diff --git a/playbooks/openshift-apps/greenwave.yml b/playbooks/openshift-apps/greenwave.yml
index e505ce2b69..a3729e7cd6 100644
--- a/playbooks/openshift-apps/greenwave.yml
+++ b/playbooks/openshift-apps/greenwave.yml
@@ -50,12 +50,10 @@
     app: greenwave
     template: buildconfig.yml
     objectname: buildconfig.yml
-    when : env != 'staging'
   - role: openshift/start-build
     app: greenwave
     buildname: greenwave-docker-build
     objectname: greenwave-docker-build
-    when: env != 'staging'
   - role: openshift/object
     app: greenwave
     template: configmap.yml
diff --git a/roles/openshift-apps/greenwave/templates/buildconfig.yml b/roles/openshift-apps/greenwave/templates/buildconfig.yml
index 9f53ebaee0..7a705aade7 100644
--- a/roles/openshift-apps/greenwave/templates/buildconfig.yml
+++ b/roles/openshift-apps/greenwave/templates/buildconfig.yml
@@ -4,6 +4,37 @@ metadata:
   name: "greenwave-docker-build"
   labels:
     environment: "greenwave"
+{% if env == 'staging' %}
+spec:
+  runPolicy: Serial
+  source:
+    dockerfile: |-
+      # See imagestream.yml for the definition
+      FROM greenwave-upstream
+
+      # Become root during build to chmod
+      USER 0
+
+      # create a symlink for configuring the fedmsg consumers.
+      RUN ln -sfn /etc/fedmsg-greenwave.d/greenwave.py /etc/fedmsg.d/zz_greenwave.py
+
+      # And another two for putting the certs in place.
+      RUN mkdir -p /etc/pki/fedmsg/
+      RUN ln -sf /etc/pki/fedmsg/key/fedmsg-greenwave.key /etc/pki/fedmsg/greenwave.key
+      RUN ln -sf /etc/pki/fedmsg/crt/fedmsg-greenwave.crt /etc/pki/fedmsg/greenwave.crt
+
+      # Make sure fedmsg can write its CRL.
+      RUN chmod 777 /var/run/fedmsg/
+
+      # Become non-root again
+      USER 1001
+  strategy:
+    type: Docker
+  output:
+    to:
+      kind: ImageStreamTag
+      name: greenwave:latest
+{% else %}
 spec:
   runPolicy: Serial
   source:
@@ -42,3 +73,4 @@ spec:
     to:
       kind: ImageStreamTag
       name: greenwave:latest
+{% endif %}
diff --git a/roles/openshift-apps/greenwave/templates/imagestream.yml b/roles/openshift-apps/greenwave/templates/imagestream.yml
index a37fb85b18..1de7e14e58 100644
--- a/roles/openshift-apps/greenwave/templates/imagestream.yml
+++ b/roles/openshift-apps/greenwave/templates/imagestream.yml
@@ -2,7 +2,11 @@ apiVersion: v1
 kind: ImageStream
 metadata:
   name: "greenwave"
-{% if env == 'staging' %}
+---
+apiVersion: v1
+kind: ImageStream
+metadata:
+   name: "greenwave-upstream"
 spec:
   tags:
   - name: latest
@@ -10,5 +14,8 @@ spec:
       scheduled: true
     from:
       kind: DockerImage
+{% if env == 'staging' %}
       name: quay.io/factory2/greenwave:latest
+{% else %}
+      name: quay.io/factory2/greenwave:prod
 {% endif %}