diff --git a/chef/cookbooks/openstack-common/attributes/default.rb b/chef/cookbooks/openstack-common/attributes/default.rb
index 384586b..c84a1e7 100644
--- a/chef/cookbooks/openstack-common/attributes/default.rb
+++ b/chef/cookbooks/openstack-common/attributes/default.rb
@@ -29,7 +29,8 @@
 default["openstack"]["developer_mode"] = true
 
 # The type of token signing to use (uuid or pki)
-default["openstack"]["auth"]["strategy"] = "uuid"
+#default["openstack"]["auth"]["strategy"] = "uuid"
+default["openstack"]["auth"]["strategy"] = "pki"
 
 # Set to true where using self-signed certs (in testing environments)
 default["openstack"]["auth"]["validate_certs"] = true
diff --git a/chef/cookbooks/openstack-identity/recipes/server.rb b/chef/cookbooks/openstack-identity/recipes/server.rb
index 5517fc8..6c246a6 100644
--- a/chef/cookbooks/openstack-identity/recipes/server.rb
+++ b/chef/cookbooks/openstack-identity/recipes/server.rb
@@ -88,6 +88,14 @@ file "/var/lib/keystone/keystone.db" do
   action :delete
 end
 
+["/etc/keystone/keystone.conf", "/etc/keystone/logging.conf"].each do |file|
+  file file do
+    owner node["openstack"]["identity"]["user"]
+    group node["openstack"]["identity"]["group"]
+    mode  00700
+  end
+end
+
 execute "keystone-manage pki_setup" do
   user node["openstack"]["identity"]["user"]
 
diff --git a/chef/databags/openstack/openstack.json b/chef/databags/openstack/openstack.json
index d16daf4..05b79be 100644
--- a/chef/databags/openstack/openstack.json
+++ b/chef/databags/openstack/openstack.json
@@ -5,7 +5,8 @@
       "os-ops-messaging": "openstack message queue node",
       "os-image": "openstack image node",
       "os-ops-database": "openstack database node",
-      "os-compute-worker": "openstack nova node"
+      "os-compute-worker": "openstack nova node",
+      "os-ha": "Software load balance node"
     },
   "role_mapping": {
       "os-controller": {
@@ -103,7 +104,7 @@
   "ha": {
     "status": "disable",
     "haproxy": {
-      "vip": "10.145.88.231",
+      "vip": "",
       "roles": {
         "os-controller": ["dashboard_http","dashboard_https","keystone_admin", "keystone_public_internal","nova_ec2_api","nova_compute_api","cinder_api","neutron_api"],
         "os-image": ["glance_api","glance_registry_cluster"]
@@ -111,18 +112,12 @@
     },
     "keepalived": {
       "router_ids": {
-        "node1.name_in_chef_server": "lsb01",
-        "node2.name_in_chef_server": "lsb02"
       },
       "instance_name": {
-        "vip": "10.145.88.231",
+        "vip": "",
         "priorities": {
-          "node1.name_in_chef_server": 110,
-          "node2.name_in_chef_server": 101
         },
         "states": {
-          "centos-10-145-88-152": "BACKUP",
-          "centos-10-145-88-153": "MASTER"
         }
       }
     }
@@ -214,6 +209,7 @@
           "bundles" : [ ],
           "exclusives" : [ "os-controller" ],
           "roles" : [
+              "os-ha",
               "os-ops-database",
               "os-ops-messaging",
               "os-controller",
@@ -224,7 +220,13 @@
             ],
           "default_min" : 1,
           "default_max" : 1,
-          "maxs" : { "os-compute-worker": -1 }
+          "maxs" : { 
+              "os-compute-worker": -1,
+              "os-ha": 0
+            },
+          "mins": {
+              "os-ha": 0
+            }
         },
       "policy_by_host_numbers" : {
           "1" : { 
diff --git a/chef/roles/os-ha.rb b/chef/roles/os-ha.rb
new file mode 100644
index 0000000..ccb383f
--- /dev/null
+++ b/chef/roles/os-ha.rb
@@ -0,0 +1,6 @@
+name "os-ha"
+description "Software load banance"
+run_list(
+  "recipe[keepalived]",  
+  "recipe[haproxy::tcp_lb]"
+  )