diff --git a/roles/automation-integration/defaults/main.yml b/roles/automation-integration/defaults/main.yml
new file mode 100644
index 0000000..c7af0e3
--- /dev/null
+++ b/roles/automation-integration/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+# automation-integration/defaults/main.yml
+
+cord_in_a_box: False
diff --git a/roles/compute-prep/tasks/main.yml b/roles/compute-prep/tasks/main.yml
index ddda2c3..76dffe2 100644
--- a/roles/compute-prep/tasks/main.yml
+++ b/roles/compute-prep/tasks/main.yml
@@ -43,3 +43,4 @@
   pip:
     name=requests
     state=absent
+
diff --git a/roles/config-virt/handlers/main.yml b/roles/config-virt/handlers/main.yml
index 82957e2..3761533 100644
--- a/roles/config-virt/handlers/main.yml
+++ b/roles/config-virt/handlers/main.yml
@@ -5,3 +5,6 @@
   service:
     name=libvirt-bin
     state=restarted
+
+- name: run qemu hook
+  command: /etc/libvirt/hooks/qemu start start
diff --git a/roles/config-virt/tasks/main.yml b/roles/config-virt/tasks/main.yml
index 8937824..f81de29 100644
--- a/roles/config-virt/tasks/main.yml
+++ b/roles/config-virt/tasks/main.yml
@@ -58,6 +58,21 @@
     autostart=yes
   with_items: '{{ virt_nets }}'
 
+
+- name: Have libvirt enable port forwarding to VM's
+  become: yes
+  template:
+    src={{ item }}.j2
+    dest=/etc/libvirt/hooks/{{ item }}
+    mode=0755 owner=root
+  with_items:
+    - daemon
+    - qemu
+  notify:
+    - reload libvirt-bin
+    - run qemu hook
+  when: not on_maas
+
 - name: Wait for uvt-kvm image to be available
   when: "{{ uvtool_image.matched < 1 }}"
   async_status: jid={{ uvt_sync.ansible_job_id }}
diff --git a/roles/create-vms/tasks/main.yml b/roles/create-vms/tasks/main.yml
index e950772..a070aa4 100644
--- a/roles/create-vms/tasks/main.yml
+++ b/roles/create-vms/tasks/main.yml
@@ -107,3 +107,4 @@
   command: ansible-playbook "{{ ansible_user_dir }}/docker-install-playbook.yml"
   tags:
     - skip_ansible_lint # running a sub job
+
diff --git a/roles/head-diag/files/docker_logs.sh b/roles/head-diag/files/docker_logs.sh
deleted file mode 100644
index 0a76bca..0000000
--- a/roles/head-diag/files/docker_logs.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-
-mkdir -p ~/docker_logs
-rm -rf ~/docker_logs/*
-
-for container in `docker ps --format "{{.Names}}"`;
-do
-  docker logs $container > ~/docker_logs/$container.log 2>&1;
-done
-
-cp  ~/service-profile/cord-pod/*.out ~/docker_logs
-
diff --git a/roles/head-diag/tasks/main.yml b/roles/head-diag/tasks/main.yml
index 8a8c750..065889e 100644
--- a/roles/head-diag/tasks/main.yml
+++ b/roles/head-diag/tasks/main.yml
@@ -10,7 +10,7 @@
   - juju
   - openstack
   - onos
-  - xos
+  - docker
 
 - name: Head node diag collection
   shell: "{{ item }} > ~/{{ diag_dir }}/head/{{ item | regex_replace('[^\\w-]', '_')}}"
@@ -25,6 +25,8 @@
    - "cat /etc/resolv.conf"
    - "cat /etc/lsb-release"
    - "sudo uvt-kvm list"
+   - "sudo virsh list"
+   - "sudo docker ps"
 
 - name: Juju diag collection
   shell: "{{ item }} > ~/{{ diag_dir }}/juju/{{ item | regex_replace('[^\\w-]', '_')}}"
@@ -66,6 +68,8 @@
    - "bundle:list"
    - "cordvtn-node-check nova-compute-1"
    - "cordvtn-nodes"
+   - "cordvtn-networks"
+   - "cordvtn-ports"
    - "dhcp-list"
    - "flows"
    - "hosts"
@@ -74,21 +78,18 @@
    - "ports"
    - "summary"
 
-- name: XOS diag collection
-  shell: "ssh ubuntu@xos-1 \"{{ item }}\" > ~/{{ diag_dir }}/xos/{{ item | regex_replace('[^\\w-]', '_')}}"
-  args:
-    creates: "~/{{ diag_dir }}/xos/{{ item | regex_replace('[^\\w-]', '_')}}"
-  with_items:
-   - "docker ps"
-   - "arp -n"
-   - "ifconfig -a"
-
-- name: Copy/run/retrieve XOS docker logs
-  command: "{{ item }}"
+- name: Docker diag collection - Find names for all running Docker containers
+  shell: "sudo docker ps --format '{{ '{{' }} .Names {{ '}}' }}'"
+  register: docker_containers
   tags:
-   - skip_ansible_lint # don't know the name of docker containers for all configurations
-  with_items:
-   - "scp {{ role_path }}/files/docker_logs.sh ubuntu@xos-1:~/docker_logs.sh"
-   - "ssh ubuntu@xos-1 'bash ~/docker_logs.sh'"
-   - "rsync -avP ubuntu@xos-1:~/docker_logs/ ~/{{ diag_dir }}/xos/"
+    - skip_ansible_lint # collecting docker container names
+
+- name: Docker diag collection - Collect logs from Docker containers
+  shell: "sudo docker logs {{ item }} > ~/{{ diag_dir }}/docker/{{ item | regex_replace('[^\\w-]', '_')}} 2>&1"
+  args:
+    creates: "~/{{ diag_dir }}/docker/{{ item | regex_replace('[^\\w-]', '_')}}"
+  with_items: "{{ docker_containers.stdout.split('\n') }}"
+  tags:
+    - skip_ansible_lint # ansible-lint interprets the \n incorrectly
+
 
diff --git a/roles/head-prep/tasks/main.yml b/roles/head-prep/tasks/main.yml
index b22888d..ee265be 100644
--- a/roles/head-prep/tasks/main.yml
+++ b/roles/head-prep/tasks/main.yml
@@ -24,7 +24,6 @@
     update_cache=yes
     cache_valid_time=3600
   with_items:
-    - ansible
     - uvtool
     - git
     - bzr
@@ -37,6 +36,15 @@
     - python-lxml
     - virt-top
 
+- name: Make sure Ansible is newest version
+  apt:
+    name: "ansible"
+    state: latest
+    update_cache: yes
+    cache_valid_time: 3600
+  tags:
+    - skip_ansible_lint # ansible-lint complains about latest, need this or old built in 1.5.x version may be used if already installed.
+
 - name: Install Python packages
   pip:
     name={{ item}}
diff --git a/roles/juju-setup/files/daemon b/roles/juju-setup/files/daemon
deleted file mode 100644
index 8d9102b..0000000
--- a/roles/juju-setup/files/daemon
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/sh
-
-SHELL="/bin/bash"
-
-NIC=$( route|grep default|awk '{print $NF}' )
-
-NAME="${1}"
-OP="${2}"
-SUBOP="${3}"
-ARGS="${4}"
-
-add_port_fwd_rule() {
-    DPORT=$1
-    VM=$2
-    TOPORT=$3
-
-    VMIP=$( getent ahosts $VM|head -1|awk '{print $1}' )
-    iptables -t nat -C PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
-    if [ "$?" -ne 0 ]
-    then
-        iptables -t nat -A PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
-    fi
-}
-
-if [ "$OP" = "start" ] || [ "$OP" = "reload" ]
-then
-    iptables -t nat -F
-    add_port_fwd_rule 35357 keystone 35357
-    add_port_fwd_rule 4990 keystone 4990
-    add_port_fwd_rule 5000 keystone 5000
-    add_port_fwd_rule 8774 nova-cloud-controller 8774
-    add_port_fwd_rule 9696 neutron-api 9696
-    add_port_fwd_rule 9292 glance 9292
-    add_port_fwd_rule 8080 openstack-dashboard 80
-    add_port_fwd_rule 3128 nagios 80
-    add_port_fwd_rule 8777 ceilometer 8777
-
-    # Also flush the filter table before rules re-added
-    iptables -F
-fi
diff --git a/roles/test-exampleservice/tasks/main.yml b/roles/test-exampleservice/tasks/main.yml
index 796abb4..0be80ca 100644
--- a/roles/test-exampleservice/tasks/main.yml
+++ b/roles/test-exampleservice/tasks/main.yml
@@ -8,9 +8,6 @@
     chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
     target: exampleservice
 
-- name: Pause 60 seconds (work around bug in synchronizer)
-  pause: seconds=60
-
 - name: Re-run 'make vtn' (work around bug in synchronizer)
   make:
     chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
diff --git a/roles/test-vsg/tasks/main.yml b/roles/test-vsg/tasks/main.yml
index dda1612..fd45b52 100644
--- a/roles/test-vsg/tasks/main.yml
+++ b/roles/test-vsg/tasks/main.yml
@@ -8,9 +8,6 @@
     chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
     target: cord-subscriber
 
-- name: Pause 60 seconds (work around bug in synchronizer)
-  pause: seconds=60
-
 - name: Re-run 'make vtn' (work around bug in synchronizer)
   make:
     chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
diff --git a/roles/xos-compute-setup/tasks/main.yml b/roles/xos-compute-setup/tasks/main.yml
index 08c4f73..d8de0ed 100644
--- a/roles/xos-compute-setup/tasks/main.yml
+++ b/roles/xos-compute-setup/tasks/main.yml
@@ -3,18 +3,18 @@
 #
 # Tell XOS that a new compute node has been added
 
-- name: Build XOS containers
-  make:
-    chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
-    target: new-nodes
-
-- name: Pause 5 seconds
-  pause: seconds=5
-
-- name: Remove vtn-external.yaml
-  file: path="{{ service_profile_repo_dest }}/{{ xos_configuration }}/vtn-external.yaml" state=absent
+- name: Create nodes/vtn TOSCA config
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ service_profile_repo_dest }}/{{ xos_configuration }}/{{ item }}"
+    owner: "{{ ansible_user_id }}"
+    mode: 0644
+  with_items:
+    - vtn.yaml
+    - nodes.yaml
 
 - name: Rebuild VTN configuration with new nodes block
   make:
     chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
     target: vtn
+
diff --git a/roles/xos-compute-setup/templates/nodes.yaml.j2 b/roles/xos-compute-setup/templates/nodes.yaml.j2
new file mode 100644
index 0000000..7ba953b
--- /dev/null
+++ b/roles/xos-compute-setup/templates/nodes.yaml.j2
@@ -0,0 +1,31 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: list of compute nodes, created by platform-install
+
+topology_template:
+  node_templates:
+
+# Site/Deployment, fully defined in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+
+    {{ deployment_type }}:
+      type: tosca.nodes.Deployment
+
+# compute nodes
+{% for node in groups["compute"] %}
+    {{ hostvars[node]['ansible_hostname'] }}:
+      type: tosca.nodes.Node
+      requirements:
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+        - deployment:
+            node: {{ deployment_type }}
+            relationship: tosca.relationships.MemberOfDeployment
+
+{% endfor %}
+
diff --git a/roles/xos-compute-setup/templates/vtn.yaml.j2 b/roles/xos-compute-setup/templates/vtn.yaml.j2
new file mode 100644
index 0000000..498eeef
--- /dev/null
+++ b/roles/xos-compute-setup/templates/vtn.yaml.j2
@@ -0,0 +1,102 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: autogenerated node tags file for VTN configuration
+
+topology_template:
+  node_templates:
+
+    service#ONOS_CORD:
+      type: tosca.nodes.ONOSService
+      requirements:
+      properties:
+          kind: onos
+          view_url: /admin/onos/onosservice/$id$/
+          no_container: true
+          rest_hostname: onos-cord
+          replaces: service_ONOS_CORD
+
+    service#vtn:
+      type: tosca.nodes.VTNService
+      properties:
+          view_url: /admin/vtn/vtnservice/$id$/
+          privateGatewayMac: 00:00:00:00:00:01
+          localManagementIp: {{ management_network_ip }}
+          ovsdbPort: 6641
+          sshUser: root
+          sshKeyFile: /root/node_key
+          sshPort: 22
+          xosEndpoint: http://xos:8888/
+          xosUser: padmin@vicci.org
+          xosPassword: letmein
+          replaces: service_vtn
+          vtnAPIVersion: 2
+
+{% for node in groups["compute"] %}
+    {{ hostvars[node]['ansible_hostname'] }}:
+      type: tosca.nodes.Node
+
+    # VTN bridgeId field for node {{ hostvars[node]['ansible_hostname'] }}
+    {{ hostvars[node]['ansible_hostname'] }}_bridgeId_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: bridgeId
+          value: of:{{ "%016d" | format(loop.index) }}
+      requirements:
+          - target:
+              node: {{ hostvars[node]['ansible_hostname'] }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.MemberOfService
+
+    # VTN dataPlaneIntf field for node {{ hostvars[node]['ansible_hostname'] }}
+    {{ hostvars[node]['ansible_hostname'] }}_dataPlaneIntf_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: dataPlaneIntf
+          value: fabric
+      requirements:
+          - target:
+              node: {{ hostvars[node]['ansible_hostname'] }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.MemberOfService
+
+    # VTN dataPlaneIp field for node {{ hostvars[node]['ansible_hostname'] }}
+    {{ hostvars[node]['ansible_hostname'] }}_dataPlaneIp_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: dataPlaneIp
+{% if 'ipv4' in hostvars[node]['ansible_fabric'] %}
+          value: {{ ( hostvars[node]['ansible_fabric']['ipv4']['address'] ~ '/' ~ hostvars[node]['ansible_fabric']['ipv4']['netmask'] ) | ipaddr('cidr') }}
+{% else %}{# single node case #}
+          value: 10.168.0.253/24
+{% endif %}
+      requirements:
+          - target:
+              node: {{ hostvars[node]['ansible_hostname'] }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.MemberOfService
+
+{% endfor %}
+
+    VTN_ONOS_app:
+      type: tosca.nodes.ONOSVTNApp
+      requirements:
+          - onos_tenant:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.TenantOfService
+          - vtn_service:
+              node: service#vtn
+              relationship: tosca.relationships.UsedByService
+      properties:
+          install_dependencies: http://mavenrepo:8080/repository/org/opencord/cord-config/1.1-SNAPSHOT/cord-config-1.1-SNAPSHOT.oar,http://mavenrepo:8080/repository/org/opencord/vtn/1.1-SNAPSHOT/vtn-1.1-SNAPSHOT.oar
+          dependencies: org.onosproject.drivers, org.onosproject.drivers.ovsdb, org.onosproject.openflow-base, org.onosproject.ovsdb-base, org.onosproject.dhcp
+          autogenerate: vtn-network-cfg
+
diff --git a/roles/xos-head-start/tasks/main.yml b/roles/xos-head-start/tasks/main.yml
index 11720c7..09d0e1a 100644
--- a/roles/xos-head-start/tasks/main.yml
+++ b/roles/xos-head-start/tasks/main.yml
@@ -1,35 +1,9 @@
 ---
-# xos-start/tasks/main.yml
+# xos-head-start/tasks/main.yml
 
-- name: Build XOS containers
+- name: Run service-profile make targets
   make:
     chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
-    target: local_containers
+    target: "{{ item }}"
+  with_items: "{{ xos_config_targets }}"
 
-- name: Onboard services and start XOS
-  make:
-    chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
-    target: xos
-
-- name: Pause to let XOS initialize
-  pause: seconds=120
-
-- name: Initial VTN configuration
-  make:
-    chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
-    target: vtn
-
-- name: Initial fabric configuration
-  make:
-    chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
-    target: fabric
-
-- name: Pause to let ONOS initialize
-  pause: seconds=20
-  tags:
-    - skip_ansible_lint
-
-- name: Configure CORD services
-  make:
-    chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
-    target: cord
diff --git a/roles/xos-install/tasks/main.yml b/roles/xos-install/tasks/main.yml
index 7f70790..52e492a 100644
--- a/roles/xos-install/tasks/main.yml
+++ b/roles/xos-install/tasks/main.yml
@@ -27,7 +27,7 @@
       src: "{{ playbook_dir }}/../../orchestration/{{ item }}"
       dest: "{{ ansible_user_dir }}/"
   when:
-      False # orchestration.stat.exists == True   # XXX
+      orchestration.stat.exists == True
   with_items:
       - service-profile
       - xos
@@ -46,7 +46,8 @@
       - vtn
       - olt
   when:
-      False # (orchestration.stat.exists == True) and (onos_apps.stat.exists == True)   # XXX
+      (orchestration.stat.exists == True) and (onos_apps.stat.exists == True)
+
 
