diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2
index fc0dc60a1d..a951cbc5e8 100644
--- a/ansible/roles/zun/templates/zun.conf.j2
+++ b/ansible/roles/zun/templates/zun.conf.j2
@@ -11,34 +11,24 @@ transport_url = {{ rpc_transport_url }}
 
 state_path = /var/lib/zun
 container_driver = docker.driver.DockerDriver
-db_type = sql
 
 [network]
 driver = kuryr
 
-[oslo_messaging_notifications]
-transport_url = {{ notify_transport_url }}
-driver = messaging
-
 [api]
 host_ip = {{ api_interface_address }}
 port = {{ zun_api_port }}
 workers = {{ openstack_service_workers }}
 
-[compute]
-topic = zun-compute
-
 [database]
 connection = mysql+pymysql://{{ zun_database_user }}:{{ zun_database_password }}@{{ zun_database_address }}/{{ zun_database_name }}
 max_retries = -1
 
-[zun_client]
-version = 1
-service_type = container
-service_name = zun
-
+# NOTE(yoctozepto): despite what the docs say, both keystone_auth and
+# keystone_authtoken sections are used and Zun internals may use either -
+# - best keep them both in sync
 [keystone_auth]
-auth_uri = {{ keystone_internal_url }}
+www_authenticate_uri = {{ keystone_internal_url }}
 auth_url = {{ keystone_admin_url }}
 auth_type = password
 project_domain_id = {{ default_project_domain_id }}
@@ -46,11 +36,18 @@ user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ zun_keystone_user }}
 password = {{ zun_keystone_password }}
+service_token_roles_required = True
+region_name = {{ openstack_region_name }}
 
+{% if enable_memcached | bool %}
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
 memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+{% endif %}
 
+# NOTE(yoctozepto): despite what the docs say, both keystone_auth and
+# keystone_authtoken sections are used and Zun internals may use either -
+# - best keep them both in sync
 [keystone_authtoken]
 www_authenticate_uri = {{ keystone_internal_url }}
 auth_url = {{ keystone_admin_url }}
@@ -61,32 +58,27 @@ project_name = service
 username = {{ zun_keystone_user }}
 password = {{ zun_keystone_password }}
 service_token_roles_required = True
+region_name = {{ openstack_region_name }}
 
+{% if enable_memcached | bool %}
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
 memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+{% endif %}
+
+[zun_client]
+region_name = {{ openstack_region_name }}
+endpoint_type = internalURL
 
 [glance_client]
-auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
-auth_type = password
-project_domain_id = {{ default_project_domain_id }}
-user_domain_id = {{ default_user_domain_id }}
-project_name = service
-username = {{ zun_keystone_user }}
-password = {{ zun_keystone_password }}
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
 
 [neutron_client]
-auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
-auth_type = password
-project_domain_id = {{ default_project_domain_id }}
-user_domain_id = {{ default_user_domain_id }}
-project_name = service
-username = {{ zun_keystone_user }}
-password = {{ zun_keystone_password }}
+region_name = {{ openstack_region_name }}
+endpoint_type = internalURL
+
+[cinder_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL