diff --git a/inventory/group_vars/lockbox b/inventory/group_vars/lockbox
new file mode 100644
index 0000000000..7c82a435ae
--- /dev/null
+++ b/inventory/group_vars/lockbox
@@ -0,0 +1,9 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 2048
+num_cpus: 2
+
+tcp_ports: [ 443 ]
+
+fas_client_groups: sysadmin-noc,sysadmin-qa,fi-apprentice
diff --git a/inventory/host_vars/lockbox-comm01.qa.fedoraproject.org b/inventory/host_vars/lockbox-comm01.qa.fedoraproject.org
new file mode 100644
index 0000000000..38ae35c563
--- /dev/null
+++ b/inventory/host_vars/lockbox-comm01.qa.fedoraproject.org
@@ -0,0 +1,10 @@
+---
+nm: 255.255.255.0
+gw: 10.5.124.254
+dns: 10.5.124.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+volgroup: /dev/Guests00
+eth0_ip: 10.5.124.210
+vmhost: virthost-comm01.qa.fedoraproject.org
+datacenter: phx2
diff --git a/inventory/inventory b/inventory/inventory
index f6c0e533c7..bcd63b9e6d 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -251,6 +251,9 @@ dhcp01.phx2.fedoraproject.org
 noc01.phx2.fedoraproject.org
 noc02.fedoraproject.org
 
+[lockbox]
+lockbox-comm01.qa.fedoraproject.org
+
 [nagios]
 noc01.phx2.fedoraproject.org
 noc02.fedoraproject.org
diff --git a/playbooks/groups/lockbox.yml b/playbooks/groups/lockbox.yml
new file mode 100644
index 0000000000..c2ecaf5933
--- /dev/null
+++ b/playbooks/groups/lockbox.yml
@@ -0,0 +1,45 @@
+- name: make lockbox
+  hosts: lockbox
+  user: root
+  gather_facts: False
+  accelerate: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - include: "{{ tasks }}/virt_instance_create.yml"
+  - include: "{{ tasks }}/accelerate_prep.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+- name: make the box be real
+  hosts: lockbox
+  user: root
+  gather_facts: True
+  accelerate: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - /srv/web/infra/ansible/roles/base
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/fas_client
+
+  tasks:
+  - include: "{{ tasks }}/hosts.yml"
+  - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/2fa_client.yml"
+  - include: "{{ tasks }}/motd.yml"
+  - include: "{{ tasks }}/sudo.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"