 # ----  alternatively, check out repos from Internet ---
 
@@ -57,7 +58,7 @@
     version={{ service_profile_repo_branch }}
     force=yes
   when:
-    True # orchestration.stat.exists == False   # XXX
+    orchestration.stat.exists == False
 
 # ----  install keys ----
 
@@ -84,13 +85,17 @@
    - id_rsa.pub
    - node_key
 
-# ----
+- name: Create templated TOSCA files
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ service_profile_repo_dest }}/{{ xos_configuration }}/{{ item }}"
+  with_items: "{{ xos_tosca_templates }}"
 
 - name: Download Glance VM images
   get_url:
     url={{ item.url }}
     checksum={{ item.checksum }}
-    dest={{ service_profile_repo_dest }}/{{ xos_configuration }}/images/{{ item.name }}.img
+    dest={{ service_profile_repo_dest }}/{{ xos_configuration }}/images/{{ item.name }}.qcow2
   with_items: "{{ xos_images }}"
 
 # ---- pull docker images ----
diff --git a/roles/xos-install/templates/cord-services.yaml.j2 b/roles/xos-install/templates/cord-services.yaml.j2
new file mode 100644
index 0000000..b182f04
--- /dev/null
+++ b/roles/xos-install/templates/cord-services.yaml.j2
@@ -0,0 +1,173 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+description: Just enough Tosca to get the vSG slice running on the CORD POD, created by platform-install
+
+imports:
+   - custom_types/xos.yaml
+
+topology_template:
+  node_templates:
+
+# site, image, fully created in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+
+    image#vsg-1.1:
+      type: tosca.nodes.Image
+
+# management networks, fully created in management-net.yaml
+    management:
+      type: tosca.nodes.network.Network.XOS
+      properties:
+        no-create: true
+        no-delete: true
+        no-update: true
+
+    management_hosts:
+      type: tosca.nodes.network.Network.XOS
+      properties:
+        no-create: true
+        no-delete: true
+        no-update: true
+
+# ONOS_CORD, fully created in vtn.yaml
+    service#ONOS_CORD:
+      type: tosca.nodes.ONOSService
+      properties:
+        no-delete: true
+        no-create: true
+        no-update: true
+
+# ONOS_Fabric, fully created in fabric.yaml
+    service#ONOS_Fabric:
+      type: tosca.nodes.ONOSService
+      properties:
+        no-delete: true
+        no-create: true
+        no-update: true
+
+# CORD Services
+    service#vtr:
+      type: tosca.nodes.Service
+      properties:
+        view_url: /admin/vtr/vtrservice/$id$/
+        kind: vTR
+        replaces: service_vtr
+
+    service#volt:
+      type: tosca.nodes.VOLTService
+      requirements:
+        - vsg_tenant:
+            node: service#vsg
+            relationship: tosca.relationships.TenantOfService
+      properties:
+        view_url: /admin/volt/voltservice/$id$/
+        kind: vOLT
+        replaces: service_volt
+        public_key: { get_artifact: [ SELF, pubkey, LOCAL_FILE] }
+        private_key_fn: /opt/xos/services/volt/keys/volt_rsa
+      artifacts:
+        pubkey: /opt/xos/services/volt/keys/volt_rsa.pub
+
+    addresses_vsg:
+      type: tosca.nodes.AddressPool
+      properties:
+        addresses: 10.6.1.128/26
+        gateway_ip: 10.6.1.129
+        gateway_mac: 02:42:0a:06:01:01
+
+    addresses_public:
+      type: tosca.nodes.AddressPool
+      properties:
+        addresses: 10.6.1.192/26
+        gateway_ip: 10.6.1.193
+        gateway_mac: 02:42:0a:06:01:01
+
+    label_vsg:
+      type: tosca.nodes.NodeLabel
+
+    service#vsg:
+      type: tosca.nodes.VSGService
+      requirements:
+        - vrouter_tenant:
+            node: service#vrouter
+            relationship: tosca.relationships.TenantOfService
+      properties:
+        view_url: /admin/vsg/vsgservice/$id$/
+        backend_network_label: hpc_client
+        public_key: { get_artifact: [ SELF, pubkey, LOCAL_FILE] }
+        private_key_fn: /opt/xos/services/vsg/keys/vsg_rsa
+#       node_label: label_vsg
+        replaces: service_vsg
+      artifacts:
+        pubkey: /opt/xos/services/vsg/keys/vsg_rsa.pub
+
+    service#vrouter:
+      type: tosca.nodes.VRouterService
+      properties:
+        view_url: /admin/vrouter/vrouterservice/$id$/
+        replaces: service_vrouter
+      requirements:
+        - addresses_vsg:
+            node: addresses_vsg
+            relationship: tosca.relationships.ProvidesAddresses
+        - addresses_public:
+            node: addresses_public
+            relationship: tosca.relationships.ProvidesAddresses
+
+    vRouter_ONOS_app:
+      type: tosca.nodes.ONOSvRouterApp
+      requirements:
+        - onos_tenant:
+            node: service#ONOS_Fabric
+            relationship: tosca.relationships.TenantOfService
+        - vrouter_service:
+            node: service#vrouter
+            relationship: tosca.relationships.UsedByService
+      properties:
+        dependencies: org.onosproject.vrouter
+        autogenerate: vrouter-network-cfg
+
+    template#vsg:
+      type: tosca.nodes.NetworkTemplate
+      properties:
+        visibility: private
+        translation: none
+        vtn_kind: VSG
+
+    # Networks required by the CORD setup
+    {{ site_name }}_vsg-access:
+      type: tosca.nodes.network.Network
+      properties:
+        ip_version: 4
+      requirements:
+        - network_template:
+            node: template#vsg
+            relationship: tosca.relationships.UsesNetworkTemplate
+        - owner:
+            node: {{ site_name }}_vsg
