diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 9ae7a1861c..275ec38093 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -243,7 +243,9 @@ kafka_port: "9092"
 karbor_api_port: "8799"
 
 keystone_public_port: "5000"
+keystone_public_listen_port: "{{ keystone_public_port }}"
 keystone_admin_port: "35357"
+keystone_admin_listen_port: "{{ keystone_admin_port }}"
 keystone_ssh_port: "8023"
 
 kibana_server_port: "5601"
@@ -677,9 +679,11 @@ kibana_log_prefix: "flog"
 ####################
 # Keystone options
 ####################
-keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}"
-keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}"
-keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}"
+keystone_internal_fqdn: "{{ kolla_internal_fqdn }}"
+keystone_external_fqdn: "{{ kolla_external_fqdn }}"
+keystone_admin_url: "{{ admin_protocol }}://{{ keystone_internal_fqdn }}:{{ keystone_admin_port }}"
+keystone_internal_url: "{{ internal_protocol }}://{{ keystone_internal_fqdn }}:{{ keystone_public_port }}"
+keystone_public_url: "{{ public_protocol }}://{{ keystone_external_fqdn }}:{{ keystone_public_port }}"
 
 keystone_admin_user: "admin"
 keystone_admin_project: "admin"
diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml
index 64c40b1100..5154c45a4e 100644
--- a/ansible/roles/keystone/defaults/main.yml
+++ b/ansible/roles/keystone/defaults/main.yml
@@ -20,16 +20,19 @@ keystone_services:
         mode: "http"
         external: false
         port: "{{ keystone_public_port }}"
+        listen_port: "{{ keystone_public_listen_port }}"
       keystone_external:
         enabled: "{{ enable_keystone }}"
         mode: "http"
         external: true
         port: "{{ keystone_public_port }}"
+        listen_port: "{{ keystone_public_listen_port }}"
       keystone_admin:
         enabled: "{{ enable_keystone }}"
         mode: "http"
         external: false
         port: "{{ keystone_admin_port }}"
+        listen_port: "{{ keystone_admin_listen_port }}"
   keystone-ssh:
     container_name: "keystone_ssh"
     group: "keystone"
diff --git a/ansible/roles/keystone/tasks/precheck.yml b/ansible/roles/keystone/tasks/precheck.yml
index 53c268c793..d0863b940e 100644
--- a/ansible/roles/keystone/tasks/precheck.yml
+++ b/ansible/roles/keystone/tasks/precheck.yml
@@ -9,7 +9,7 @@
 - name: Checking free port for Keystone Admin
   wait_for:
     host: "{{ api_interface_address }}"
-    port: "{{ keystone_admin_port }}"
+    port: "{{ keystone_admin_listen_port }}"
     connect_timeout: 1
     timeout: 1
     state: stopped
@@ -20,7 +20,7 @@
 - name: Checking free port for Keystone Public
   wait_for:
     host: "{{ api_interface_address }}"
-    port: "{{ keystone_public_port }}"
+    port: "{{ keystone_public_listen_port }}"
     connect_timeout: 1
     timeout: 1
     state: stopped
diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
index 522f872770..5e14169ab4 100644
--- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -1,8 +1,8 @@
 {% set keystone_log_dir = '/var/log/kolla/keystone' %}
 {% set python_path = '/usr/lib/python2.7/site-packages' if keystone_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
 {% set binary_path = '/usr/bin' if keystone_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
-Listen {{ api_interface_address }}:{{ keystone_public_port }}
-Listen {{ api_interface_address }}:{{ keystone_admin_port }}
+Listen {{ api_interface_address }}:{{ keystone_public_listen_port }}
+Listen {{ api_interface_address }}:{{ keystone_admin_listen_port }}
 
 ServerSignature Off
 ServerTokens Prod
@@ -17,7 +17,7 @@ TraceEnable off
 </Directory>
 
 
-<VirtualHost *:{{ keystone_public_port }}>
+<VirtualHost *:{{ keystone_public_listen_port }}>
     WSGIDaemonProcess keystone-public processes={{ openstack_service_workers }} threads=1 user=keystone group=keystone display-name=%{GROUP} python-path={{ python_path }}
     WSGIProcessGroup keystone-public
     WSGIScriptAlias / {{ binary_path }}/keystone-wsgi-public
@@ -31,7 +31,7 @@ TraceEnable off
     CustomLog "{{ keystone_log_dir }}/keystone-apache-public-access.log" logformat
 </VirtualHost>
 
-<VirtualHost *:{{ keystone_admin_port }}>
+<VirtualHost *:{{ keystone_admin_listen_port }}>
     WSGIDaemonProcess keystone-admin processes={{ openstack_service_workers }} threads=1 user=keystone group=keystone display-name=%{GROUP} python-path={{ python_path }}
     WSGIProcessGroup keystone-admin
     WSGIScriptAlias / {{ binary_path }}/keystone-wsgi-admin