diff --git a/plays/allnodes.yml b/plays/allnodes.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ac098f4dd1496fd05c7ce869b09ab54144cd307b
--- /dev/null
+++ b/plays/allnodes.yml
@@ -0,0 +1,47 @@
+- hosts: 'all'
+  vars_files: 
+  - vars/passwords.yml 
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml 
+  - vars/slurm.yml 
+  - vars/vars.yml 
+  tasks:
+  - { name: set use shared state, set_fact: usesharedstatedir=False }
+  - { name: set hostgroup, set_fact: hostgroup='ComputeNodes' }
+  tags: [ always ]
+
+- hosts: 'all'
+  vars_files: 
+  - vars/passwords.yml 
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml 
+  - vars/slurm.yml 
+  - vars/vars.yml 
+  strategy: free
+  roles:
+#  - { role: disable_selinux, tags: [ disableselinux ] }
+  - { role: upgrade }
+  - { role: set_password }
+  - { role: etcHosts, tags: [ networking ] }
+#  - { role: config_repos, tags: [ repos ] }
+
+- hosts: 'DesktopNodes,ComputeNodes,LoginNodes,ManagementNodes'
+  vars_files: 
+  - vars/passwords.yml 
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml 
+  - vars/slurm.yml 
+  - vars/vars.yml 
+  strategy: free
+  roles:
+  - { role: disable_selinux, tags: [ disableselinux ] }
+  - { role: ldapclient, tags: [ authentication ] }
+  - { role: ssh-password-login, tags: [ authentication ] }
+  - { role: enable_sudo_group, tags: [ authentication, sudo ] }
+  - { role: move_homedir }
+  - { role: calculateKnownHosts, tags: [ calculateKnownHosts ] }
+  - { role: SSHKnownHosts, tags: [ known_hosts ] }
+  - { role: jasons_ssh_ca, tags: [ ssh_ca ] }
diff --git a/plays/computenodes.yml b/plays/computenodes.yml
new file mode 100644
index 0000000000000000000000000000000000000000..208ad954f57c479461c4270b69abefe20384c468
--- /dev/null
+++ b/plays/computenodes.yml
@@ -0,0 +1,64 @@
+
+- hosts: 'DesktopNodes,ComputeNodes,LoginNodes,VisNodes'
+  vars_files: 
+  - vars/passwords.yml 
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml 
+  - vars/slurm.yml 
+  - vars/vars.yml 
+  tasks:
+  - { name: set use shared state, set_fact: usesharedstatedir=False }
+  tags: [ always ]
+
+- hosts: 'DesktopNodes,ComputeNodes,LoginNodes'
+  vars_files: 
+  - vars/passwords.yml 
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml 
+  - vars/slurm.yml 
+  - vars/vars.yml 
+  strategy: free
+  roles:
+  - { role: move_homedir, tags: [ authentication, filesystems ] }
+  - { role: nfs-client, nfsMounts: "{{ computeNfsMounts }}", tags: [ filesystems ] }
+  - { role: slurm-common, tags: [ slurm, slurm-common ] }
+  - { role: lmod, tags: [ other ] }
+  - { role: enable_modules, default_modules: "lmod", tags: [ other ] }
+  - { role: postfix, tags: [ mail, other ] }
+
+- hosts: 'VisNodes'
+  vars_files:
+  - vars/passwords.yml
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml
+  - vars/slurm.yml
+  - vars/vars.yml
+  roles:
+  - { role: gpu, tags: [ gpu ] }
+
+- hosts: 'DesktopNodes,ComputeNodes,LoginNodes'
+  vars_files:
+  - vars/passwords.yml
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml
+  - vars/slurm.yml
+  - vars/vars.yml
+  roles:
+  - { role: slurm_config, tags: [slurm, slurm_config] }
+
+- hosts: 'DesktopNodes,ComputeNodes'
+  vars_files:
+  - vars/passwords.yml
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml
+  - vars/slurm.yml
+  - vars/vars.yml
+  strategy: free
+  roles:
+  - { role: slurm-start, start_slurmd: True, tags: [ slurm, slurmstart ] }
+  - { role: mate-de-install, tags: [ mate-de-install ] }   # TODO this crashes for everything except cmca
diff --git a/plays/files b/plays/files
new file mode 120000
index 0000000000000000000000000000000000000000..feb122881ce2321d72ad6b867bd2a3d01eadaac3
--- /dev/null
+++ b/plays/files
@@ -0,0 +1 @@
+../files
\ No newline at end of file
