diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 4e70263ed23ba8607c251ac430dd3de8809f8154..36b7eb44999920650a8f5c3ec74c8c4295aa294c 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -452,6 +452,12 @@ keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keyston
 keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}"
 keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}"
 
+default_project_domain_name: "Default"
+default_project_domain_id: "default"
+
+default_user_domain_name: "Default"
+default_user_domain_id: "default"
+
 # Valid options are [ uuid, fernet ]
 keystone_token_provider: "uuid"
 fernet_token_expiry: 86400
diff --git a/ansible/roles/aodh/templates/aodh.conf.j2 b/ansible/roles/aodh/templates/aodh.conf.j2
index f93d717afd4cbc9c8ad8f547f931a003db9a39a7..4355cf4ee2d84de7c544b9ffe5ab86771e21f871 100644
--- a/ansible/roles/aodh/templates/aodh.conf.j2
+++ b/ansible/roles/aodh/templates/aodh.conf.j2
@@ -20,9 +20,9 @@ memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
 memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
-project_domain_name = default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = default
+user_domain_name = {{ default_user_domain_name }}
 username = {{ aodh_keystone_user }}
 password = {{ aodh_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -35,6 +35,6 @@ region_name = {{ openstack_region_name }}
 password = {{ aodh_keystone_password }}
 username = {{ aodh_keystone_user }}
 project_name = service
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 auth_type = password
diff --git a/ansible/roles/barbican/templates/barbican.conf.j2 b/ansible/roles/barbican/templates/barbican.conf.j2
index 343cb6b4dbefa9960c4898167ff1699fee98cfd5..33867fd14ae0d59fb7fd201514d08ded7c478b14 100644
--- a/ansible/roles/barbican/templates/barbican.conf.j2
+++ b/ansible/roles/barbican/templates/barbican.conf.j2
@@ -49,9 +49,9 @@ enable = True
 
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
-project_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
 project_name = service
-user_domain_id = default
+user_domain_id = {{ default_user_domain_id }}
 username = {{ barbican_keystone_user }}
 password = {{ barbican_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -71,6 +71,6 @@ region_name = {{ openstack_region_name }}
 password = {{ barbican_keystone_password }}
 username = {{ barbican_keystone_user }}
 project_name = service
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 auth_type = password
diff --git a/ansible/roles/ceilometer/templates/ceilometer.conf.j2 b/ansible/roles/ceilometer/templates/ceilometer.conf.j2
index 52b6614ffe1c4764819e4abf2f9349619d736ced..2bcf8e95912d1c903e7783e8f3fde809e36366c0 100644
--- a/ansible/roles/ceilometer/templates/ceilometer.conf.j2
+++ b/ansible/roles/ceilometer/templates/ceilometer.conf.j2
@@ -36,9 +36,9 @@ metering_connection = mysql+pymysql://{{ ceilometer_database_user }}:{{ ceilomet
 
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
-project_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = Default
+user_domain_name = {{ default_user_domain_name }}
 username = {{ ceilometer_keystone_user }}
 password = {{ ceilometer_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -55,8 +55,8 @@ region_name = {{ openstack_region_name }}
 password = {{ ceilometer_keystone_password }}
 username = {{ ceilometer_keystone_user }}
 project_name = service
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 auth_type = password
 interface = internal
 
diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2
index 44803fc4d05998f5cdad39fc01e1bf0d23470037..b5109d4d4a272d1a589ef8af50bb8c6131314c02 100644
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@@ -82,8 +82,8 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ cinder_keystone_user }}
 password = {{ cinder_keystone_password }}
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
index 843fd2c6721bf1ac71c5a336826cec4b7f85d409..90b121f8f7de5aef1c32288366fa88280e739288 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
@@ -13,8 +13,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ cloudkitty_keystone_user }}
 password = {{ cloudkitty_keystone_password }}
diff --git a/ansible/roles/congress/templates/congress.conf.j2 b/ansible/roles/congress/templates/congress.conf.j2
index c5b3734167e5b10a2b0aaa806cfecf5b7442da05..b2a10c3444e9549b435f80eb63b0bd98c3c5c6c8 100644
--- a/ansible/roles/congress/templates/congress.conf.j2
+++ b/ansible/roles/congress/templates/congress.conf.j2
@@ -32,8 +32,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ congress_keystone_user }}
 password = {{ congress_keystone_password }}
diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2
index 68e163889ddce5de5fc4e3a9acf07711e7fbb7d7..402c4de5f87f8c6b579e37e7e926d7fc072509f9 100644
--- a/ansible/roles/designate/templates/designate.conf.j2
+++ b/ansible/roles/designate/templates/designate.conf.j2
@@ -20,8 +20,8 @@ workers = {{ openstack_service_workers }}
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ designate_keystone_user }}
 password = {{ designate_keystone_password }}
diff --git a/ansible/roles/freezer/templates/freezer-api.conf.j2 b/ansible/roles/freezer/templates/freezer-api.conf.j2
index 2d2cf122c61a251745f8a267d2c7ce3bbee7354e..8c082e67e8180e921845fe56fc43b3ab72c573f9 100644
--- a/ansible/roles/freezer/templates/freezer-api.conf.j2
+++ b/ansible/roles/freezer/templates/freezer-api.conf.j2
@@ -12,8 +12,8 @@ bind_port = {{ freezer_api_port }}
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ freezer_keystone_user }}
 password = {{ freezer_keystone_password }}
diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2
index bf7b1ef4df95411f0afad12e5375ddcc8663c212..de565d7898dce79ab5d3bc3740883a47d2cd4075 100644
--- a/ansible/roles/glance/templates/glance-api.conf.j2
+++ b/ansible/roles/glance/templates/glance-api.conf.j2
@@ -36,8 +36,8 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ glance_keystone_user }}
 password = {{ glance_keystone_password }}
diff --git a/ansible/roles/glance/templates/glance-registry.conf.j2 b/ansible/roles/glance/templates/glance-registry.conf.j2
index 7b2259982c0306d1bd9134d4548ddefdde25743b..1e90941850b95a1d245c2d6a9d3263575c66412b 100644
--- a/ansible/roles/glance/templates/glance-registry.conf.j2
+++ b/ansible/roles/glance/templates/glance-registry.conf.j2
@@ -23,8 +23,8 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ glance_keystone_user }}
 password = {{ glance_keystone_password }}
diff --git a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 b/ansible/roles/gnocchi/templates/gnocchi.conf.j2
index 0910123fcb9f7e73d8eab3bdb51ad5cc829051d7..835e063ca94b0872bd1d59047a345ace0f09c783 100644
--- a/ansible/roles/gnocchi/templates/gnocchi.conf.j2
+++ b/ansible/roles/gnocchi/templates/gnocchi.conf.j2
@@ -32,9 +32,9 @@ url = mysql+pymysql://{{ gnocchi_database_user }}:{{ gnocchi_database_password }
 
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
-project_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
 project_name = service
-user_domain_id = default
+user_domain_id = {{ default_user_domain_id }}
 username = {{ gnocchi_keystone_user }}
 password = {{ gnocchi_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2
index 0260ca409353b657e50fc96c0ad1e7430660d369..c58b0a7a3d6a93def7b39a3b7e94d04c636b2047 100644
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@@ -44,8 +44,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ heat_keystone_user }}
 password = {{ heat_keystone_password }}
@@ -70,7 +70,7 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-user_domain_id = default
+user_domain_id = {{ default_user_domain_id }}
 username = {{ heat_keystone_user }}
 password = {{ heat_keystone_password }}
 
diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
index 5ecdbd40b0684b19824b57dd9b9eebad2be7772c..5b93100fe6d41186f09bbda81e5a235f5d75a44a 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
@@ -16,8 +16,8 @@ auth_url = {{ keystone_admin_url }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ ironic_inspector_keystone_user }}
 password = {{ ironic_inspector_keystone_password }}
@@ -31,8 +31,8 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ ironic_inspector_keystone_user }}
 password = {{ ironic_inspector_keystone_password }}
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index 4b91decbbbf4612336599e277f9ce6cdf7dcc953..db92ebd6cf8ac20bd43d121b4879300021745441 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -44,8 +44,8 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ ironic_keystone_user }}
 password = {{ ironic_keystone_password }}
diff --git a/ansible/roles/karbor/templates/karbor.conf.j2 b/ansible/roles/karbor/templates/karbor.conf.j2
index d9d86133b96cab495dbe6dad49eb874435057a39..fa54d41422e934c6399179311730cb3365157abb 100644
--- a/ansible/roles/karbor/templates/karbor.conf.j2
+++ b/ansible/roles/karbor/templates/karbor.conf.j2
@@ -14,7 +14,7 @@ connection = mysql+pymysql://{{ karbor_database_user }}:{{ karbor_database_passw
 max_retries = -1
 
