diff --git a/inventory/group_vars/staging b/inventory/group_vars/staging
index 1a6791e044..c6d0c1e1a1 100644
--- a/inventory/group_vars/staging
+++ b/inventory/group_vars/staging
@@ -1,3 +1,9 @@
 ---
 freezes: false
 env: staging
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+datacenter: phx2
diff --git a/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org b/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org
index 16fa76ef47..76e3a07c38 100644
--- a/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/badges-backend01.stg.phx2.fedoraproject.org
@@ -1,10 +1,4 @@
 ---
-nm: 255.255.255.0
-gw: 10.5.126.254
-dns: 10.5.126.21
-ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
-ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
 volgroup: /dev/vg_guests
 eth0_ip: 10.5.126.68
 vmhost: virthost12.phx2.fedoraproject.org
-datacenter: phx2
diff --git a/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org b/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org
index cd4036c443..1ca3e7e43d 100644
--- a/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/badges-web01.stg.phx2.fedoraproject.org
@@ -1,10 +1,4 @@
 ---
-nm: 255.255.255.0
-gw: 10.5.126.254
-dns: 10.5.126.21
-ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
-ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
 volgroup: /dev/vg_guests
 eth0_ip: 10.5.126.69
 vmhost: virthost12.phx2.fedoraproject.org
-datacenter: phx2
diff --git a/playbooks/denyhosts.yml b/playbooks/denyhosts.yml
new file mode 100644
index 0000000000..e033032228
--- /dev/null
+++ b/playbooks/denyhosts.yml
@@ -0,0 +1,47 @@
+# requires --extra-vars="target=somevhost ip=10.0.0.1 test={True,False}"
+
+# General overview:
+#  host provided via ``target`` argument on the CLI
+#  IP provided via ``ip`` argument on the CLI
+#  test provided via ``test`` argument on the CLI
+
+# Command:
+#  ansible-playbook .../playbook/denyhosts.yml --extra-vars="target=host ip=10.0.0.1 test=True"
+
+# Log onto $target
+# if test is True:
+#   grep on /etc/hosts.deny for the provided {{ ip }}
+# else:
+#   escape the '.' in the {{ ip }}
+#   remove {{ ip }} from /var/lib/denyhosts/*
+#   remove {{ ip }} from /etc/hosts.deny
+#   restart denyhosts
+
+# sop: http://infrastructure.fedoraproject.org/infra/docs/denyhosts.txt
+
+- name: Unban an IP from denyhosts
+  hosts: "{{ target }}"
+  user: root
+  gather_facts: False
+
+  vars:
+  - test: True
+  - ip: "{{ ip |replace('.', '\\.') }}"
+
+  tasks:
+  - name: Grep for the IP in the files
+    action: command grep {{ ip }} /etc/hosts.deny
+    when: test
+
+  - name: Remove IP from /var/lib/denyhosts/*
+    action: command sed -si "/^{{ ip }}$/d" /var/lib/denyhosts/*
+    notify:
+    - restart denyhosts
+    when: not test
+
+  - name: Remove IP from /etc/hosts.deny
+    action: command sed -si "/^{{ ip }}$/d" /etc/hosts.deny
+    notify:
+    - restart denyhosts
+    when: not test
+