diff --git a/opencloud-multi-playbook.yml b/opencloud-multi-playbook.yml
index 178ea11..b782476 100644
--- a/opencloud-multi-playbook.yml
+++ b/opencloud-multi-playbook.yml
@@ -45,8 +45,13 @@
 - name: Create VM's, Configure Juju, install XOS
   hosts: head
   roles:
+    - create-lxd
     - create-vms
+    - xos-install
+    - onos-vm-install
     - juju-setup
+    - docker-compose
+    - xos-head-start
 
 - name: Configure compute nodes
   hosts: compute
diff --git a/roles/automation-integration/defaults/main.yml b/roles/automation-integration/defaults/main.yml
new file mode 100644
index 0000000..c7af0e3
--- /dev/null
+++ b/roles/automation-integration/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+# automation-integration/defaults/main.yml
+
+cord_in_a_box: False
diff --git a/roles/compute-prep/tasks/main.yml b/roles/compute-prep/tasks/main.yml
index ddda2c3..76dffe2 100644
--- a/roles/compute-prep/tasks/main.yml
+++ b/roles/compute-prep/tasks/main.yml
@@ -43,3 +43,4 @@
   pip:
     name=requests
     state=absent
+
diff --git a/roles/config-virt/handlers/main.yml b/roles/config-virt/handlers/main.yml
index 82957e2..3761533 100644
--- a/roles/config-virt/handlers/main.yml
+++ b/roles/config-virt/handlers/main.yml
@@ -5,3 +5,6 @@
   service:
     name=libvirt-bin
     state=restarted
+
+- name: run qemu hook
+  command: /etc/libvirt/hooks/qemu start start
diff --git a/roles/config-virt/tasks/main.yml b/roles/config-virt/tasks/main.yml
index 8937824..f81de29 100644
--- a/roles/config-virt/tasks/main.yml
+++ b/roles/config-virt/tasks/main.yml
@@ -58,6 +58,21 @@
     autostart=yes
   with_items: '{{ virt_nets }}'
 
+
+- name: Have libvirt enable port forwarding to VM's
+  become: yes
+  template:
+    src={{ item }}.j2
+    dest=/etc/libvirt/hooks/{{ item }}
+    mode=0755 owner=root
+  with_items:
+    - daemon
+    - qemu
+  notify:
+    - reload libvirt-bin
+    - run qemu hook
+  when: not on_maas
+
 - name: Wait for uvt-kvm image to be available
   when: "{{ uvtool_image.matched < 1 }}"
   async_status: jid={{ uvt_sync.ansible_job_id }}
diff --git a/roles/create-vms/tasks/main.yml b/roles/create-vms/tasks/main.yml
index e950772..a070aa4 100644
--- a/roles/create-vms/tasks/main.yml
+++ b/roles/create-vms/tasks/main.yml
@@ -107,3 +107,4 @@
   command: ansible-playbook "{{ ansible_user_dir }}/docker-install-playbook.yml"
   tags:
     - skip_ansible_lint # running a sub job
+
diff --git a/roles/head-diag/files/docker_logs.sh b/roles/head-diag/files/docker_logs.sh
deleted file mode 100644
index 0a76bca..0000000
--- a/roles/head-diag/files/docker_logs.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-
-mkdir -p ~/docker_logs
-rm -rf ~/docker_logs/*
-
-for container in `docker ps --format "{{.Names}}"`;
-do
-  docker logs $container > ~/docker_logs/$container.log 2>&1;
-done
-
-cp  ~/service-profile/cord-pod/*.out ~/docker_logs
-
diff --git a/roles/head-diag/tasks/main.yml b/roles/head-diag/tasks/main.yml
index 8a8c750..065889e 100644
--- a/roles/head-diag/tasks/main.yml
+++ b/roles/head-diag/tasks/main.yml
@@ -10,7 +10,7 @@
   - juju
   - openstack
   - onos
-  - xos
+  - docker
 
 - name: Head node diag collection
   shell: "{{ item }} > ~/{{ diag_dir }}/head/{{ item | regex_replace('[^\\w-]', '_')}}"
@@ -25,6 +25,8 @@
    - "cat /etc/resolv.conf"
    - "cat /etc/lsb-release"
    - "sudo uvt-kvm list"
+   - "sudo virsh list"
+   - "sudo docker ps"
 
 - name: Juju diag collection
   shell: "{{ item }} > ~/{{ diag_dir }}/juju/{{ item | regex_replace('[^\\w-]', '_')}}"
@@ -66,6 +68,8 @@
    - "bundle:list"
    - "cordvtn-node-check nova-compute-1"
    - "cordvtn-nodes"
+   - "cordvtn-networks"
+   - "cordvtn-ports"
    - "dhcp-list"
    - "flows"
    - "hosts"
@@ -74,21 +78,18 @@
    - "ports"
    - "summary"
 
-- name: XOS diag collection
-  shell: "ssh ubuntu@xos-1 \"{{ item }}\" > ~/{{ diag_dir }}/xos/{{ item | regex_replace('[^\\w-]', '_')}}"
-  args:
-    creates: "~/{{ diag_dir }}/xos/{{ item | regex_replace('[^\\w-]', '_')}}"
-  with_items:
-   - "docker ps"
-   - "arp -n"
-   - "ifconfig -a"
-
-- name: Copy/run/retrieve XOS docker logs
-  command: "{{ item }}"
+- name: Docker diag collection - Find names for all running Docker containers
+  shell: "sudo docker ps --format '{{ '{{' }} .Names {{ '}}' }}'"
+  register: docker_containers
   tags:
-   - skip_ansible_lint # don't know the name of docker containers for all configurations
-  with_items:
-   - "scp {{ role_path }}/files/docker_logs.sh ubuntu@xos-1:~/docker_logs.sh"
-   - "ssh ubuntu@xos-1 'bash ~/docker_logs.sh'"
-   - "rsync -avP ubuntu@xos-1:~/docker_logs/ ~/{{ diag_dir }}/xos/"
+    - skip_ansible_lint # collecting docker container names
+
+- name: Docker diag collection - Collect logs from Docker containers
+  shell: "sudo docker logs {{ item }} > ~/{{ diag_dir }}/docker/{{ item | regex_replace('[^\\w-]', '_')}} 2>&1"
+  args:
+    creates: "~/{{ diag_dir }}/docker/{{ item | regex_replace('[^\\w-]', '_')}}"
+  with_items: "{{ docker_containers.stdout.split('\n') }}"
+  tags:
+    - skip_ansible_lint # ansible-lint interprets the \n incorrectly
+
 
diff --git a/roles/head-prep/tasks/main.yml b/roles/head-prep/tasks/main.yml
index b22888d..ee265be 100644
--- a/roles/head-prep/tasks/main.yml
+++ b/roles/head-prep/tasks/main.yml
@@ -24,7 +24,6 @@
     update_cache=yes
     cache_valid_time=3600
   with_items:
-    - ansible
     - uvtool
     - git
     - bzr
@@ -37,6 +36,15 @@
     - python-lxml
     - virt-top
 
+- name: Make sure Ansible is newest version
+  apt:
+    name: "ansible"
+    state: latest
+    update_cache: yes
+    cache_valid_time: 3600
+  tags:
+    - skip_ansible_lint # ansible-lint complains about latest, need this or old built in 1.5.x version may be used if already installed.
+
 - name: Install Python packages
   pip:
     name={{ item}}
diff --git a/roles/juju-setup/files/daemon b/roles/juju-setup/files/daemon
deleted file mode 100644
index 8d9102b..0000000
--- a/roles/juju-setup/files/daemon
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/sh
-
-SHELL="/bin/bash"
-
-NIC=$( route|grep default|awk '{print $NF}' )
-
-NAME="${1}"
-OP="${2}"
-SUBOP="${3}"
-ARGS="${4}"
-
-add_port_fwd_rule() {
-    DPORT=$1
-    VM=$2
-    TOPORT=$3
-
-    VMIP=$( getent ahosts $VM|head -1|awk '{print $1}' )
-    iptables -t nat -C PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
-    if [ "$?" -ne 0 ]
-    then
-        iptables -t nat -A PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
-    fi
-}
-
-if [ "$OP" = "start" ] || [ "$OP" = "reload" ]
-then
-    iptables -t nat -F
-    add_port_fwd_rule 35357 keystone 35357
-    add_port_fwd_rule 4990 keystone 4990
-    add_port_fwd_rule 5000 keystone 5000
-    add_port_fwd_rule 8774 nova-cloud-controller 8774
-    add_port_fwd_rule 9696 neutron-api 9696
-    add_port_fwd_rule 9292 glance 9292
-    add_port_fwd_rule 8080 openstack-dashboard 80
-    add_port_fwd_rule 3128 nagios 80
-    add_port_fwd_rule 8777 ceilometer 8777
-
-    # Also flush the filter table before rules re-added
-    iptables -F
-fi
diff --git a/roles/test-exampleservice/tasks/main.yml b/roles/test-exampleservice/tasks/main.yml
index 796abb4..0be80ca 100644
--- a/roles/test-exampleservice/tasks/main.yml
+++ b/roles/test-exampleservice/tasks/main.yml
@@ -8,9 +8,6 @@
     chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
     target: exampleservice
 
