diff --git a/roles/disable_interface/README.md b/roles/disable_interface/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..73c3366b2b5ec3bafc29ef5c5cacd4d11a6883c2
--- /dev/null
+++ b/roles/disable_interface/README.md
@@ -0,0 +1,11 @@
+This role permanently turns off a network interface. This is needed for baremetal
+machines, which may have a management interface (i.e. e1p1) that needs to
+be disabled for security reasons. We use `ip link set <Name> down` to disable the interface.
+
+To survive a reboot, this role sets up a service file and enables it for starting upon an OS start.
+
+Usage
+ - {role: disable_interface, interface_name : "eth5" }
+ - {role: disable_interface  }
+
+{{ interface_name }} if not defined, defaults to "e1p1"
diff --git a/roles/disable_interface/tasks/main.yml b/roles/disable_interface/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e1c644517f46bc12528afbbfee1db3906040e362
--- /dev/null
+++ b/roles/disable_interface/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+
+# This role adds a sytemd services file and enables it
+# It disables the {{ interface_name }} interface  (Management port) on Baremetal nodes
+- set_fact: interface_name="e1p1"
+  when: interface_name is undefined
+
+- name: Create service file for turning off interace name
+  template: src=disable_interface.service.j2 dest=/etc/systemd/system/disable_interface.service mode="u=rw,g=r,o=r"
+  become: true
+  become_user: root
+
+- name: enable and start device_off service
+  service: name=disable_interface.service state=started enabled=yes
+  become: true
+  become_user: root
diff --git a/roles/disable_interface/templates/disable_interface.service.j2 b/roles/disable_interface/templates/disable_interface.service.j2
new file mode 100644
index 0000000000000000000000000000000000000000..8f858cd374b79b50fd044d01a0dfa604c447faf8
--- /dev/null
+++ b/roles/disable_interface/templates/disable_interface.service.j2
@@ -0,0 +1,15 @@
+[Unit]
+Description=Turn off {{ interface_name }} interface (management port)
+After=network.target network-online.target openibd.service
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/sbin/ip link set {{ interface_name }}  down
+#'ip link show {{ interface_name }} ' is either UP or DOWN
+
+[Install]
+WantedBy=multi-user.target
+WantedBy=final.target
+