diff --git a/inventory/group_vars/fas b/inventory/group_vars/fas
new file mode 100644
index 0000000000..eb41330303
--- /dev/null
+++ b/inventory/group_vars/fas
@@ -0,0 +1,26 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 30000
+mem_size: 2048
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 8443, 8444,
+             # fas has 32 wsgi processes, each of which need their own port
+             # open for outbound fedmsg messages.
+             8000, 8001, 8002, 8003, 8004, 8005, 8006, 8007,
+             8008, 8009, 8010, 8011, 8012, 8013, 8014, 8015,
+             8016, 8017, 8018, 8019, 8020, 8021, 8022, 8023,
+             8024, 8025, 8026, 8027, 8028, 8029, 8030, 8031, ]
+
+fas_client_groups: sysadmin-main,sysadmin-accounts
+
+master_fas_node: False 
+
+# A host group for rsync config
+rsync_group: fas
+
+nrpe_procs_warn: 300
+nrpe_procs_crit: 500
diff --git a/inventory/host_vars/fas01.stg.phx2.fedoraproject.org b/inventory/host_vars/fas01.stg.phx2.fedoraproject.org
new file mode 100644
index 0000000000..5ad3ed6a08
--- /dev/null
+++ b/inventory/host_vars/fas01.stg.phx2.fedoraproject.org
@@ -0,0 +1,10 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+volgroup: /dev/vg_virthost10
+eth0_ip: 10.5.126.86
+vmhost: virthost10.phx2.fedoraproject.org
+datacenter: phx2
diff --git a/playbooks/groups/fas.yml b/playbooks/groups/fas.yml
new file mode 100644
index 0000000000..44426a787e
--- /dev/null
+++ b/playbooks/groups/fas.yml
@@ -0,0 +1,53 @@
+# create a new fas server
+#
+#
+
+- name: make fas server
+  hosts: fas-stg
+  user: root
+  gather_facts: False
+  accelerate: "{{ accelerated }}"
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - include: "{{ tasks }}/virt_instance_create.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+- name: make the box be real
+  hosts: fas-stg
+  user: root
+  gather_facts: True
+  accelerate: "{{ accelerated }}"
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - collectd/base
+  - rsyncd
+  - fas_server
+
+  tasks:
+  - include: "{{ tasks }}/hosts.yml"
+  - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/2fa_client.yml"
+  - include: "{{ tasks }}/motd.yml"
+  - include: "{{ tasks }}/sudo.yml"
+  - include: "{{ tasks }}/apache.yml"
+  - include: "{{ tasks }}/mod_wsgi.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
diff --git a/roles/fas_server/tasks/main.yml b/roles/fas_server/tasks/main.yml
new file mode 100644
index 0000000000..67f159490f
--- /dev/null
+++ b/roles/fas_server/tasks/main.yml
@@ -0,0 +1,280 @@
+---
+# Tasks to set up fas_server
+
+- name: install needed packages
+  yum: pkg={{ item }} state=installed
+  with_items:
+  - fas
+  - fas-plugin-yubikey
+  tags:
+  - packages
+
+- name: enable httpd_can_network_connect selinux boolean
+  seboolean: name=httpd_can_network_connect state=yes persistent=yes
+  tags:
+  - config
+
+- name: setup /var/www/.python-eggs directory
+  file: path=/var/www/.python-eggs owner=apache group=apache mode=0700 state=directory
+  tags:
+  - config
+
+- name: setup /etc/fas-gpg directory
+  file: path=/etc/fas-gpg owner=fas group=fas mode=0700 state=directory
+  tags:
+  - config
+
+- name: install /etc/httpd/conf.d/accounts.conf file
+  template: > 
+    src="fas-app.conf.j2" 
+    dest="/etc/httpd/conf.d/accounts.conf" 
+    owner=root 
+    group=root 
+    mode=0644
+  notify:
+  - restart httpd
+  tags:
+  - config
+
+- name: setup /etc/pki/fas directory
+  file: path=/etc/pki/fas owner=fas group=fas mode=0755 state=directory
+  tags:
+  - config
+
+- name: install $pythonsitelib/fas/config/log.cfg 
+  copy: >
+    src="fas-log.cfg"  
+    dest="$pythonsitelib/fas/config/log.cfg"  # $pythonsitelib=?
