diff --git a/ansible/roles/ironic/tasks/deploy.yml b/ansible/roles/ironic/tasks/deploy.yml
index 13589d6aa9..55db93d752 100644
--- a/ansible/roles/ironic/tasks/deploy.yml
+++ b/ansible/roles/ironic/tasks/deploy.yml
@@ -1,7 +1,8 @@
 ---
 - include: register.yml
-  when: inventory_hostname in groups['ironic-api'] or
-        inventory_hostname in groups['ironic-inspector']
+  when: enable_keystone | bool and
+        (inventory_hostname in groups['ironic-api'] or
+        inventory_hostname in groups['ironic-inspector'])
 
 - include: config.yml
   when: inventory_hostname in groups['ironic-api'] or
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index 48d37858f7..77b8bdd9b6 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -6,13 +6,15 @@
 # suppressed by the deployer by setting a value for the option.
 
 [DEFAULT]
+{% if not enable_keystone | bool %}
+auth_strategy = noauth
+admin_user = {{ openstack_auth.username }}
+admin_password = {{ keystone_admin_password }}
+{% endif %}
 debug = {{ ironic_logging_debug }}
 
 log_dir = /var/log/kolla/ironic
 
-admin_user = {{ openstack_auth.username }}
-admin_password = {{ keystone_admin_password }}
-
 enabled_drivers = pxe_ipmitool,pxe_ssh
 
 transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
@@ -34,6 +36,7 @@ automated_clean=false
 connection = mysql+pymysql://{{ ironic_database_user }}:{{ ironic_database_password }}@{{ ironic_database_address }}/{{ ironic_database_name }}
 max_retries = -1
 
+{% if enable_keystone | bool %}
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -47,6 +50,7 @@ password = {{ ironic_keystone_password }}
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
 memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+{% endif %}
 
 
 [glance]