diff --git a/roles/badges/backend/tasks/main.yml b/roles/badges/backend/tasks/main.yml
index 6775ef3c03..97c90e0305 100644
--- a/roles/badges/backend/tasks/main.yml
+++ b/roles/badges/backend/tasks/main.yml
@@ -167,3 +167,19 @@
   - scripts
   - badges
   - badges/backend
+
+#Set PS1 to show prod/stage environment at PS1
+#Should work in sh/bash. Needs tested in other shells
+#
+- name: set PS1 for prod and stage in /etc/profile.d
+  copy: >
+  src=templates/setps1.sh.j2
+  dest=/etc/profile.d/setps1.sh
+  owner=root
+  group=sysadmin-badges
+  mode=644
+  when: {{ env in ['production','staging'] }}
+  tags:
+  - base
+  - config
+
diff --git a/roles/badges/backend/templates/setps1.sh.j2 b/roles/badges/backend/templates/setps1.sh.j2
new file mode 100644
index 0000000000..6eca2dcb38
--- /dev/null
+++ b/roles/badges/backend/templates/setps1.sh.j2
@@ -0,0 +1,8 @@
+# Set PS1 based on env:
+#
+{% if {{ env }} in 'production' %}
+PS1="\e[0;31m[PROD]\e[m[\u@\h \W]\$ "
+{% elif {{ env }} in 'staging' %}
+PS1="[STG]\e[m[\u@\h \W]\$  "
+{% endif }%
+
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
deleted file mode 100644
index 8139bb042c..0000000000
--- a/roles/base/tasks/main.yml
+++ /dev/null
@@ -1,412 +0,0 @@
----
-
-#
-# This is the base role for all machines.
-# Things in here are things we want to do to every machine no matter what.
-#
-
-# XXX fixme # a datacenter 'fact' from setup
-- name: /etc/resolv.conf
-  copy: src={{ item }} dest=/etc/resolv.conf
-  with_first_found:
-  - "{{ resolvconf }}"
-  - resolv.conf/{{ ansible_fqdn }}
-  - resolv.conf/{{ host_group }}
-  - resolv.conf/{{ datacenter }}
-  - resolv.conf/resolv.conf
-  tags:
-  - config
-  - resolvconf
-  - base
-  - ifcfg
-
-- name: check for NetworkManager/nmcli
-  command: /usr/bin/test -f /usr/bin/nmcli
-  register: nmclitest
-  ignore_errors: true
-  changed_when: false
-  failed_when: "1 != 1"
-  always_run: true
-  tags:
-   - config
-   - resolvconf
-   - base
-   - ifcfg
-
-- name: disable resolv.conf control from NM
-  ini_file: dest=/etc/NetworkManager/NetworkManager.conf section=main option=dns value=none
-  notify:
-  - restart NetworkManager
-  when: ansible_distribution_major_version|int >=7 and nmclitest|success and ( not ansible_ifcfg_blacklist)
-  tags:
-   - config
-   - resolvconf
-   - base
-   - ifcfg
-
-- name: get interface uuid
-  shell: nmcli -f "DEVICE,UUID" c show --active | grep -E '^eth|^br'
-  register: if_uuid
-  changed_when: false
-  failed_when: 'if_uuid.stdout == ""'
-  always_run: yes
-  when: ansible_distribution_major_version|int >=7 and nmclitest|success and ( not ansible_ifcfg_blacklist )
-  tags:
-   - config
-   - ifcfg
-   - base
-
-- name: copy ifcfg files - non virthost
-  template: src=ifcfg.j2 dest=/etc/sysconfig/network-scripts/ifcfg-{{item}} mode=644
-  with_items:
-  - "{{ ansible_interfaces }}"
-  notify:
-#  - restart NetworkManager   
-  - reload NetworkManager-connections
-  - apply interface-changes
-  when: (virthost is not defined) and (not item.startswith('tun')) and (not item.startswith('virbr')) and (not item.startswith('vnet')) and (hostvars[inventory_hostname]['ansible_' + item.replace('-','_')]['type'] == 'ether') and (ansible_distribution_major_version|int >=7) and hostvars[inventory_hostname]['ansible_' + item.replace('-','_')]['active'] and nmclitest|success and ( not ansible_ifcfg_blacklist )