 [trustee]
-user_domain_id = default
+user_domain_id = {{ default_user_domain_id }}
 username = {{ karbor_keystone_user }}
 password = {{ karbor_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -31,10 +31,10 @@ service_name = karbor
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
-project_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ karbor_keystone_user }}
 password = {{ karbor_keystone_password }}
diff --git a/ansible/roles/kuryr/templates/kuryr.conf.j2 b/ansible/roles/kuryr/templates/kuryr.conf.j2
index 04b94a0ec9a9a8cc7340b585fe5e54006caf4d93..31eee0fd9865142c806de4248830bc9e7e0a3635 100644
--- a/ansible/roles/kuryr/templates/kuryr.conf.j2
+++ b/ansible/roles/kuryr/templates/kuryr.conf.j2
@@ -13,10 +13,10 @@ driver = kuryr.lib.binding.drivers.veth
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = Default
-project_domain_id = default
-user_domain_id = default
+user_domain_name = {{ default_user_domain_name }}
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 password = {{ kuryr_keystone_password }}
 username = {{ kuryr_keystone_user }}
diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2
index 46e715f1ff642e93211346b14c34261007735000..8443511cb76e5c1ddd583b0048e746abddef18d0 100644
--- a/ansible/roles/magnum/templates/magnum.conf.j2
+++ b/ansible/roles/magnum/templates/magnum.conf.j2
@@ -46,8 +46,8 @@ endpoint_type = internalURL
 
 [keystone_auth]
 auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
-user_domain_name = Default
-project_domain_name = Default
+user_domain_name = {{ default_user_domain_name }}
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
 password = {{ magnum_keystone_password }}
 username = {{ magnum_keystone_user }}
@@ -58,8 +58,8 @@ auth_version = v3
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_name = Default
-user_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
+user_domain_name = {{ default_user_domain_name }}
 project_name = service
 username = {{ magnum_keystone_user }}
 password = {{ magnum_keystone_password }}
diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2
index 22eb4058a1eed5345e6a7a0c830a26bf0e38b530..332143069f0ecb8a0a2305fe6928bc2f0e1c481e 100644
--- a/ansible/roles/manila/templates/manila-share.conf.j2
+++ b/ansible/roles/manila/templates/manila-share.conf.j2
@@ -9,8 +9,8 @@ default_share_type = default_share_type
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
 project_name = service
@@ -25,8 +25,8 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
 project_name = service
@@ -42,8 +42,8 @@ url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port
 uth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
 project_name = service
diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2
index fa79fe49293f82385cbb039c0ec9150902275b6e..e95565ea55fb976e38d13d1d7554443fa16a2b92 100644
--- a/ansible/roles/manila/templates/manila.conf.j2
+++ b/ansible/roles/manila/templates/manila.conf.j2
@@ -30,8 +30,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ manila_keystone_user }}
 password = {{ manila_keystone_password }}
diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2
index bb66b8c7bbeb2e809e02c6b76c96618bb8e7a4d6..6c409a065d195899f7d64b98f14ca417063da7ab 100644
--- a/ansible/roles/mistral/templates/mistral.conf.j2
+++ b/ansible/roles/mistral/templates/mistral.conf.j2
@@ -24,8 +24,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ mistral_keystone_user }}
 password = {{ mistral_keystone_password }}
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index b491c6b4e4fb604f5ece899dd34fbfe593c582cb..ed20d64fd95714f4deda41ea115cafb58303f9e2 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -62,8 +62,8 @@ external_dns_driver = designate
 [nova]
 auth_url = {{ keystone_admin_url }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 region_name = {{ openstack_region_name }}
 project_name = service
 username = {{ nova_keystone_user }}
@@ -84,8 +84,8 @@ max_retries = -1
 auth_uri = {{ keystone_internal_url }}
 auth_url = {{ keystone_admin_url }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ neutron_keystone_user }}
 password = {{ neutron_keystone_password }}
@@ -124,8 +124,8 @@ url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ designate_keystone_user }}
 password = {{ designate_keystone_password }}
diff --git a/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2 b/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2
index fbdf92857b9a6aad843f24073d39935648f6a880..c76bfd81f76e12e114412c13967f218225dae4f4 100644
--- a/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2
+++ b/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2
@@ -27,8 +27,8 @@ auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_po
 project_name = service
 username = {{ placement_keystone_user }}
 password = {{ placement_keystone_password }}
-project_domain_name = default
-user_domain_name = default
+project_domain_name = {{ default_project_domain_name }}
+user_domain_name = {{ default_user_domain_name }}
 os_region_name = {{ openstack_region_name }}
 