-- name: Pause 60 seconds (work around bug in synchronizer)
-  pause: seconds=60
-
 - name: Re-run 'make vtn' (work around bug in synchronizer)
   make:
     chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
diff --git a/roles/test-vsg/tasks/main.yml b/roles/test-vsg/tasks/main.yml
index dda1612..fd45b52 100644
--- a/roles/test-vsg/tasks/main.yml
+++ b/roles/test-vsg/tasks/main.yml
@@ -8,9 +8,6 @@
     chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
     target: cord-subscriber
 
-- name: Pause 60 seconds (work around bug in synchronizer)
-  pause: seconds=60
-
 - name: Re-run 'make vtn' (work around bug in synchronizer)
   make:
     chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
diff --git a/roles/xos-compute-setup/tasks/main.yml b/roles/xos-compute-setup/tasks/main.yml
index 08c4f73..d8de0ed 100644
--- a/roles/xos-compute-setup/tasks/main.yml
+++ b/roles/xos-compute-setup/tasks/main.yml
@@ -3,18 +3,18 @@
 #
 # Tell XOS that a new compute node has been added
 
-- name: Build XOS containers
-  make:
-    chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
-    target: new-nodes
-
-- name: Pause 5 seconds
-  pause: seconds=5
-
-- name: Remove vtn-external.yaml
-  file: path="{{ service_profile_repo_dest }}/{{ xos_configuration }}/vtn-external.yaml" state=absent
+- name: Create nodes/vtn TOSCA config
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ service_profile_repo_dest }}/{{ xos_configuration }}/{{ item }}"
+    owner: "{{ ansible_user_id }}"
+    mode: 0644
+  with_items:
+    - vtn.yaml
+    - nodes.yaml
 
 - name: Rebuild VTN configuration with new nodes block
   make:
     chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
     target: vtn
+
diff --git a/roles/xos-compute-setup/templates/nodes.yaml.j2 b/roles/xos-compute-setup/templates/nodes.yaml.j2
new file mode 100644
index 0000000..7ba953b
--- /dev/null
+++ b/roles/xos-compute-setup/templates/nodes.yaml.j2
@@ -0,0 +1,31 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: list of compute nodes, created by platform-install
+
+topology_template:
+  node_templates:
+
+# Site/Deployment, fully defined in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+
+    {{ deployment_type }}:
+      type: tosca.nodes.Deployment
+
+# compute nodes
+{% for node in groups["compute"] %}
+    {{ hostvars[node]['ansible_hostname'] }}:
+      type: tosca.nodes.Node
+      requirements:
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+        - deployment:
+            node: {{ deployment_type }}
+            relationship: tosca.relationships.MemberOfDeployment
+
+{% endfor %}
+
diff --git a/roles/xos-compute-setup/templates/vtn.yaml.j2 b/roles/xos-compute-setup/templates/vtn.yaml.j2
new file mode 100644
index 0000000..498eeef
--- /dev/null
+++ b/roles/xos-compute-setup/templates/vtn.yaml.j2
@@ -0,0 +1,102 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: autogenerated node tags file for VTN configuration
+
+topology_template:
+  node_templates:
+
+    service#ONOS_CORD:
+      type: tosca.nodes.ONOSService
+      requirements:
+      properties:
+          kind: onos
+          view_url: /admin/onos/onosservice/$id$/
+          no_container: true
+          rest_hostname: onos-cord
+          replaces: service_ONOS_CORD
+
+    service#vtn:
+      type: tosca.nodes.VTNService
+      properties:
+          view_url: /admin/vtn/vtnservice/$id$/
+          privateGatewayMac: 00:00:00:00:00:01
+          localManagementIp: {{ management_network_ip }}
+          ovsdbPort: 6641
+          sshUser: root
+          sshKeyFile: /root/node_key
+          sshPort: 22
+          xosEndpoint: http://xos:8888/
+          xosUser: padmin@vicci.org
+          xosPassword: letmein
+          replaces: service_vtn
+          vtnAPIVersion: 2
+
+{% for node in groups["compute"] %}
+    {{ hostvars[node]['ansible_hostname'] }}:
+      type: tosca.nodes.Node
+
+    # VTN bridgeId field for node {{ hostvars[node]['ansible_hostname'] }}
+    {{ hostvars[node]['ansible_hostname'] }}_bridgeId_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: bridgeId
+          value: of:{{ "%016d" | format(loop.index) }}
+      requirements:
+          - target:
+              node: {{ hostvars[node]['ansible_hostname'] }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.MemberOfService
+
+    # VTN dataPlaneIntf field for node {{ hostvars[node]['ansible_hostname'] }}
+    {{ hostvars[node]['ansible_hostname'] }}_dataPlaneIntf_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: dataPlaneIntf
+          value: fabric
+      requirements:
+          - target:
+              node: {{ hostvars[node]['ansible_hostname'] }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.MemberOfService
+
+    # VTN dataPlaneIp field for node {{ hostvars[node]['ansible_hostname'] }}
+    {{ hostvars[node]['ansible_hostname'] }}_dataPlaneIp_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: dataPlaneIp
+{% if 'ipv4' in hostvars[node]['ansible_fabric'] %}
+          value: {{ ( hostvars[node]['ansible_fabric']['ipv4']['address'] ~ '/' ~ hostvars[node]['ansible_fabric']['ipv4']['netmask'] ) | ipaddr('cidr') }}
+{% else %}{# single node case #}
+          value: 10.168.0.253/24
+{% endif %}
+      requirements:
+          - target:
+              node: {{ hostvars[node]['ansible_hostname'] }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.MemberOfService
+
+{% endfor %}
+
+    VTN_ONOS_app:
+      type: tosca.nodes.ONOSVTNApp
+      requirements:
+          - onos_tenant:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.TenantOfService
+          - vtn_service:
+              node: service#vtn
+              relationship: tosca.relationships.UsedByService
+      properties:
+          install_dependencies: http://mavenrepo:8080/repository/org/opencord/cord-config/1.1-SNAPSHOT/cord-config-1.1-SNAPSHOT.oar,http://mavenrepo:8080/repository/org/opencord/vtn/1.1-SNAPSHOT/vtn-1.1-SNAPSHOT.oar
+          dependencies: org.onosproject.drivers, org.onosproject.drivers.ovsdb, org.onosproject.openflow-base, org.onosproject.ovsdb-base, org.onosproject.dhcp
+          autogenerate: vtn-network-cfg
+
diff --git a/roles/xos-head-start/tasks/main.yml b/roles/xos-head-start/tasks/main.yml
index 11720c7..09d0e1a 100644
--- a/roles/xos-head-start/tasks/main.yml
+++ b/roles/xos-head-start/tasks/main.yml
@@ -1,35 +1,9 @@
 ---
-# xos-start/tasks/main.yml
+# xos-head-start/tasks/main.yml
 
-- name: Build XOS containers
+- name: Run service-profile make targets
   make:
     chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
-    target: local_containers
+    target: "{{ item }}"
+  with_items: "{{ xos_config_targets }}"
 
-- name: Onboard services and start XOS
-  make:
-    chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
-    target: xos
-
-- name: Pause to let XOS initialize
-  pause: seconds=120
-
-- name: Initial VTN configuration
-  make:
-    chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
-    target: vtn
-
-- name: Initial fabric configuration
-  make:
-    chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
-    target: fabric
-
-- name: Pause to let ONOS initialize
-  pause: seconds=20
-  tags:
-    - skip_ansible_lint
-
-- name: Configure CORD services
-  make:
-    chdir: "{{ service_profile_repo_dest }}/{{ xos_configuration }}"
-    target: cord
diff --git a/roles/xos-install/tasks/main.yml b/roles/xos-install/tasks/main.yml
index 7f70790..52e492a 100644
--- a/roles/xos-install/tasks/main.yml
+++ b/roles/xos-install/tasks/main.yml
@@ -27,7 +27,7 @@
       src: "{{ playbook_dir }}/../../orchestration/{{ item }}"
       dest: "{{ ansible_user_dir }}/"
   when:
-      False # orchestration.stat.exists == True   # XXX
+      orchestration.stat.exists == True
   with_items:
       - service-profile
       - xos
@@ -46,7 +46,8 @@
       - vtn
       - olt
   when:
-      False # (orchestration.stat.exists == True) and (onos_apps.stat.exists == True)   # XXX
+      (orchestration.stat.exists == True) and (onos_apps.stat.exists == True)
+
 
 # ----  alternatively, check out repos from Internet ---
 
@@ -57,7 +58,7 @@
     version={{ service_profile_repo_branch }}
     force=yes
   when:
-    True # orchestration.stat.exists == False   # XXX
+    orchestration.stat.exists == False
 
 # ----  install keys ----
 
@@ -84,13 +85,17 @@
    - id_rsa.pub
    - node_key
 
-# ----
+- name: Create templated TOSCA files
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ service_profile_repo_dest }}/{{ xos_configuration }}/{{ item }}"
+  with_items: "{{ xos_tosca_templates }}"
 
 - name: Download Glance VM images
   get_url:
     url={{ item.url }}
     checksum={{ item.checksum }}
-    dest={{ service_profile_repo_dest }}/{{ xos_configuration }}/images/{{ item.name }}.img
+    dest={{ service_profile_repo_dest }}/{{ xos_configuration }}/images/{{ item.name }}.qcow2
   with_items: "{{ xos_images }}"
 