+            relationship: tosca.relationships.MemberOfSlice
+        - connection:
+            node: {{ site_name }}_vsg
+            relationship: tosca.relationships.ConnectsToSlice
+
+    # CORD Slices
+    {{ site_name }}_vsg:
+      description: vSG Controller Slice
+      type: tosca.nodes.Slice
+      properties:
+        network: noauto
+      requirements:
+        - vsg_service:
+            node: service#vsg
+            relationship: tosca.relationships.MemberOfService
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+        - management:
+            node: management
+            relationship: tosca.relationships.ConnectsToNetwork
+        - image:
+            node: image#vsg-1.1
+            relationship: tosca.relationships.DefaultImage
+
diff --git a/roles/xos-install/templates/cord-test-subscriber.yaml.j2 b/roles/xos-install/templates/cord-test-subscriber.yaml.j2
new file mode 100644
index 0000000..59d9cfe
--- /dev/null
+++ b/roles/xos-install/templates/cord-test-subscriber.yaml.j2
@@ -0,0 +1,121 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+description: Creates a CORD test subscriber, created by platform-install
+
+imports:
+   - custom_types/xos.yaml
+
+topology_template:
+  node_templates:
+
+# site, fully created in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+      properties:
+        no-delete: true
+        no-create: true
+        no-update: true
+
+# vsg slice, volt service, fully created in cord-services.yaml
+    {{ site_name }}_vsg:
+      type: tosca.nodes.Slice
+      properties:
+        no-delete: true
+        no-create: true
+        no-update: true
+
+    service#volt:
+      type: tosca.nodes.VOLTService
+      properties:
+        no-delete: true
+        no-create: true
+        no-update: true
+
+# Test subscriber
+
+    # Let's add a user who can be administrator of the household
+    johndoe@myhouse.com:
+      type: tosca.nodes.User
+      properties:
+        password: letmein
+        firstname: john
+        lastname: doe
+      requirements:
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+        - dependency:
+            node: {{ site_name }}_vsg
+            relationship: tosca.relationships.DependsOn
+
+    # A subscriber
+    My House:
+      type: tosca.nodes.CORDSubscriber
+      properties:
+        service_specific_id: 123
+        firewall_enable: false
+        cdn_enable: false
+        url_filter_enable: false
+        url_filter_level: R
+      requirements:
+        - house_admin:
+            node: johndoe@myhouse.com
+            relationship: tosca.relationships.AdminPrivilege
+
+    Mom's PC:
+      type: tosca.nodes.CORDUser
+      properties:
+        mac: 01:02:03:04:05:06
+        level: PG_13
+      requirements:
+        - household:
+            node: My House
+            relationship: tosca.relationships.SubscriberDevice
+
+    Dad's PC:
+      type: tosca.nodes.CORDUser
+      properties:
+        mac: 90:E2:BA:82:F9:75
+        level: PG_13
+      requirements:
+        - household:
+            node: My House
+            relationship: tosca.relationships.SubscriberDevice
+
+    Jack's Laptop:
+      type: tosca.nodes.CORDUser
+      properties:
+        mac: 68:5B:35:9D:91:D5
+        level: PG_13
+      requirements:
+        - household:
+            node: My House
+            relationship: tosca.relationships.SubscriberDevice
+
+    Jill's Laptop:
+      type: tosca.nodes.CORDUser
+      properties:
+        mac: 34:36:3B:C9:B6:A6
+        level: PG_13
+      requirements:
+        - household:
+            node: My House
+            relationship: tosca.relationships.SubscriberDevice
+
+    My Volt:
+      type: tosca.nodes.VOLTTenant
+      properties:
+        service_specific_id: 123
+        s_tag: 222
+        c_tag: 111
+      requirements:
+        - provider_service:
+            node: service#volt
+            relationship: tosca.relationships.MemberOfService
+        - subscriber:
+            node: My House
+            relationship: tosca.relationships.BelongsToSubscriber
+        - dependency:
+            node: {{ site_name }}_vsg
+            relationship: tosca.relationships.DependsOn
+
diff --git a/roles/xos-install/templates/deployment.yaml.j2 b/roles/xos-install/templates/deployment.yaml.j2
new file mode 100644
index 0000000..2d5dfd1
--- /dev/null
+++ b/roles/xos-install/templates/deployment.yaml.j2
@@ -0,0 +1,71 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: deployment config, generated by platform-install
+
+topology_template:
+  node_templates:
+
+# Flavors
+
+{% for flavor in deployment_flavors %}
+    {{ flavor }}:
+      type: tosca.nodes.Flavor
+
+{% endfor %}
+
+# Deployment
+    {{ deployment_type }}:
+      type: tosca.nodes.Deployment
+      requirements:
+{% for flavor in deployment_flavors %}
+          - {{ flavor }}:
+              node: {{ flavor }}
+              relationship: tosca.relationships.SupportsFlavor
+
+{% endfor %}
+
+# Site
+    {{ site_name }}:
+      type: tosca.nodes.Site
+      properties:
+          display_name: {{ site_humanname }}
+          site_url: http://{{ site_name }}.opencloud.us/
+          hosts_nodes: true
+      requirements:
+        - deployment:
+            node: {{ deployment_type }}
+            relationship: tosca.relationships.MemberOfDeployment
+
+# Attach the Tenant view to the deployment
+    Tenant:
