diff --git a/inventory/host_vars/qa02.qa.fedoraproject.org b/inventory/host_vars/qa02.qa.fedoraproject.org
index 1b1fedf96b..cbdaae8237 100644
--- a/inventory/host_vars/qa02.qa.fedoraproject.org
+++ b/inventory/host_vars/qa02.qa.fedoraproject.org
@@ -2,35 +2,25 @@
 freezes: false
 fas_client_groups: sysadmin-qa,sysadmin-main
 sudoers: "{{ private }}/files/sudo/qavirt-sudoers"
-datacenter: phx2
 
-# hardware and setup information
-eth0_ip: 10.5.124.152
-eth0_nm: 255.255.255.128
-eth0_mac: 00:21:5e:c6:cc:9c
-eth_interface: eth0
-volgroup: vmstore
+nrpe_procs_warn: 1400
+nrpe_procs_crit: 1600
+em3_ip: 10.5.124.152
+gw: 10.5.124.254
 
-# beaker clients hosted on this machine
-clients:
-  - hostname: beaker-client10.qa.fedoraproject.org
-    macaddress: "52:54:00:a2:de:30"
-    memsize: 4096
-    num_cpus: 2
-    lvm_size: 20G
-  - hostname: beaker-client11.qa.fedoraproject.org
-    macaddress: "52:54:00:fe:22:ff"
-    memsize: 4096
-    num_cpus: 2
-    lvm_size: 20G
-  - hostname: beaker-client12.qa.fedoraproject.org
-    macaddress: "52:54:00:c5:04:14"
-    memsize: 4096
-    num_cpus: 2
-    lvm_size: 20G
-  - hostname: beaker-client13.qa.fedoraproject.org
-    macaddress: "52:54:00:b5:97:30"
-    memsize: 4096
-    num_cpus: 2
-    lvm_size: 20G
+# openQA tap worker hosts (like this one) do stuff with ifcfg that base
+# doesn't understand. terrible, terrible stuff. seriously - it doesn't
+# handle the openvswitch config well. so let's tell it to just configure
+# the actual connected interface (which on this system is eth0) for us
+# and leave everything else alone.
+ansible_ifcfg_whitelist: ['em3']
+
+# this is a powerful machine, can handle more openQA workers
+openqa_workers: 10
+# firewall ports for server->worker websockets connections
+# this port is 'QEMUPORT plus 1'
+# QEMUPORT is:
+# $ENV{QEMUPORT} = ($options{instance}) * 10 + 20002;
+# so for worker 1 it's 20012, for worker 2 it's 20022, etc etc
+tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103']
 
diff --git a/inventory/inventory b/inventory/inventory
index 6add42fd8d..1b79b5c238 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -593,6 +593,7 @@ odcs-backend
 openqa01.qa.fedoraproject.org
 
 [openqa-workers]
+qa02.qa.fedoraproject.org
 qa05.qa.fedoraproject.org
 qa14.qa.fedoraproject.org
 
@@ -616,6 +617,7 @@ aarch64-c30n1-oqa.arm.fedoraproject.org
 # the workers that can run networked jobs. each server should have *one* of these per arch
 [openqa-tap-workers]
 qa01.qa.fedoraproject.org
+qa02.qa.fedoraproject.org
 qa14.qa.fedoraproject.org
 qa09.qa.fedoraproject.org
 openqa-ppc64le-01.qa.fedoraproject.org
diff --git a/roles/base/templates/iptables/iptables.openqa-tap-workers b/roles/base/templates/iptables/iptables.openqa-tap-workers
index a9d1040102..7a0b631677 100644
--- a/roles/base/templates/iptables/iptables.openqa-tap-workers
+++ b/roles/base/templates/iptables/iptables.openqa-tap-workers
@@ -44,6 +44,8 @@
 {% for host in groups['staging']|sort %}
 {% if 'eth0_ip' in hostvars[host] %}# {{ host }}
 -A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited
+{% elif 'em3_ip' in hostvars[host] %}# {{ host }}
+-A INPUT -s {{ hostvars[host]['em3_ip'] }} -j REJECT --reject-with icmp-host-prohibited
 {% else %}# {{ host }} has no 'eth0_ip' listed
 {% endif %}
 {% endfor %}
@@ -78,6 +80,8 @@
 {% for host in groups['qa-isolated']|sort %}
 {% if 'eth0_ip' in hostvars[host] %}# {{ host }}
 -A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited
+{% elif 'em3_ip' in hostvars[host] %}# {{ host }}
+-A INPUT -s {{ hostvars[host]['em3_ip'] }} -j REJECT --reject-with icmp-host-prohibited
 {% else %}# {{ host }} has no 'eth0_ip' listed
 {% endif %}
 {% endfor %}
@@ -121,5 +125,6 @@ COMMIT
 # eth0 is the active interface on the x86_64 tap worker hosts,
 # eth2 is the active interface on the ppc64 tap worker host
 -A POSTROUTING -o eth0 -j MASQUERADE
+-A POSTROUTING -o em3 -j MASQUERADE
 -A POSTROUTING -o eth2 -j MASQUERADE
 COMMIT
diff --git a/roles/nagios_server/templates/nagios/hosts/phx2-hosts.cfg.j2 b/roles/nagios_server/templates/nagios/hosts/phx2-hosts.cfg.j2
index 47108e77d1..e9887bea8b 100644
--- a/roles/nagios_server/templates/nagios/hosts/phx2-hosts.cfg.j2
+++ b/roles/nagios_server/templates/nagios/hosts/phx2-hosts.cfg.j2
@@ -14,6 +14,8 @@ define host {
 {% endif %}
 {% if hostvars[host].eth0_ip is defined %}
    address                 {{ hostvars[host].eth0_ip }}
+{% elif hostvars[host].em3_ip is defined %}
+   address                 {{ hostvars[host].em3_ip }}
 {% elif hostvars[host].ansible_default_ipv4 is defined %}
 {% if hostvars[host].ansible_default_ipv4.address is defined %}
    address                 {{ hostvars[host].ansible_default_ipv4.address }}