+    owner=root
+    group=root
+    mode=0644
+  notify:
+  - restart httpd
+  tags:
+  - config
+
+#  $bugzillaUser = "fedora-admin-xmlrpc@redhat.com"
+
+- name: install /etc/fas-gpg/pubring.gpg file
+  copy: >
+    src="{{ puppet_private }}/fas-gpg/pubring.gpg" 
+    dest="/etc/fas-gpg/pubring.gpg"
+    owner=fas
+    group=fas
+    mode=0600
+  tags:
+  - config
+
+- name: install /etc/pki/fas/fedora-server-ca.cert file
+  copy: >
+    src="{{ puppet_private }}/fedora-ca.cert" 
+    dest="/etc/pki/fas/fedora-server-ca.cert"
+    owner=fas
+    group=fas
+    mode=0644
+  tags:
+  - config
+
+- name: install /etc/pki/fas/fedora-upload-ca.cert file
+  copy: >
+    src="{{ puppet_private }}/fedora-ca.cert" 
+    dest="/etc/pki/fas/fedora-upload-ca.cert"
+    owner=fas
+    group=fas
+    mode=0644
+  tags:
+  - config
+
+- name: install /usr/share/fas/static/fedora-server-ca.cert file
+  copy: >
+    src="{{ puppet_private }}/fedora-ca.cert" 
+    dest="/usr/share/fas/static/fedora-server-ca.cert" 
+    owner=root
+    group=root
+    mode=0644
+  tags:
+  - config
+
+- name: install /usr/share/fas/static/fedora-upload-ca.cert file
+  copy: >
+    src="{{ puppet_private }}/fedora-ca.cert" 
+    dest="/usr/share/fas/static/fedora-upload-ca.cert" 
+    owner=root
+    group=root
+    mode=0644
+  tags:
+  - config
+
+- name: install /etc/fas.cfg file
+  template: > 
+    src="fas.cfg.j2" 
+    dest="/etc/fas.cfg" 
+    owner=fas 
+    group=apache 
+    mode=0640
+  notify:
+  - restart httpd
+  tags:
+  - config
+
+- name: install /usr/local/bin/yubikey-remove.py file 
+  template: > 
+    src="yubikey-remove.py.j2" 
+    dest="/usr/local/bin/yubikey-remove.py" 
+    owner=fas 
+    group=fas
+    mode=0750
+  tags:
+  - config
+
+# $gen_cert = "True"
+
+- name: install /etc/fas.cfg file
+  template: >
+    src="fas.cfg.j2"
+    dest="/etc/fas.cfg"
+    owner=fas
+    group=apache
+    mode=0640
+  when: master_fas_node == True
+  notify:
+  - restart httpd
+  tags:
+  - config
+
+- name: setup /var/lock/fedora-ca directory
+  file: path=/var/lock/fedora-ca owner=fas group=fas mode=0700 state=directory setype=var_lock_t
+  when: master_fas_node == True
+  tags:
+  - config
+
+- name: setup /var/lib/fedora-ca directory
+  file: path=/var/lib/fedora-ca owner=fas group=fas mode=0771 state=directory setype=httpd_sys_content_t
+  when: master_fas_node == True
+  tags:
+  - config
+
+- name: install /var/lib/fedora-ca/.rnd file
+  file: path=/var/lib/fedora-ca/.rnd owner=fas group=fas mode=0600 setype=httpd_sys_content_t
+  when: master_fas_node == True
+  tags:     
+  - config
+
+- name: setup /var/lib/fedora-ca/newcerts directory
+  file: path=/var/lib/fedora-ca/newcerts owner=fas group=fas mode=0700 state=directory
+  when: master_fas_node == True
+  tags:     
+  - config
+
+- name: setup /var/lib/fedora-ca/private directory
+  file: path=/var/lib/fedora-ca/private owner=fas group=fas mode=0700 state=directory 
+  when: master_fas_node == True
+  tags:
+  - config
+
+- name: install /var/lib/fedora-ca/private/cakey.pem file
+  copy: >
+    src="{{ puppet_private }}/cakey.pem"
+    dest="/var/lib/fedora-ca/private/cakey.pem"
+    owner=fas
+    group=fas
+    mode=0400
+  when: master_fas_node == True
+  tags:
+  - config
+
+- name: install /var/lib/fedora-ca/Makefile file
+  copy: >
+    src="Makefile.fedora-ca"
+    dest="/var/lib/fedora-ca/Makefile"
+    owner=root
+    group=root
+    mode=0644
+  when: master_fas_node == True
+  tags:
+  - config
+
+- name: install /var/lib/fedora-ca/openssl.cnf file
+  copy: >
+    src="fedora-ca-client-openssl.cnf"
+    dest="/var/lib/fedora-ca/openssl.cnf"
+    owner=root
+    group=root
+    mode=0644
+  when: master_fas_node == True
+  tags:
+  - config
+
+- name: install /var/lib/fedora-ca/certhelper.py file
+  copy: >
+    src="certhelper.py"
+    dest="/var/lib/fedora-ca/certhelper.py"
+    owner=root
+    group=root
+    mode=0755
+  when: master_fas_node == True
+  tags:
+  - config
+
+- name: install /var/lib/fedora-ca/cacert.pem file
+  copy: >
+    src="{{ puppet_private }}/fedora-ca.cert"
+    dest="/var/lib/fedora-ca/cacert.pem"
+    owner=root
+    group=root
+    mode=0644
+  when: master_fas_node == True
+  tags:
+  - config
+
+#For publishing the crl
+- name: setup /srv/web/ca directory
+  file: path=/srv/web/ca owner=apache group=apache mode=0755 state=directory
+  when: master_fas_node == True
+  tags:
+  - config
+
+- name: twice every month, force a new crl to be created
+  cron: >
+    name="gen-crl" 
+    job="cd /var/lib/fedora-ca ; /usr/bin/make gencrl &> /dev/null" 
+    user="fas"
+    minute="0"
+    hour="0"
+    day="1,15"
+  when: master_fas_node == True
+  tags:    
+  - config  
+
+- name: create /srv/web/ca/crl.pem link
+  file: path="/srv/web/ca/crl.pem" state=link src="/var/lib/fedora-ca/crl/crl.pem"
+  when: master_fas_node == True
+  tags:
+  - config
+
+- name: create /srv/web/ca/cacert.pem link
+  file: path="/srv/web/ca/cacert.pem" state=link src="/var/lib/fedora-ca/cacert.pem"
+  when: master_fas_node == True
+  tags: 
+  - config
+
+- name: install /etc/export-bugzilla.cfg file
+  template: >
+    src="export-bugzilla.cgf.j2"
+    dest="/etc/export-bugzilla.cfg"
+    owner=fas
+    group=fas
+    mode=0600
+  when: master_fas_node == True
+  tags:
+  - config
+
+- name: run export-bugzilla program
+  cron: >
+    name="export-bugzilla"
+    job="cd /etc; MAILTO=root; /usr/sbin/export-bugzilla fedorabugs fedora_contrib"
+    user="fas"
+    minute="10"
+  when: master_fas_node == True
+  tags:
+  - config