+      type: tosca.nodes.DashboardView
+      properties:
+          no-create: true
+          no-delete: true
+      requirements:
+          - deployment:
+              node: {{ deployment_type }}
+              relationship: tosca.relationships.SupportsDeployment
+
+# XOS Users
+{% for user in xos_users %}
+    {{ user.email }}:
+      type: tosca.nodes.User
+      properties:
+        password: {{ user.password }}
+        firstname: {{ user.first | default(user.email) }}
+        lastname: {{ user.last | default("unknown") }}
+        is_admin: {{ user.admin | default("false") }}
+      requirements:
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+        - tenant_dashboard:
+              node: Tenant
+              relationship: tosca.relationships.UsesDashboard
+
+{% endfor %}
+
diff --git a/roles/xos-install/templates/exampleservice.yaml.j2 b/roles/xos-install/templates/exampleservice.yaml.j2
new file mode 100644
index 0000000..53c2173
--- /dev/null
+++ b/roles/xos-install/templates/exampleservice.yaml.j2
@@ -0,0 +1,104 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+description: Setup the ExampleService on the pod
+
+imports:
+   - custom_types/xos.yaml
+   - custom_types/exampleservice.yaml
+
+topology_template:
+  node_templates:
+
+# image/flavor are hardcoded - FIXME if/when they change
+    m1.small:
+      type: tosca.nodes.Flavor
+
+    trusty-server-multi-nic:
+      type: tosca.nodes.Image
+
+# private network template, created in fixtures.yml
+    Private:
+      type: tosca.nodes.NetworkTemplate
+
+# site, fully created in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+
+# management network, fully created in management-net.yaml
+    management:
+      type: tosca.nodes.network.Network.XOS
+      properties:
+        no-create: true
+        no-delete: true
+        no-update: true
+
+# public network, fully created in public-net.yaml
+    public:
+      type: tosca.nodes.network.Network.XOS
+      properties:
+        no-create: true
+        no-delete: true
+        no-update: true
+
+# vrouter service, fully created in cord-service.yaml
+    service#vrouter:
+      type: tosca.nodes.Service
+      properties:
+        no-create: true
+        no-delete: true
+        no-update: true
+
+# ExampleService/ExampleTenant
+
+    {{ site_name }}_exampleservice:
+      description: This slice holds the ExampleService
+      type: tosca.nodes.Slice
+      properties:
+        network: noauto
+      requirements:
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+        - management:
+            node: management
+            relationship: tosca.relationships.ConnectsToNetwork
+        - public:
+            node: public
+            relationship: tosca.relationships.ConnectsToNetwork
+        - exmapleserver:
+            node: service#exampleservice
+            relationship: tosca.relationships.MemberOfService
+        - image:
+            node: trusty-server-multi-nic
+            relationship: tosca.relationships.DefaultImage
+        - default_flavor:
+            node: m1.small
+            relationship: tosca.relationships.DefaultFlavor
+
+    service#exampleservice:
+      type: tosca.nodes.ExampleService
+      requirements:
+        - management:
+            node: management
+            relationship: tosca.relationships.UsesNetwork
+      properties:
+        view_url: /admin/exampleservice/exampleservice/$id$/
+        kind: exampleservice
+        public_key: { get_artifact: [ SELF, pubkey, LOCAL_FILE] }
+        private_key_fn: /opt/xos/services/exampleservice/keys/exampleservice_rsa
+        service_message: hello
+      artifacts:
+        pubkey: /opt/xos/services/exampleservice/keys/exampleservice_rsa.pub
+
+    tenant#exampletenant1:
+      type: tosca.nodes.ExampleTenant
+      properties:
+        tenant_message: world
+      requirements:
+        - tenant:
+            node: service#exampleservice
+            relationship: tosca.relationships.TenantOfService
+        - dependency:
+            node: {{ site_name }}_exampleservice
+            relationship: tosca.relationships.DependsOn
+
diff --git a/roles/xos-install/templates/fabric.yaml.j2 b/roles/xos-install/templates/fabric.yaml.j2
new file mode 100644
index 0000000..664505f
--- /dev/null
+++ b/roles/xos-install/templates/fabric.yaml.j2
@@ -0,0 +1,62 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: fabric configuration generated by platform-install
+
+
+topology_template:
+  node_templates:
+
+    service#ONOS_Fabric:
+      type: tosca.nodes.ONOSService
+      requirements:
+      properties:
+          kind: onos
+          view_url: /admin/onos/onosservice/$id$/
+          no_container: true
+          rest_hostname: onos-fabric
+          replaces: service_ONOS_Fabric
+          rest_onos/v1/network/configuration/: { get_artifact: [ SELF, fabric_network_cfg_json, LOCAL_FILE ] }
+      artifacts:
+          fabric_network_cfg_json: /root/setup/network-cfg-quickstart.json
+
+    service#fabric:
+      type: tosca.nodes.FabricService
+      properties:
+          view_url: /admin/fabric/fabricservice/$id$/
+          replaces: service_fabric
+
+    Fabric_ONOS_app:
+      type: tosca.nodes.ONOSApp
+      requirements:
+          - onos_tenant:
+              node: service#ONOS_Fabric
+              relationship: tosca.relationships.TenantOfService
+          - fabric_service:
+              node: service#fabric
