diff --git a/inventory/host_vars/vmhost-x86-04.iad2.fedoraproject.org b/inventory/host_vars/vmhost-x86-04.iad2.fedoraproject.org
index 96a6e60ff6..170adc5fe5 100644
--- a/inventory/host_vars/vmhost-x86-04.iad2.fedoraproject.org
+++ b/inventory/host_vars/vmhost-x86-04.iad2.fedoraproject.org
@@ -1,3 +1,10 @@
 ---
 datacenter: iad2
 nagios_Can_Connect: false
+
+br0_ip: 10.3.163.14
+br0_nm: 255.255.255.0
+br0_gw: 10.3.163.254
+br0_dev: eno1
+
+dns: 10.3.163.33
diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml
index 22c9248e66..2d70c85a94 100644
--- a/playbooks/groups/virthost.yml
+++ b/playbooks/groups/virthost.yml
@@ -29,6 +29,7 @@
   - sudo
   - { role: openvpn/client, when: vpn|bool }
   - virthost
+  - { role: clevis, when: datacenter == 'iad2'}
 
   tasks:
   - import_tasks: "{{ tasks_path }}/2fa_client.yml"
diff --git a/roles/clevis/files/flush-dracut-network@.service b/roles/clevis/files/flush-dracut-network@.service
new file mode 100644
index 0000000000..49c22c7412
--- /dev/null
+++ b/roles/clevis/files/flush-dracut-network@.service
@@ -0,0 +1,15 @@
+# Remove Dracut's network configuration
+# https://access.redhat.com/solutions/3017441
+# https://unix.stackexchange.com/questions/506331/networkmanager-doesnt-change-ip-address-when-dracut-cmdline-provided-static-ip
+
+[Unit]
+Description=Remove dracut's network configuration for %I
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+ExecStartPre=/usr/sbin/ip address show %i
+ExecStart=/usr/sbin/ip -statistics address flush dev %i
+
+[Install]
+WantedBy=default.target
diff --git a/roles/clevis/tasks/main.yml b/roles/clevis/tasks/main.yml
new file mode 100644
index 0000000000..88c34fd0e5
--- /dev/null
+++ b/roles/clevis/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: copy in dracut config for clevis
+  template:
+   src: 99-clevis-fix.conf 
+   dest: /etc/dracut.conf.d/99-clevis-fix.conf
+  tags:
+  - clevis
+
+- name: copy in the systemd unit file to wipe dracut networking
+  copy:
+   src=flush-dracut-network@.service
+   dest=/etc/systemd/system/flush-dracut-network@.service
+  notify:
+   reload systemd
+  tags:
+   - clevis
+
+- name: enable the systemd unit to wipe dracut networking
+  systemd:
+   name: flush-dracut-network@{{ br0_dev }}
+   enabled: true
+  tags:
+   - clevis
diff --git a/roles/clevis/templates/99-clevis-fix.conf b/roles/clevis/templates/99-clevis-fix.conf
new file mode 100644
index 0000000000..c7316fcdf6
--- /dev/null
+++ b/roles/clevis/templates/99-clevis-fix.conf
@@ -0,0 +1,5 @@
+# DHCP for talking to tang server
+kernel_cmdline="ip={{ br0_ip }}::{{ br0_gw }}:{{ br0_nm }}::{{ br0_dev }}:none:{{ dns }}"
+
+# Don't create /etc/sysconfig/network-scripts/ifcfg-* files during boot
+omit_dracutmodules+="ifcfg"