 [glance]
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index b4e7a6bf75b1c9dbb5294904dea0262aa6ae72cc..a257b2728f38eb7656bf6446122b7513dadf217b 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -110,8 +110,8 @@ auth_url = {{ openstack_auth.auth_url }}/v3
 {% endif %}
 auth_type = password
 project_name = service
-user_domain_name = default
-project_domain_name = default
+user_domain_name = {{ default_user_domain_name }}
+project_domain_name = {{ default_project_domain_name }}
 {% if orchestration_engine != 'KUBERNETES' %}
 api_endpoint = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}/v1
 {% else %}
@@ -144,8 +144,8 @@ service_metadata_proxy = true
 
 auth_url = {{ keystone_admin_url }}
 auth_type = password
-project_domain_name = default
-user_domain_id = default
+project_domain_name = {{ default_project_domain_name }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ neutron_keystone_user }}
 password = {{ neutron_keystone_password }}
@@ -175,8 +175,8 @@ auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_publi
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 {% endif %}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ nova_keystone_user }}
 password = {{ nova_keystone_password }}
@@ -242,9 +242,9 @@ auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_po
 {% endif %}
 username = {{ placement_keystone_user }}
 password = {{ placement_keystone_password }}
-user_domain_name = default
+user_domain_name = {{ default_user_domain_name }}
 project_name = service
-project_domain_name = default
+project_domain_name = {{ default_project_domain_name }}
 os_region_name = {{ openstack_region_name }}
 os_interface = internal
 
diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2
index 6c33e84589e2cc1e5e0543020702eb26e9a59c69..e18fccd1b65e65f0f53fd41cf1d81db584761a66 100644
--- a/ansible/roles/octavia/templates/octavia.conf.j2
+++ b/ansible/roles/octavia/templates/octavia.conf.j2
@@ -28,9 +28,9 @@ auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin
 auth_type = password
 username = {{ openstack_auth.username }}
 password = {{ keystone_admin_password }}
-user_domain_name = Default
+user_domain_name = {{ default_user_domain_name }}
 project_name = {{ openstack_auth.project_name }}
-project_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
 
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
diff --git a/ansible/roles/panko/templates/panko.conf.j2 b/ansible/roles/panko/templates/panko.conf.j2
index 74e2157c6f6114dfabffa7c3be0eee55d8ecccad..b6d0643b02d48cb707f6ac6700363dd76499835c 100644
--- a/ansible/roles/panko/templates/panko.conf.j2
+++ b/ansible/roles/panko/templates/panko.conf.j2
@@ -15,9 +15,9 @@ metering_connection = mysql+pymysql://{{ panko_database_user }}:{{ panko_databas
 
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
-project_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = Default
+user_domain_name = {{ default_user_domain_name }}
 username = {{ panko_keystone_user }}
 password = {{ panko_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
diff --git a/ansible/roles/sahara/templates/sahara.conf.j2 b/ansible/roles/sahara/templates/sahara.conf.j2
index 2dc715586e3b1dc33dcb08bdc42882ba274df126..62ade771f0de2a3f91765e464dd70472f30fda4d 100644
--- a/ansible/roles/sahara/templates/sahara.conf.j2
+++ b/ansible/roles/sahara/templates/sahara.conf.j2
@@ -16,9 +16,9 @@ connection = mysql+pymysql://{{ sahara_database_user }}:{{ sahara_database_passw
 
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
-project_domain_name = default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = default
+user_domain_name = {{ default_user_domain_name }}
 username = {{ sahara_keystone_user }}
 password = {{ sahara_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -41,8 +41,8 @@ region_name = {{ openstack_region_name }}
 password = {{ sahara_keystone_password }}
 username = {{ sahara_keystone_user }}
 project_name = service
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 auth_type = password
 
