diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2
index d1ff2b33bc..31ed79655b 100644
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@@ -92,3 +92,6 @@ rbd_user = cinder
 rbd_secret_uuid = {{ rbd_secret_uuid }}
 report_discard_supported = True
 {% endif %}
+
+[privsep_entrypoint]
+helper_command=sudo cinder-rootwrap /etc/cinder/rootwrap.conf privsep-helper --config-file /etc/cinder/cinder.conf
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index 475416096d..b1777b69be 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -175,3 +175,6 @@ topics = notifications
 {% else %}
 driver = noop
 {% endif %}
+
+[privsep_entrypoint]
+helper_command=sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf