diff --git a/README.rst b/README.rst
new file mode 100644
index 0000000..bac99c5
--- /dev/null
+++ b/README.rst
@@ -0,0 +1,45 @@
+================
+Keystone Formula
+================
+
+Install and configure the Openstack Keystone service
+
+.. note::
+    See the full `Salt Formulas installation and usage instructions
+    <http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.
+
+Available states
+================
+
+.. contents::
+    :local:
+
+``keystone``
+------------
+
+Install the keystone and enable the service.
+
+``keystone.db``
+---------------
+
+Create the db for keystone service.
+
+``keystone.keystone``
+---------------------
+
+Init the tenants, roles, service, endpoint and admin account.
+
+``keystone.server``
+-------------------
+
+Install the keystone and enable the service
+
+``keystone.openrc``
+-------------------
+
+Add the openrc file
+
+``keystone.client``
+-------------------
+
+Add the python-keystoneclient package.
diff --git a/keystone/client.sls b/keystone/client.sls
new file mode 100644
index 0000000..b55f438
--- /dev/null
+++ b/keystone/client.sls
@@ -0,0 +1,6 @@
+{%- from "keystone/map.jinja" import keystone with context %}
+
+keystone-client:
+  pkg.installed:
+    - refresh: False
+    - name: {{ keystone.client_pkg }}
diff --git a/keystone/db.sls b/keystone/db.sls
new file mode 100644
index 0000000..7ec3df0
--- /dev/null
+++ b/keystone/db.sls
@@ -0,0 +1,14 @@
+{%- set name="keystone" %}
+
+{{ name }}-db:
+  mysql_database.present:
+    - name: {{ name }}
+  mysql_user.present:
+    - name: {{ name }}
+    - host: "{{ salt["pillar.get"](name + ":mysql:host","%") }}"
+    - password: {{ salt["pillar.get"](name + ":mysql:password") }}
+  mysql_grants.present:
+    - host: "{{ salt["pillar.get"](name + ":mysql:host","%") }}"
+    - grant: all privileges
+    - database: "{{ name }}.*"
+    - user: {{ name }}
diff --git a/keystone/files/keystone.conf b/keystone/files/keystone.conf
new file mode 100644
index 0000000..96cc9eb
--- /dev/null
+++ b/keystone/files/keystone.conf
@@ -0,0 +1,10 @@
+{% from "keystone/map.jinja" import keystone_config with context -%}
+# This file is managed by salt
+{% for section, section_values in keystone_config | dictsort(true) %}
+[{{ section }}]
+  {%- for key, value in section_values|dictsort(true)%}
+{{ key }} = {{ value }}
+  {%- endfor %}
+{% endfor %}
+{#- vim:ft=sls
+-#}
diff --git a/keystone/files/wait-port.sh b/keystone/files/wait-port.sh
new file mode 100644
index 0000000..96c4c04
--- /dev/null
+++ b/keystone/files/wait-port.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+TIMEOUT=$1
+HOST=$2
+PORT=$3
+
+COUNT=0
+
+while ! nc -w 1 $HOST $PORT</dev/null; 
+do 
+    sleep 1; 
+    COUNT=$(( $COUNT+1 ))
+    if [ $COUNT -gt $TIMEOUT ]; then
+        echo 
+        printf "result=False comment=\"$HOST:$PORT is not avaliable\"\n"
+        exit 1
+    fi
+done
+echo
+printf "result=True comment=\"$HOST:$PORT is avaliable\"\n"
+true
diff --git a/keystone/init.sls b/keystone/init.sls
new file mode 100644
index 0000000..92446cb
--- /dev/null
+++ b/keystone/init.sls
@@ -0,0 +1,6 @@
+include:
+  - .db
+  - .openrc
+  - .server
+  - .client
+  - .keystone
diff --git a/keystone/keystone.sls b/keystone/keystone.sls
new file mode 100644
index 0000000..0238c2c
--- /dev/null
+++ b/keystone/keystone.sls
@@ -0,0 +1,53 @@
+{%- from "keystone/map.jinja" import keystone with context %}
+
+/tmp/wait-port.sh:
+  file.managed:
+    - source: salt://keystone/files/wait-port.sh
+    - template: jinja
+
+wait-keystone-port:
+  cmd.run:
+    - name: /bin/bash /tmp/wait-port.sh 30 {{ salt["pillar.get"]("keystone:admin_ip") }} 35357
+    - stateful: True
+    - require:
+      - file: /tmp/wait-port.sh
+    - require_in:
+      - keystone: keystone_default_tenants
+      - keystone: keystone_default_roles
+      - keystone: keystone_keystone_endpoint
+      - keystone: keystone_keystone_endpoint
+
+keystone_default_tenants:
+  keystone.tenant_present:
+    - names:
+      - admin
+      - service
+
+keystone_default_roles:
+  keystone.role_present:
+    - names:
+      - admin
+
+keystone_admin_user:
+  keystone.user_present:
+    - name: admin
+    - password: {{ salt['pillar.get']('keystone:keystone:admin:password') }}
+    - email: {{ salt['pillar.get']('keystone:keystone:admin:email') }}
+    - tenant: admin
+    - enable: True
+    - roles:
+      - admin:
+        - admin
+
+keystone_keystone_service:
+  keystone.service_present:
+    - name: keystone
+    - service_type: identity
+    - description: Openstack Identity Service
+
+keystone_keystone_endpoint:
+  keystone.endpoint_present:
+    - name: keystone
+    - publicurl: http://{{ salt["pillar.get"]("keystone:public_ip") }}:5000/v2.0
+    - internalurl: http://{{ salt["pillar.get"]("keystone:internal_ip") }}:5000/v2.0
+    - adminurl: http://{{ salt["pillar.get"]("keystone:admin_ip") }}:35357/v2.0
diff --git a/keystone/map.jinja b/keystone/map.jinja
new file mode 100644
index 0000000..6365741
--- /dev/null
+++ b/keystone/map.jinja
@@ -0,0 +1,49 @@
+{% set keystone=salt["grains.filter_by"]({
+  "Debian": {
+    "name": "keystone",
+    "pkg": "keystone",
+    "service": "keystone",
+    "client_pkg": "python-keystoneclient",
+  },
+  "RedHat": {
+    "name": "keystone",
+    "pkg": "openstack-keystone",
+    "service": "openstack-keystone",
+    "client_pkg": "python-keystoneclient",
+  },
+  "default":{
+    "name": "keystone",
+    "pkg": "keystone",
+    "service": "keystone",
+    "client_pkg": "python-keystoneclient",
+  }
+  },merge=salt["pillar.get"]("keystone:lookup")) %}
+
+# Set the keystone default config
+{%- set keystone_config = {
+  "DEFAULT": {
+    "debug": "false",
+    "verbose": "false",
+    "admin_token" : salt["grains.get_or_set_hash"]("keystone:admin_token", length=20, chars="abcdefghijklmnopqrstuvwxyz0123456789"),
+  },
+  "database": {
+    "connection": "mysql://keystone:" + salt["pillar.get"]("keystone:mysql:password") + "@" + salt["pillar.get"]("keystone:mysql:ip", "localhost") + "/keystone?charset=utf8",
+  },
+  "memcache": {
+    "servers": salt["pillar.get"]("keystone:memcached:ip") |join(":11211,") + ":11211",
+  },
+  "token": {
+    "driver": "keystone.token.backends.memcache.Token",
+    "provider": "keystone.token.providers.uuid.Provider"
+  }
+} %}
+
+{% for section, value in salt["pillar.get"]("keystone:config").iteritems() %}
+  {% if not keystone_config.has_key(section) %}
+    {% do keystone_config.update({ section:{} }) %}
+  {% endif %}
+  {% do keystone_config[section].update(value) %}
+{% endfor %}
+
+{#- vim:ft=sls
+-#}
diff --git a/keystone/openrc.sls b/keystone/openrc.sls
new file mode 100644
index 0000000..3f0c4e3
--- /dev/null
+++ b/keystone/openrc.sls
@@ -0,0 +1,11 @@
+{%- from "keystone/map.jinja" import keystone_config with context %}
+/root/openrc:
+  file.managed:
+    - contents: |
+        export OS_TENANT_NAME=admin
+        export OS_USERNAME=admin
+        export OS_PASSWORD={{ salt['pillar.get']('keystone:keystone:admin:password') }}
+        export OS_AUTH_URL=http://{{ salt["pillar.get"]("keystone:internal_ip") }}:5000/v2.0/
+        export SERVICE_TOKEN='{{ keystone_config.DEFAULT.admin_token }}'
+        export SERVICE_ENDPOINT=http://{{ salt["pillar.get"]("keystone:admin_ip") }}:35357/v2.0/
+    - template: jinja
diff --git a/keystone/server.sls b/keystone/server.sls
new file mode 100644
index 0000000..bff26fa
--- /dev/null
+++ b/keystone/server.sls
@@ -0,0 +1,28 @@
+{%- from "keystone/map.jinja" import keystone with context %}
+
+{{ keystone.name }}:
+  pkg.installed:
+    - refresh: False
+    - name: {{ keystone.pkg }}
+  service.running:
+    - name: {{ keystone.service }}
+    - enable: True
+    - restart: True
+    - require:
+      - pkg: {{ keystone.name }}
+      - file: /etc/keystone/keystone.conf
+    - watch:
+      - file: /etc/keystone/keystone.conf
+
+{{ keystone.name }}_sync_db:
+  cmd.run:
+    - name: keystone-manage db_sync
+    - require:
+      - file: /etc/keystone/keystone.conf
+
+/etc/keystone/keystone.conf:
+  file.managed:
+    - source: salt://keystone/files/keystone.conf
+    - template: jinja
+    - require:
+      - pkg: {{ keystone.name }}
diff --git a/pillar.example b/pillar.example
new file mode 100644
index 0000000..01fb99c
--- /dev/null
+++ b/pillar.example
@@ -0,0 +1,26 @@
+# Used by mysql module
+mysql.pass: 'pass'
+# Used by keystone module
+keystone.token: ADMIN_TOKEN
+keystone.endpoint: http://10.0.0.12:35357/v2.0
+
+keystone:
+  public_ip: 10.0.0.12
+  internal_ip: 10.0.0.12
+  admin_ip: 10.0.0.12
+  mysql:
+    ip: 10.0.0.12
+    host: '%'
+    password: 'pass'
+  memcached:
+    ip: [ 10.0.0.12 ]
+  keystone:
+    admin:
+      password: 'pass'
+      email: zhang.lei.fly@gmail.com
+  config:
+    DEFAULT:
+      #admin_token: ADMIN_TOKEN
+      debug: true
+{#- vim:ft=sls
+-#}