0
--- /dev/null
+++ b/templates/template_catalog.erb
@@ -0,0 +1,3 @@
+[catalog]
+driver = keystone.catalog.backends.templated.TemplatedCatalog
+template_file = /etc/keystone/default_catalog.templates