 [oslo_messaging_notifications]
diff --git a/ansible/roles/searchlight/templates/searchlight.conf.j2 b/ansible/roles/searchlight/templates/searchlight.conf.j2
index cf66c005dfc49d2ead452a029b615da51a3dd1f4..26387071332c1332286a86c45bd378a2ed5054b5 100644
--- a/ansible/roles/searchlight/templates/searchlight.conf.j2
+++ b/ansible/roles/searchlight/templates/searchlight.conf.j2
@@ -25,9 +25,9 @@ flavor = keystone
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
-project_domain_name = default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = default
+user_domain_name = {{ default_user_domain_name }}
 username = {{ searchlight_keystone_user }}
 password = {{ searchlight_keystone_password }}
 auth_type = password
diff --git a/ansible/roles/senlin/templates/senlin.conf.j2 b/ansible/roles/senlin/templates/senlin.conf.j2
index a9f9d5b724846df838086d2444a27c31d7563230..0c116cbe46a40783355ae6f9dd92e1b7a442c42d 100644
--- a/ansible/roles/senlin/templates/senlin.conf.j2
+++ b/ansible/roles/senlin/templates/senlin.conf.j2
@@ -32,8 +32,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ senlin_keystone_user }}
 password = {{ senlin_keystone_password }}
diff --git a/ansible/roles/solum/templates/solum.conf.j2 b/ansible/roles/solum/templates/solum.conf.j2
index 894eb945bd4213a1c87d889607d784f2b91a6291..7ecd449265fcc55d30980522ab8f864c61da9f53 100644
--- a/ansible/roles/solum/templates/solum.conf.j2
+++ b/ansible/roles/solum/templates/solum.conf.j2
@@ -45,8 +45,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ solum_keystone_user }}
 password = {{ solum_keystone_password }}
diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2
index b4044155ec887ede96a917f6766f9bd7878614c4..117f54ed60bced79f7a4aba0a1a5e2dfab50f86d 100644
--- a/ansible/roles/swift/templates/proxy-server.conf.j2
+++ b/ansible/roles/swift/templates/proxy-server.conf.j2
@@ -35,8 +35,8 @@ paste.filter_factory = keystonemiddleware.auth_token:filter_factory
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ swift_keystone_user }}
 password = {{ swift_keystone_password }}
diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2
index 2a126912c3299b1573d269c39764ce470471ae9a..1dde691233a0b0b24e5e97290b41374a19634c37 100644
--- a/ansible/roles/tacker/templates/tacker.conf.j2
+++ b/ansible/roles/tacker/templates/tacker.conf.j2
@@ -26,8 +26,8 @@ alarm_monitor_driver = ceilometer
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ nova_keystone_user }}
 password = {{ nova_keystone_password }}
@@ -42,8 +42,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ tacker_keystone_user }}
 password = {{ tacker_keystone_password }}
diff --git a/ansible/roles/trove/templates/trove.conf.j2 b/ansible/roles/trove/templates/trove.conf.j2
index 7280922045665d872398505ff230bfca759409de..3ebe97afdb7adb023fd4e1e384ff05ea3d7b0d44 100644
--- a/ansible/roles/trove/templates/trove.conf.j2
+++ b/ansible/roles/trove/templates/trove.conf.j2
@@ -28,9 +28,9 @@ connection = mysql+pymysql://{{ trove_database_user }}:{{ trove_database_passwor
 
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
-project_domain_name = Default
+project_domain_name = {{ default_project_domain_name }}
 project_name = service
-user_domain_name = Default
+user_domain_name = {{ default_user_domain_name }}
 username = {{ trove_keystone_user }}
 password = {{ trove_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
diff --git a/ansible/roles/watcher/templates/watcher.conf.j2 b/ansible/roles/watcher/templates/watcher.conf.j2
index 62cd15a5a30117db34bab385a6715a1dc9f8853e..60411b78d200626165a67cbcc8fad5aef83d9487 100644
--- a/ansible/roles/watcher/templates/watcher.conf.j2
+++ b/ansible/roles/watcher/templates/watcher.conf.j2
@@ -19,8 +19,8 @@ max_retries = -1
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ watcher_keystone_user }}
 password = {{ watcher_keystone_password }}
@@ -33,8 +33,8 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ watcher_keystone_user }}
 password = {{ watcher_keystone_password }}
diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2
index 2901860a5583063d0a4893c1f6781fab76204b0c..df1e9c38ba4115be60ac2fa7c532e0d32a3b8bfa 100644
--- a/ansible/roles/zun/templates/zun.conf.j2
+++ b/ansible/roles/zun/templates/zun.conf.j2
@@ -31,8 +31,8 @@ service_name = zun
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ zun_keystone_user }}
 password = {{ zun_keystone_password }}
@@ -45,8 +45,8 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ zun_keystone_user }}
 password = {{ zun_keystone_password }}
@@ -60,8 +60,8 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ zun_keystone_user }}
 password = {{ zun_keystone_password }}
@@ -73,8 +73,8 @@ api_version = 2
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
+project_domain_id = {{ default_project_domain_id }}
+user_domain_id = {{ default_user_domain_id }}
 project_name = service
 username = {{ zun_keystone_user }}
 password = {{ zun_keystone_password }}