-  tags:
-   - config
-   - ifcfg
-   - base
-
-- name: global default packages to install (yum)
-  yum: state=present name={{ item }}
-  with_items:
-   - "{{ global_pkgs_inst }}"
-  tags:
-  - packages
-  - base
-  when: ansible_distribution_major_version|int < 22
-
-- name: global default packages to install (dnf)
-  dnf: state=present name={{ item }}
-  with_items:
-   - "{{ global_pkgs_inst }}"
-  tags:
-  - packages
-  - base
-  when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
-
-- debug: msg="{{ansible_nodename}}  {{inventory_hostname}} {{ansible_distribution_major_version|int}}"
-
-- name: make sure hostname is set right on rhel7 hosts
-  command: hostnamectl set-hostname {{ inventory_hostname }}
-  when: ( ansible_nodename != inventory_hostname ) and ansible_distribution_major_version|int == 7
-
-- name: sshd_config
-  copy: src={{ item }} dest=/etc/ssh/sshd_config mode=600
-  with_first_found:
-    - "{{ sshd_config }}"
-    - ssh/sshd_config.{{ ansible_fqdn }}
-    - ssh/sshd_config.{{ host_group }}
-    - ssh/sshd_config.{{ dist_tag }}
-    - ssh/sshd_config.{{ ansible_distribution }}
-    - ssh/sshd_config.{{ ansible_distribution_version }}
-    - ssh/sshd_config.default
-  notify:
-  - restart sshd
-  tags:
-  - sshd_config
-  - config
-  - sshd
-  - base
-
-- name: set root passwd
-  user: name=root password={{ rootpw }} state=present
-  tags:
-  - rootpw
-  - base
-  when: not (inventory_hostname.startswith('rawhide') or inventory_hostname.startswith('branched') or inventory_hostname.startswith('compose') or inventory_hostname.startswith('build') or inventory_hostname.startswith('arm') or inventory_hostname.startswith('bkernel') or inventory_hostname.startswith('koji01.stg') or inventory_hostname.startswith('aarch64') or inventory_hostname.startswith('s390') or inventory_hostname.startswith('fed-cloud09'))
-
-- name: add ansible root key
-  authorized_key: user=root key="{{ item }}"
-  with_file:
-  - ansible-pub-key
-  tags:
-  - config
-  - base
-
-- name: make sure our resolv.conf is the one being used - set RESOLV_MODS=no in /etc/sysconfig/network
-  lineinfile: dest=/etc/sysconfig/network create=yes backup=yes state=present line='RESOLV_MODS=no' regexp=^RESOLV_MODS=
-  tags:
-  - config
-  - base
-
-- name: dist pkgs to remove (yum)
-  yum: state=absent name={{ item }}
-  with_items:
-   - "{{ base_pkgs_erase }}"
-  tags:
-  - packages
-  - base
-  when: ansible_distribution_major_version|int < 22
-
-- name: dist pkgs to install (yum)
-  yum: state=present name={{ item }}
-  with_items:
-   - "{{ base_pkgs_inst }}"
-  tags:
-  - packages
-  - base
-  when: ansible_distribution_major_version|int < 22
-
-- name: dist pkgs to remove (dnf)
-  dnf: state=absent name={{ item }}
-  with_items:
-   - "{{ base_pkgs_erase }}"
-  tags:
-  - packages
-  - base
-  when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
-
-- name: dist pkgs to install (dnf)
-  dnf: state=present name={{ item }}
-  with_items:
-   - "{{ base_pkgs_inst }}"
-  tags:
-  - packages
-  - base
-  when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
-
-- name: dist disabled services
-  service: state=stopped enabled=false name={{ item }}
-  with_items:
-   - "{{ service_disabled }}"
-  tags:
-  - service
-  - config
-  - base
-
-- name: dist enabled services
-  service: state=running enabled=true name={{ item }}
-  with_items:
-   - "{{ service_enabled }}"
-  tags:
-  - service
-  - config
-  - base
-
-- name: iptables
-  template: src={{ item }} dest=/etc/sysconfig/iptables mode=600 validate="/sbin/iptables-restore --text %s"
-  with_first_found:
-   - iptables/iptables.{{ datacenter }}
-   - iptables/iptables.{{ ansible_fqdn }}
-   - iptables/iptables.{{ host_group }}
-   - iptables/iptables.{{ env }}
-   - iptables/iptables
-  when: not inventory_hostname.startswith('fed-cloud09')
-  notify:
-  - restart iptables
-  - reload libvirtd
-  tags:
-  - iptables
-  - config
-  - base
-
-- name: iptables service enabled
-  service: name=iptables state=started enabled=true
-  tags:
-  - iptables
-  - service
-  - base
-
-- name: ip6tables
-  template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=600 backup=yes
-  with_first_found:
-   - iptables/ip6tables.{{ datacenter }}
-   - iptables/ip6tables.{{ ansible_fqdn }}
-   - iptables/ip6tables.{{ host_group }}
-   - iptables/ip6tables.{{ env }}
-   - iptables/ip6tables
-  when: not inventory_hostname.startswith('fed-cloud09')
-  notify:
-  - restart ip6tables
-  - reload libvirtd
-  tags:
-  - ip6tables
-  - config
-  - base
-
-- name: ip6tables service enabled
-  service: name=ip6tables state=started enabled=true
-  tags:
-  - ip6tables
-  - service
-  - base
-
-- name: enable journald persistence
-  file: path=/var/log/journal state=directory
-        owner=root group=systemd-journal mode=2755
-  when: ansible_distribution_major_version|int >= 7
-  tags:
-  - journald
-  - config
-  - base
-  notify:
-  - flush journald tmpfiles to persistent store
-
-- name: rsyslog.conf
-  copy: src={{ item }} dest=/etc/rsyslog.conf mode=644
-  with_first_found:
-    - rsyslog/rsyslog.conf.{{ ansible_fqdn }}
-    - rsyslog/rsyslog.conf.{{ dist_tag }}
-    - rsyslog/rsyslog.conf.default
-  notify:
-  - restart rsyslog
-  tags:
-  - rsyslogd
-  - config
-  - base
-
-- name: rsyslog log rotate for rsyslog servers
-  copy: src=rsyslog/merged-rsyslog dest=/etc/logrotate.d/merged-rsyslog mode=644
-  when: inventory_hostname.startswith('log')
-  notify:
-  - restart rsyslog
-  tags:
-  - rsyslogd
-  - config
-  - base
-
-- name: add rsyslog config to /etc/rsyslog.d
-  copy: src={{ item }} dest=/etc/rsyslog.d/ owner=root group=root mode=0644
-  with_fileglob:
-   - rsyslog/*.conf
-  notify:
-  - restart rsyslog
-  tags:
-  - rsyslogd
-  - config
-  - base
-
-- name: log everything to log01 except on mirrorlist, do not log local4 there.
-  copy: src=rsyslog/rsyslog-log01 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644
-  when: not inventory_hostname.startswith(('mirrorlist','copr','jenkins'))
-  tags:
-  - rsyslogd
-  - config
-  - base
-
-- name: log everything to log01 except on mirrorlist, do log local4 there.