+              relationship: tosca.relationships.UsedByService
+      properties:
+          dependencies: org.onosproject.drivers, org.onosproject.openflow-base, org.onosproject.netcfghostprovider, org.onosproject.netcfglinksprovider, org.onosproject.segmentrouting, org.onosproject.vrouter, org.onosproject.hostprovider
+
+{% for node in groups["compute"] %}
+    {{ node }}:
+      type: tosca.nodes.Node
+
+    # Fabric location field for node $NODE
+    {{ node }}_location_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: location
+          value: of:0000000000000001/1
+      requirements:
+          - target:
+              node: {{ node }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_Fabric
+              relationship: tosca.relationships.MemberOfService
+
+{% endfor %}
+
diff --git a/roles/xos-install/templates/management-net.yaml.j2 b/roles/xos-install/templates/management-net.yaml.j2
new file mode 100644
index 0000000..79ea589
--- /dev/null
+++ b/roles/xos-install/templates/management-net.yaml.j2
@@ -0,0 +1,52 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: management network config, generated by platform-install
+
+topology_template:
+  node_templates:
+
+# site, fully created in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+
+# management network
+    management_template:
+      type: tosca.nodes.NetworkTemplate
+      properties:
+        visibility: private
+        translation: none
+        vtn_kind: MANAGEMENT_LOCAL
+
+    management_hosts_template:
+      type: tosca.nodes.NetworkTemplate
+      properties:
+          visibility: private
+          translation: none
+          vtn_kind: MANAGEMENT_HOST
+
+    management:
+      type: tosca.nodes.network.Network
+      properties:
+        ip_version: 4
+        cidr: {{ management_network_cidr }}
+      requirements:
+        - network_template:
+            node: management_template
+            relationship: tosca.relationships.UsesNetworkTemplate
+        - owner:
+            node: {{ site_name }}_management
+            relationship: tosca.relationships.MemberOfSlice
+
+    {{ site_name }}_management:
+      description: This slice exists solely to own the management network
+      type: tosca.nodes.Slice
+      properties:
+        network: noauto
+      requirements:
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+
diff --git a/roles/xos-install/templates/nodes.yaml.j2 b/roles/xos-install/templates/nodes.yaml.j2
new file mode 100644
index 0000000..7ba953b
--- /dev/null
+++ b/roles/xos-install/templates/nodes.yaml.j2
@@ -0,0 +1,31 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: list of compute nodes, created by platform-install
+
+topology_template:
+  node_templates:
+
+# Site/Deployment, fully defined in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+
+    {{ deployment_type }}:
+      type: tosca.nodes.Deployment
+
+# compute nodes
+{% for node in groups["compute"] %}
+    {{ hostvars[node]['ansible_hostname'] }}:
+      type: tosca.nodes.Node
+      requirements:
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+        - deployment:
+            node: {{ deployment_type }}
+            relationship: tosca.relationships.MemberOfDeployment
+
+{% endfor %}
+
diff --git a/roles/xos-install/templates/openstack.yaml.j2 b/roles/xos-install/templates/openstack.yaml.j2
new file mode 100644
index 0000000..65d2338
--- /dev/null
+++ b/roles/xos-install/templates/openstack.yaml.j2
@@ -0,0 +1,70 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: openstack extensions to deployment, generated by platform-install
+
+topology_template:
+  node_templates:
+
+# Images and flavors
+{% for image in xos_images %}
+    {{ image.name }}:
+      type: tosca.nodes.Image
+      properties:
+         path: /opt/xos/images/{{ image.name }}.qcow2
+         disk_format: QCOW2
+         container_format: BARE
+
+{% endfor %}
+
+{% for flavor in deployment_flavors %}
+    {{ flavor }}:
+      type: tosca.nodes.Flavor
+
+{% endfor %}
+
+# Deployment - adds images/flavors to site defined in deployment.yaml
+    {{ deployment_type }}:
+      type: tosca.nodes.Deployment
+      requirements:
+{% for flavor in deployment_flavors %}
+          - {{ flavor }}:
+              node: {{ flavor }}
+              relationship: tosca.relationships.SupportsFlavor
+{% endfor %}
+
+# OpenStack Controller
+    {{ site_name }}_{{ deployment_type }}_openstack:
+      type: tosca.nodes.Controller
+      requirements:
+        - deployment:
+            node: {{ deployment_type }}
+            relationship: tosca.relationships.ControllerDeployment
+      properties:
+          backend_type: OpenStack
+          version: Kilo
+          auth_url: { get_script_env: [ SELF, adminrc, OS_AUTH_URL, LOCAL_FILE] }
+          admin_user: { get_script_env: [ SELF, adminrc, OS_USERNAME, LOCAL_FILE] }
+          admin_password: { get_script_env: [ SELF, adminrc, OS_PASSWORD, LOCAL_FILE] }
+          admin_tenant: { get_script_env: [ SELF, adminrc, OS_TENANT_NAME, LOCAL_FILE] }
+          domain: Default
+      artifacts:
+          adminrc: /root/setup/admin-openrc.sh
+
+# Site - adds openstack controller to site defined in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+      properties:
+          display_name: {{ site_humanname }}
+          site_url: http://{{ site_name }}.opencloud.us/
+          hosts_nodes: true
+      requirements:
+        - deployment:
+            node: {{ deployment_type }}
+            relationship: tosca.relationships.MemberOfDeployment
+        - controller:
+            node: {{ site_name }}_{{ deployment_type }}_openstack
+            relationship: tosca.relationships.UsesController
+
diff --git a/roles/xos-install/templates/public-net.yaml.j2 b/roles/xos-install/templates/public-net.yaml.j2
new file mode 100644
index 0000000..bd12924
--- /dev/null
+++ b/roles/xos-install/templates/public-net.yaml.j2
@@ -0,0 +1,52 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: public network config, generated by platform-install
+
+topology_template:
+  node_templates:
+
+# site, fully created in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+
+# vrouter service, fully created in cord-service.yaml
+    service#vrouter:
+      type: tosca.nodes.VRouterService
+
+# public network
+    public_template:
+      type: tosca.nodes.NetworkTemplate
+      properties:
+          visibility: private
+          translation: none
+          vtn_kind: PUBLIC
+
+    public:
+      type: tosca.nodes.network.Network
+      properties:
+          ip_version: 4
+      requirements:
+          - network_template:
+              node: public_template
+              relationship: tosca.relationships.UsesNetworkTemplate
+          - owner:
+              node: {{ site_name }}_public
+              relationship: tosca.relationships.MemberOfSlice
+          - vrouter_tenant:
+              node: service#vrouter
+              relationship: tosca.relationships.TenantOfService
+
+
+    {{ site_name }}_public:
+      description: This slice exists solely to own the public network
+      type: tosca.nodes.Slice
+      properties:
+          network: noauto
+      requirements:
+          - site:
+              node: {{ site_name }}
+              relationship: tosca.relationships.MemberOfSite
+
diff --git a/roles/xos-install/templates/vtn.yaml.j2 b/roles/xos-install/templates/vtn.yaml.j2
new file mode 100644
index 0000000..498eeef
--- /dev/null
+++ b/roles/xos-install/templates/vtn.yaml.j2
@@ -0,0 +1,102 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: autogenerated node tags file for VTN configuration
+
+topology_template:
+  node_templates:
+
+    service#ONOS_CORD:
+      type: tosca.nodes.ONOSService
+      requirements:
+      properties:
+          kind: onos
+          view_url: /admin/onos/onosservice/$id$/
+          no_container: true
+          rest_hostname: onos-cord
+          replaces: service_ONOS_CORD
+
+    service#vtn:
+      type: tosca.nodes.VTNService
+      properties:
+          view_url: /admin/vtn/vtnservice/$id$/
+          privateGatewayMac: 00:00:00:00:00:01
+          localManagementIp: {{ management_network_ip }}
+          ovsdbPort: 6641
+          sshUser: root
+          sshKeyFile: /root/node_key
+          sshPort: 22
+          xosEndpoint: http://xos:8888/
+          xosUser: padmin@vicci.org
+          xosPassword: letmein
+          replaces: service_vtn
+          vtnAPIVersion: 2
+
+{% for node in groups["compute"] %}
+    {{ hostvars[node]['ansible_hostname'] }}:
+      type: tosca.nodes.Node
+
+    # VTN bridgeId field for node {{ hostvars[node]['ansible_hostname'] }}
+    {{ hostvars[node]['ansible_hostname'] }}_bridgeId_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: bridgeId
+          value: of:{{ "%016d" | format(loop.index) }}
+      requirements:
+          - target:
+              node: {{ hostvars[node]['ansible_hostname'] }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.MemberOfService
+
+    # VTN dataPlaneIntf field for node {{ hostvars[node]['ansible_hostname'] }}
+    {{ hostvars[node]['ansible_hostname'] }}_dataPlaneIntf_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: dataPlaneIntf
+          value: fabric
+      requirements:
+          - target:
+              node: {{ hostvars[node]['ansible_hostname'] }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.MemberOfService
+
+    # VTN dataPlaneIp field for node {{ hostvars[node]['ansible_hostname'] }}
+    {{ hostvars[node]['ansible_hostname'] }}_dataPlaneIp_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: dataPlaneIp
+{% if 'ipv4' in hostvars[node]['ansible_fabric'] %}
+          value: {{ ( hostvars[node]['ansible_fabric']['ipv4']['address'] ~ '/' ~ hostvars[node]['ansible_fabric']['ipv4']['netmask'] ) | ipaddr('cidr') }}
+{% else %}{# single node case #}
+          value: 10.168.0.253/24
+{% endif %}
+      requirements:
+          - target:
+              node: {{ hostvars[node]['ansible_hostname'] }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.MemberOfService
+
+{% endfor %}
+
+    VTN_ONOS_app:
+      type: tosca.nodes.ONOSVTNApp
+      requirements:
+          - onos_tenant:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.TenantOfService
+          - vtn_service:
+              node: service#vtn
+              relationship: tosca.relationships.UsedByService
+      properties:
+          install_dependencies: http://mavenrepo:8080/repository/org/opencord/cord-config/1.1-SNAPSHOT/cord-config-1.1-SNAPSHOT.oar,http://mavenrepo:8080/repository/org/opencord/vtn/1.1-SNAPSHOT/vtn-1.1-SNAPSHOT.oar
+          dependencies: org.onosproject.drivers, org.onosproject.drivers.ovsdb, org.onosproject.openflow-base, org.onosproject.ovsdb-base, org.onosproject.dhcp
+          autogenerate: vtn-network-cfg
+