diff --git a/modules/openstack_project/manifests/base.pp b/modules/openstack_project/manifests/base.pp
index 1bea40f8fd..0617b812bf 100644
--- a/modules/openstack_project/manifests/base.pp
+++ b/modules/openstack_project/manifests/base.pp
@@ -77,7 +77,7 @@ class openstack_project::base(
     }
   }
 
-  ssh_authorized_key { '/root/.ssh/authorized_keys':
+  ssh_authorized_key { 'puppet-remote-2014-04-17':
     ensure  => present,
     user    => 'root',
     type    => 'ssh-rsa',
@@ -88,6 +88,10 @@ class openstack_project::base(
     ],
     require => File['/root/.ssh'],
   }
+  ssh_authorized_key { '/root/.ssh/authorized_keys':
+    ensure  => absent,
+    user    => 'root',
+  }
 
   # Use upstream puppet and pin to version 2.7.*
   if ($::osfamily == 'Debian') {
diff --git a/modules/openstack_project/manifests/params.pp b/modules/openstack_project/manifests/params.pp
index 06fe370d35..c55a318916 100644
--- a/modules/openstack_project/manifests/params.pp
+++ b/modules/openstack_project/manifests/params.pp
@@ -18,5 +18,5 @@ class openstack_project::params {
       fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).")
     }
   }
-  $allowed_ssh_command = 'timeout -s 9 30m puppet agent --test'
+  $allowed_ssh_command = 'timeout -s 9 30m puppet agent --onetime --ignorecache --no-daemonize --no-usecacheonfailure --no-splay'
 }
diff --git a/modules/openstack_project/templates/run_remote_puppet.sh.erb b/modules/openstack_project/templates/run_remote_puppet.sh.erb
index a13ac15f9a..ad9334a43c 100755
--- a/modules/openstack_project/templates/run_remote_puppet.sh.erb
+++ b/modules/openstack_project/templates/run_remote_puppet.sh.erb
@@ -16,8 +16,15 @@
 
 # This function will properly fail if puppet is disabled on the target host
 function run_ssh {
-    echo ssh -o StrictHostKeyChecking=no root@$1 <%= scope.lookupvar('openstack_project::params::allowed_ssh_command') %>
-    ssh -o StrictHostKeyChecking=no root@$1 <%= scope.lookupvar('openstack_project::params::allowed_ssh_command') %>
+    echo ssh root@$1 <%= scope.lookupvar('openstack_project::params::allowed_ssh_command') %>
+    ssh -o StrictHostKeyChecking=no root@$1 <%= scope.lookupvar('openstack_project::params::allowed_ssh_command') %> >/dev/null
+    ret=$?
+    if [ $ret == 124 ] ; then
+        echo "puppet on $1 timed out"
+    elif [ $ret != 0 ] ; then
+        echo "puppet on $1 failed with return code: $ret"
+    fi
+    return $ret
 }
 export -f run_ssh