diff --git a/plays/init_slurmconf.yml b/plays/init_slurmconf.yml
new file mode 100644
index 0000000000000000000000000000000000000000..30667ac53b5b6c387af0bdacb609f09cc8bfa5c3
--- /dev/null
+++ b/plays/init_slurmconf.yml
@@ -0,0 +1,15 @@
+---
+- hosts: 'all'
+  tasks:
+  - include_vars: vars/passwords.yml 
+  - include_vars: vars/names.yml
+  - include_vars: vars/ldapConfig.yml
+  - include_vars: vars/filesystems.yml 
+  - include_vars: vars/slurm.yml 
+  - include_vars: vars/vars.yml 
+- hosts: 'all'
+  tasks:
+  - { name: setup, setup: }
+- hosts: 'ManagementNodes'
+  roles:
+  - { role: calculateSlurmConf }
diff --git a/plays/make_files.yml b/plays/make_files.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b05925ce73f9be136bb46128961990b938c07910
--- /dev/null
+++ b/plays/make_files.yml
@@ -0,0 +1,22 @@
+---
+# just calculates an etc hosts
+- hosts: 'all'
+  tasks:
+  - include_vars: vars/passwords.yml
+  - include_vars: vars/names.yml
+  - include_vars: vars/ldapConfig.yml
+  - include_vars: vars/filesystems.yml
+  - include_vars: vars/slurm.yml
+  - include_vars: vars/vars.yml
+- hosts: 'all'
+  tasks:
+  - { name: setup, setup: }
+- hosts: 'ManagementNodes'
+  roles:
+  - { role: calculateEtcHosts }
+  
+#- hosts: 'NFSNodes'
+#  roles:
+#  - { role: calculateExports }
+
+
diff --git a/plays/mgmtnodes.yml b/plays/mgmtnodes.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c890a5456b5306f1478070e3f329fc57adc51340
--- /dev/null
+++ b/plays/mgmtnodes.yml
@@ -0,0 +1,43 @@
+# Basic stuff to make the nodes functionl
+# i.e. upgrade operating systems, etc
+#
+
+- hosts: 'ManagementNodes'
+  vars_files: 
+  - vars/passwords.yml 
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml 
+  - vars/slurm.yml 
+  - vars/vars.yml 
+  tasks:
+      #  - { name: set hostgroup, set_fact: hostgroup='ManagementNodes' }
+  - { name: set use shared state, set_fact: usesharedstatedir=True }
+  tags: [ always ]
+
+- hosts: 'ManagementNodes'
+  strategy: free
+  gather_facts: False
+  vars_files: 
+  - vars/passwords.yml 
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml 
+  - vars/slurm.yml 
+  - vars/vars.yml 
+  roles:
+#  - { role: ldapclient, tags: [ authentication ] }
+#  - { role: ssh-password-login }
+#  - { role: enable_sudo_group }
+#  - { role: make_filesystems, volumes: "{{ glustervolumes }}" }
+#  - { role: gluster_server, volname: "gv", brickmnt: '/gbrick', gluster_servers: "{{ groups['ManagementNodes'] }}", replicas: 2, tags: [ gluster_server ]  }
+#  - { role: gluster_volcreate, volname: "gv", gluster_servers: "{{ groups['ManagementNodes'] }}", brickmnt: '/gbrick', replicas: 2 }
+#  - { role: gluster_client, volname: "gv", gluster_servers: ['mgmt0','mgmt1','sql0'], volmnt: '/glusterVolume' }
+  - { role: nfs-client, nfsMounts: "{{ mgmtNfsMounts }}", tags: [ nfs ] }
+  - { role: slurmdb-config, tags: [ slurm, slurmdb-config ] }
+  - { role: slurm-common, tags: [ slurm, slurm-common ]  }
+  - { role: slurm_config, tags: [ slurm, slurm-config ] }
+  - { role: slurm-start, start_slurmdbd: True, start_slurmctld: True, tags: [ slurm-start ]  }
+#  - { role: provision_slurm, use_active_directory: False, lockpath: "/mnt/home", tags: [ slurm ]  }
+#  - { role: provision_homedir, use_active_directory: False, mntpt: "/mnt/home", tags: [ provisioning ] }
+
diff --git a/plays/nfssqlnodes.yml b/plays/nfssqlnodes.yml
new file mode 100644
index 0000000000000000000000000000000000000000..30b3b1ed1d6ddab06d6b538757ef636538338082
--- /dev/null
+++ b/plays/nfssqlnodes.yml
@@ -0,0 +1,84 @@
+# Role to initialize nfs and SQL Nodes
+# 
+#
+
+- hosts: 'all'
+  tasks:
+  - { name: setup, setup: }
+  tags: [ always ]
+  
+#we need this here to gather facts and fill required variables.
