diff --git a/ansible/roles/bootstrap.yml b/ansible/roles/bootstrap.yml
index cb5bfd7fd8..c5a7e7a62a 100644
--- a/ansible/roles/bootstrap.yml
+++ b/ansible/roles/bootstrap.yml
@@ -25,6 +25,11 @@
     run_once: True
   when: database|changed
 
+# https://github.com/ansible/ansible-modules-core/pull/1031
+- name: Waiting for bootstrap container to exit
+  command: docker wait "{{ container_name }}"
+  when: database|changed
+
 - name: Cleaning up boostrap container
   docker:
     name: "{{ container_name }}"
diff --git a/ansible/roles/keystone/tasks/bootstrap.yml b/ansible/roles/keystone/tasks/bootstrap.yml
index c78e9347f4..a753ce01cf 100644
--- a/ansible/roles/keystone/tasks/bootstrap.yml
+++ b/ansible/roles/keystone/tasks/bootstrap.yml
@@ -4,7 +4,7 @@
 # initialization does not successfully finish
 - include: ../../bootstrap.yml
   vars:
-    container_detach: False
+    container_detach: "False"
     container_environment:
       KOLLA_BOOTSTRAP:
       KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
@@ -13,8 +13,8 @@
       PUBLIC_URL: "http://{{ kolla_external_address }}:{{ keystone_public_port }}/v2.0"
       INTERNAL_URL: "http://{{ kolla_internal_address }}:{{ keystone_public_port }}/v2.0"
       ADMIN_URL: "http://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v2.0"
-      OS_TOKEN: "{{ keystone_admin_token }}"
-      OS_URL: "http://{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ keystone_admin_port }}/v2.0"
+      OS_SERVICE_TOKEN: "{{ keystone_admin_token }}"
+      OS_SERVICE_ENDPOINT: "http://{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ keystone_admin_port }}/v2.0"
     container_image: "{{ docker_keystone_image_full }}"
     container_name: "bootstrap_keystone"
     container_restart_policy: "no"
diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
index 71180002fd..7287e4b467 100644
--- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -10,8 +10,8 @@ Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['addr
     <IfVersion >= 2.4>
       ErrorLogFormat "%{cu}t %M"
     </IfVersion>
-    ErrorLog /var/log/keystone/keystone.log
-    CustomLog /var/log/keystone/keystone_access.log combined
+    ErrorLog /var/log/httpd/keystone.log
+    CustomLog /var/log/httpd/keystone_access.log combined
 </VirtualHost>
 
 <VirtualHost *:{{ keystone_admin_port }}>
@@ -23,6 +23,6 @@ Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['addr
     <IfVersion >= 2.4>
       ErrorLogFormat "%{cu}t %M"
     </IfVersion>
-    ErrorLog /var/log/keystone/keystone.log
-    CustomLog /var/log/keystone/keystone_access.log combined
+    ErrorLog /var/log/httpd/keystone.log
+    CustomLog /var/log/httpd/keystone_access.log combined
 </VirtualHost>
diff --git a/docker/centos/binary/keystone/Dockerfile b/docker/centos/binary/keystone/Dockerfile
index 891d01ad86..ae03df97eb 100644
--- a/docker/centos/binary/keystone/Dockerfile
+++ b/docker/centos/binary/keystone/Dockerfile
@@ -14,7 +14,7 @@ RUN sed -i 's,/var/log/apache2,/var/log/httpd,' /etc/httpd/conf.d/wsgi-keystone.
 RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
 RUN cp -a /usr/share/keystone/keystone.wsgi /var/www/cgi-bin/keystone/main
 RUN cp -a /usr/share/keystone/keystone.wsgi /var/www/cgi-bin/keystone/admin
-RUN chown -R keystone: /var/www/cgi-bin/keystone /var/log/keystone
+RUN chown -R keystone: /var/www/cgi-bin/keystone
 RUN chmod 755 /var/www/cgi-bin/keystone/*
 
 # Add start-up and check scripts
diff --git a/docker/common/keystone/start.sh b/docker/common/keystone/start.sh
index 9a184787df..a05be17ae1 100755
--- a/docker/common/keystone/start.sh
+++ b/docker/common/keystone/start.sh
@@ -20,17 +20,18 @@ if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
     $CMD
     sleep 5
 
-    openstack service create --name keystone \
-                                --description "OpenStack Identity" identity
-    openstack endpoint create --region "${REGION_NAME}" \
+    keystone service-create --name keystone --type identity \
+                                --description "OpenStack Identity"
+    keystone endpoint-create --region "${REGION_NAME}" \
                                 --publicurl "${PUBLIC_URL}" \
                                 --internalurl "${INTERNAL_URL}" \
-                                --adminurl "${ADMIN_URL}" identity
+                                --adminurl "${ADMIN_URL}" \
+                                --service-id $(keystone service-list | awk '/ identity / {print $2}')
 
-    openstack project create --description "Admin Project" admin
-    openstack user create --password "${KEYSTONE_ADMIN_PASSWORD}" admin
-    openstack role create admin
-    openstack role add --project admin --user admin admin
+    keystone tenant-create --description "Admin Project" --name admin
+    keystone user-create --pass "${KEYSTONE_ADMIN_PASSWORD}" --name admin
+    keystone role-create --name admin
+    keystone user-role-add --user admin --tenant admin --role admin
 
     exit 0
 fi