diff --git a/manifests/profile/auth_file.pp b/manifests/profile/auth_file.pp
new file mode 100644
index 0000000000000000000000000000000000000000..2a28cdc4673187486000764f5e4b6d9dbb4db2d3
--- /dev/null
+++ b/manifests/profile/auth_file.pp
@@ -0,0 +1,14 @@
+class iaas::profile::auth_file (
+
+#$region = hiera('iaas::region', undef),
+
+) {
+  class { 'iaas::resources::auth_file':
+    admin_tenant    => $::iaas::profile::keystone::admin_tenant,
+    admin_password  => $::iaas::profile::keystone::admin_password,
+#    region_name     => $region,
+    region_name     => hiera('iaas::region', undef),
+#    controller_node => $::iaas::role::endpoint::main_hostname,
+    controller_node => hiera('iaas::role::endpoint::main_hostname' , undef),
+  }
+}
diff --git a/manifests/resources/auth_file.pp b/manifests/resources/auth_file.pp
new file mode 100644
index 0000000000000000000000000000000000000000..5296ae191a2840a5dbc6eec415233417369f2930
--- /dev/null
+++ b/manifests/resources/auth_file.pp
@@ -0,0 +1,58 @@
+# == Class: iaas::resources::auth_file
+#
+# Creates an auth file that can be used to export
+# environment variables that can be used to authenticate
+# against a keystone server.
+#
+# === Parameters
+#
+# [*admin_password*]
+#   (required) Admin password.
+# [*controller_node*]
+#   (optional) Keystone address. Defaults to '127.0.0.1'.
+# [*keystone_admin_token*]
+#   (optional) Admin token.
+#   NOTE: This setting will trigger a warning from keystone.
+#   Authentication credentials will be ignored by keystone client
+#   in favor of token authentication. Defaults to undef.
+# [*admin_user*]
+#   (optional) Defaults to 'admin'.
+# [*admin_tenant*]
+#   (optional) Defaults to 'openstack'.
+# [*region_name*]
+#   (optional) Defaults to 'RegionOne'.
+# [*use_no_cache*]
+#   (optional) Do not use the auth token cache. Defaults to true.
+# [*cinder_endpoint_type*]
+#   (optional) Defaults to 'publicURL'.
+# [*glance_endpoint_type*]
+#   (optional) Defaults to 'publicURL'.
+# [*keystone_endpoint_type*]
+#   (optional) Defaults to 'publicURL'.
+# [*nova_endpoint_type*]
+#   (optional) Defaults to 'publicURL'.
+# [*neutron_endpoint_type*]
+#   (optional) Defaults to 'publicURL'.
+#
+class iaas::resources::auth_file(
+  $admin_password,
+  $controller_node          = '127.0.0.1',
+  $keystone_admin_token     = undef,
+  $admin_user               = 'admin',
+  $admin_tenant             = 'pippo',
+  $region_name              = 'RegionOne',
+  $use_no_cache             = true,
+  $cinder_endpoint_type     = 'publicURL',
+  $glance_endpoint_type     = 'publicURL',
+  $keystone_endpoint_type   = 'publicURL',
+  $nova_endpoint_type       = 'publicURL',
+  $neutron_endpoint_type    = 'publicURL',
+) {
+
+  file { '/root/openrc':
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0550',
+    content => template("${module_name}/openrc.erb")
+  }
+}
diff --git a/manifests/role/controller.pp b/manifests/role/controller.pp
index e920de2bad67910addac6f3ae99afe3d0a7be445..6e7da97b77f6cb494c59850fda28dcee887bbd34 100644
--- a/manifests/role/controller.pp
+++ b/manifests/role/controller.pp
@@ -11,10 +11,12 @@ $zookeeper_id = undef,
   class { 'iaas::profile::cinder': } ->
   class { 'iaas::profile::nova::controller': } ->
   class { 'iaas::profile::neutron::server': } ->
+#  class { 'iaas::profile::neutron::router': } -> 
   class { 'iaas::profile::ceilometer::controller': 
     zookeeper_id => $zookeeper_id
   } ->
   class { 'iaas::profile::heat': } ->
   class { 'iaas::profile::horizon': } ->
-  class { 'iaas::setup::sharednetwork': }
+  class { 'iaas::setup::sharednetwork': } ->
+  class { 'iaas::profile::auth_file': }
 }
diff --git a/templates/openrc.erb b/templates/openrc.erb
new file mode 100644
index 0000000000000000000000000000000000000000..6bf063be0ede42b82e6061c36fa8075dd97a30c1
--- /dev/null
+++ b/templates/openrc.erb
@@ -0,0 +1,17 @@
+#!/bin/sh
+<% if @keystone_admin_token -%>
+export OS_SERVICE_TOKEN='<%= @keystone_admin_token.gsub(/'/){ %q(\') } %>'
+export OS_SERVICE_ENDPOINT='http://<%= @controller_node %>:35357/v2.0/'
+<% end -%>
+export OS_NO_CACHE='<%= @use_no_cache %>'
+export OS_TENANT_NAME='<%= @admin_tenant %>'
+export OS_USERNAME='<%= @admin_user %>'
+export OS_PASSWORD='<%= @admin_password.gsub(/'/){ %q(\') } %>'
+export OS_AUTH_URL='http://<%= @controller_node %>:5000/v2.0/'
+export OS_AUTH_STRATEGY='keystone'
+export OS_REGION_NAME='<%= @region_name %>'
+export CINDER_ENDPOINT_TYPE='<%= @cinder_endpoint_type %>'
+export GLANCE_ENDPOINT_TYPE='<%= @glance_endpoint_type %>'
+export KEYSTONE_ENDPOINT_TYPE='<%= @keystone_endpoint_type %>'
+export NOVA_ENDPOINT_TYPE='<%= @nova_endpoint_type %>'
+export NEUTRON_ENDPOINT_TYPE='<%= @neutron_endpoint_type %>'