+- hosts: 'ManagementNodes'
+  gather_facts: True
+  tasks:
+  - include_vars: vars/passwords.yml 
+  - include_vars: vars/names.yml
+  - include_vars: vars/ldapConfig.yml
+  - include_vars: vars/filesystems.yml 
+  - include_vars: vars/slurm.yml 
+  - include_vars: vars/vars.yml 
+  - { name: set hostgroup, set_fact: hostgroup='ManagementNodes' }
+  - { name: set use shared state, set_fact: usesharedstatedir=True }
+  tags: [ always ]
+  
+- hosts: 'SQLNodes,NFSNodes'
+  vars_files: 
+  - vars/passwords.yml 
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml 
+  - vars/slurm.yml 
+  - vars/vars.yml 
+  pre_tasks:
+  - { name: set hostgroup, set_fact: hostgroup='SQLNodes', tags: [ always ] }
+  - { name: set use shared state, set_fact: usesharedstatedir=True, tags: [ always ] }
+
+- hosts: 'SQLNodes'
+  vars_files: 
+  - vars/passwords.yml 
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml 
+  - vars/slurm.yml 
+  - vars/vars.yml 
+  strategy: free
+  gather_facts: True
+  roles:
+  - { role: upgrade, tags: [ upgrade ] }
+  - { role: make_filesystems, volumes: "{{ dbvolumes }}" }
+  - { role: mysql, mysql_type: mysql_server,  mysql_root_password: "{{ sqlrootPasswd }}", mysql_user_name: slurmdb, mysql_user_db_name: slurm_acct_db, mysql_user_hosts_group: "{{ groups['ManagementNodes'] }}", mysql_user_password: "{{ slurmdb_passwd }}", tags: [ database ] }
+  - { role: slurm-mysql-config, tags: [database,slurmdb] }
+  tags: [ sql ]
+ 
+- hosts: 'NFSNodes'
+  vars_files: 
+  - vars/passwords.yml 
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml 
+  - vars/slurm.yml 
+  - vars/vars.yml 
+  strategy: free
+  gather_facts: False
+  roles:
+  - { role: make_filesystems, volumes: "{{ nfsvolumes }}" }
+  tasks:
+  - { name: make homedir, file: { path: /nfsvol/home, state: directory }, become: true, become_user: root }
+  - { name: make usr_local, file: { path: /nfsvol/usr_local_centos7, state: directory }, become: true, become_user: root }
+  - { name: make projects, file: { path: /nfsvol/projects, state: directory }, become: true, become_user: root }
+  - { name: make projects, file: { path: /nfsvol/scratch, state: directory }, become: true, become_user: root }
+  tags: [ nfs ]
+
+- hosts: 'NFSNodes'
+  strategy: free
+  gather_facts: False
+  vars_files: 
+  - vars/passwords.yml 
+  - vars/names.yml
+  - vars/ldapConfig.yml
+  - vars/filesystems.yml 
+  - vars/slurm.yml 
+  - vars/vars.yml 
+  roles:
+  - { role: nfs-server }
+  tags: [ nfs ]
diff --git a/plays/roles b/plays/roles
new file mode 120000
index 0000000000000000000000000000000000000000..d8c4472ca1b65cea039252e137ff3b4ab5d3a555
--- /dev/null
+++ b/plays/roles
@@ -0,0 +1 @@
+../roles
\ No newline at end of file
diff --git a/plays/vars b/plays/vars
new file mode 120000
index 0000000000000000000000000000000000000000..e8d9a6429b3aaab679b98557469104f0f7cc952b
--- /dev/null
+++ b/plays/vars
@@ -0,0 +1 @@
+../vars
\ No newline at end of file
diff --git a/roles/cron-access/tasks/main.yml b/roles/cron-access/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..09e97aea34682a7e66782f3f2e98389ffa3f892a
--- /dev/null
+++ b/roles/cron-access/tasks/main.yml
@@ -0,0 +1,8 @@
+- name: Adding pamd access for users who can run cron jobs
+  lineinfile:
+    path: /etc/security/access.conf
+    state: present
+    insertbefore: '^-:ALL EXCEPT root systems ec2-user debian ubuntu admin :ALL'
+    line: '+: cron-users : cron crond :0'
+  become: true
+  become_user: root