-  copy: src=rsyslog/rsyslog-log01-nolocal4 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644
-  when: inventory_hostname.startswith('mirrorlist')
-  tags:
-  - rsyslogd
-  - config
-  - base
-   - base
-
-- name: /etc/postfix/main.cf
-  copy: src={{ item }} dest=/etc/postfix/main.cf
-  with_first_found:
-    - "{{ postfix_maincf }}"
-    - "postfix/main.cf/main.cf.{{ ansible_fqdn }}"
-    - "postfix/main.cf/main.cf.{{ host_group }}"
-    - "postfix/main.cf/main.cf.{{ postfix_group }}"
-    - "postfix/main.cf/main.cf.{{ datacenter }}"
-    - "postfix/main.cf/main.cf"
-  notify:
-  - restart postfix
-  tags:
-  - postfix
-  - config
-  - base
-
-- name: install /etc/postfix/master.cf file
-  copy: src={{ item }} dest=/etc/postfix/master.cf mode=0644
-  with_first_found:
-    - "{{ postfix_mastercf }}"
-    - "postfix/master.cf/master.cf.{{ ansible_fqdn }}"
-    - "postfix/master.cf/master.cf.{{ inventory_hostname }}"
-    - "postfix/master.cf/master.cf.{{ host_group }}"
-    - "postfix/master.cf/master.cf.{{ postfix_group }}"
-    - "postfix/master.cf/master.cf"
-  when: inventory_hostname.startswith('smtp-mm')
-  notify:
-  - restart postfix
-  tags:
-  - postfix
-  - config
-  - base
-
-- name: enable postfix to start
-  service: name=postfix state=running enabled=true
-  tags:
-  - service
-  - base
-
-- name: install /etc/postfix/transport file
-  copy: src="postfix/{{ postfix_transport_filename }}" dest=/etc/postfix/transport
-  when: inventory_hostname.startswith(('smtp-mm','bastion'))
-  notify:
-  - restart postfix
-  - rebuild postfix transport
-  tags:
-  - postfix
-  - base
-  - config
-
-- name: install ntp.conf
-  template: src=ntp/ntp.conf.j2 dest=/etc/ntp.conf
-  tags:
-  - ntp
-  - config
-  - base
-
-- name: install ntp step-tickers
-  copy: src=ntp/step-tickers dest=/etc/ntp/step-tickers
-  tags:
-  - ntp
-  - config
-  - base
-
-- name: Start ntpd
-  service: name=ntpd state=running enabled=true
-  tags:
-  - ntp
-  - service
-  - base
-
-#
-# This task installs some common scripts to /usr/local/bin
-# scripts are under roles/base/files/common-scripts
-#
-
-- name: Install common scripts
-  copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
-  with_fileglob:
-   - common-scripts/*
-  tags:
-  - config
-  - base
-
-- name: install a sync httpd logs cron script only on log01
-  copy: src=syncHttpLogs.sh dest=/etc/cron.daily/syncHttpLogs.sh mode=755
-  when: inventory_hostname.startswith('log01')
-  tags:
-  - config
-  - base
-
-- name: Drop in a little system_identification note
-  template: src=system_identification dest=/etc/system_identification
-  tags:
-  - config
-  - base
-
-#
-# Blacklist the cdc_ether module as we don't want it loading mgmt usb0 and spewing to logs. 
-#
-- name: Blacklist cdc_ether module
-  copy: src=blacklist-cdc_ether.conf dest=/etc/modprobe.d/blacklist-cdc_ether.conf
-  when: ansible_virtualization_role == 'host'
-  tags:
-  - config
-  - base
-  - cdc_ether
-
-#
-# Watchdog stuff
-#
-- name: Set up watchdog
-  include: watchdog.yml
diff --git a/roles/base/templates/setps1.sh.j2 b/roles/base/templates/setps1.sh.j2
new file mode 100644
index 0000000000..6eca2dcb38
--- /dev/null
+++ b/roles/base/templates/setps1.sh.j2
@@ -0,0 +1,8 @@
+# Set PS1 based on env:
+#
+{% if {{ env }} in 'production' %}
+PS1="\e[0;31m[PROD]\e[m[\u@\h \W]\$ "
+{% elif {{ env }} in 'staging' %}
+PS1="[STG]\e[m[\u@\h \W]\$  "
+{% endif }%
+