 # ---- pull docker images ----
diff --git a/roles/xos-install/templates/cord-services.yaml.j2 b/roles/xos-install/templates/cord-services.yaml.j2
new file mode 100644
index 0000000..b182f04
--- /dev/null
+++ b/roles/xos-install/templates/cord-services.yaml.j2
@@ -0,0 +1,173 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+description: Just enough Tosca to get the vSG slice running on the CORD POD, created by platform-install
+
+imports:
+   - custom_types/xos.yaml
+
+topology_template:
+  node_templates:
+
+# site, image, fully created in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+
+    image#vsg-1.1:
+      type: tosca.nodes.Image
+
+# management networks, fully created in management-net.yaml
+    management:
+      type: tosca.nodes.network.Network.XOS
+      properties:
+        no-create: true
+        no-delete: true
+        no-update: true
+
+    management_hosts:
+      type: tosca.nodes.network.Network.XOS
+      properties:
+        no-create: true
+        no-delete: true
+        no-update: true
+
+# ONOS_CORD, fully created in vtn.yaml
+    service#ONOS_CORD:
+      type: tosca.nodes.ONOSService
+      properties:
+        no-delete: true
+        no-create: true
+        no-update: true
+
+# ONOS_Fabric, fully created in fabric.yaml
+    service#ONOS_Fabric:
+      type: tosca.nodes.ONOSService
+      properties:
+        no-delete: true
+        no-create: true
+        no-update: true
+
+# CORD Services
+    service#vtr:
+      type: tosca.nodes.Service
+      properties:
+        view_url: /admin/vtr/vtrservice/$id$/
+        kind: vTR
+        replaces: service_vtr
+
+    service#volt:
+      type: tosca.nodes.VOLTService
+      requirements:
+        - vsg_tenant:
+            node: service#vsg
+            relationship: tosca.relationships.TenantOfService
+      properties:
+        view_url: /admin/volt/voltservice/$id$/
+        kind: vOLT
+        replaces: service_volt
+        public_key: { get_artifact: [ SELF, pubkey, LOCAL_FILE] }
+        private_key_fn: /opt/xos/services/volt/keys/volt_rsa
+      artifacts:
+        pubkey: /opt/xos/services/volt/keys/volt_rsa.pub
+
+    addresses_vsg:
+      type: tosca.nodes.AddressPool
+      properties:
+        addresses: 10.6.1.128/26
+        gateway_ip: 10.6.1.129
+        gateway_mac: 02:42:0a:06:01:01
+
+    addresses_public:
+      type: tosca.nodes.AddressPool
+      properties:
+        addresses: 10.6.1.192/26
+        gateway_ip: 10.6.1.193
+        gateway_mac: 02:42:0a:06:01:01
+
+    label_vsg:
+      type: tosca.nodes.NodeLabel
+
+    service#vsg:
+      type: tosca.nodes.VSGService
+      requirements:
+        - vrouter_tenant:
+            node: service#vrouter
+            relationship: tosca.relationships.TenantOfService
+      properties:
+        view_url: /admin/vsg/vsgservice/$id$/
+        backend_network_label: hpc_client
+        public_key: { get_artifact: [ SELF, pubkey, LOCAL_FILE] }
+        private_key_fn: /opt/xos/services/vsg/keys/vsg_rsa
+#       node_label: label_vsg
+        replaces: service_vsg
+      artifacts:
+        pubkey: /opt/xos/services/vsg/keys/vsg_rsa.pub
+
+    service#vrouter:
+      type: tosca.nodes.VRouterService
+      properties:
+        view_url: /admin/vrouter/vrouterservice/$id$/
+        replaces: service_vrouter
+      requirements:
+        - addresses_vsg:
+            node: addresses_vsg
+            relationship: tosca.relationships.ProvidesAddresses
+        - addresses_public:
+            node: addresses_public
+            relationship: tosca.relationships.ProvidesAddresses
+
+    vRouter_ONOS_app:
+      type: tosca.nodes.ONOSvRouterApp
+      requirements:
+        - onos_tenant:
+            node: service#ONOS_Fabric
+            relationship: tosca.relationships.TenantOfService
+        - vrouter_service:
+            node: service#vrouter
+            relationship: tosca.relationships.UsedByService
+      properties:
+        dependencies: org.onosproject.vrouter
+        autogenerate: vrouter-network-cfg
+
+    template#vsg:
+      type: tosca.nodes.NetworkTemplate
+      properties:
+        visibility: private
+        translation: none
+        vtn_kind: VSG
+
+    # Networks required by the CORD setup
+    {{ site_name }}_vsg-access:
+      type: tosca.nodes.network.Network
+      properties:
+        ip_version: 4
+      requirements:
+        - network_template:
+            node: template#vsg
+            relationship: tosca.relationships.UsesNetworkTemplate
+        - owner:
+            node: {{ site_name }}_vsg
+            relationship: tosca.relationships.MemberOfSlice
+        - connection:
+            node: {{ site_name }}_vsg
+            relationship: tosca.relationships.ConnectsToSlice
+
+    # CORD Slices
+    {{ site_name }}_vsg:
+      description: vSG Controller Slice
+      type: tosca.nodes.Slice
+      properties:
+        network: noauto
+      requirements:
+        - vsg_service:
+            node: service#vsg
+            relationship: tosca.relationships.MemberOfService
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+        - management:
+            node: management
+            relationship: tosca.relationships.ConnectsToNetwork
+        - image:
+            node: image#vsg-1.1
+            relationship: tosca.relationships.DefaultImage
+
diff --git a/roles/xos-install/templates/cord-test-subscriber.yaml.j2 b/roles/xos-install/templates/cord-test-subscriber.yaml.j2
new file mode 100644
index 0000000..59d9cfe
--- /dev/null
+++ b/roles/xos-install/templates/cord-test-subscriber.yaml.j2
@@ -0,0 +1,121 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+description: Creates a CORD test subscriber, created by platform-install
+
+imports:
+   - custom_types/xos.yaml
+
+topology_template:
+  node_templates:
+
+# site, fully created in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+      properties:
+        no-delete: true
+        no-create: true
+        no-update: true
+
+# vsg slice, volt service, fully created in cord-services.yaml
+    {{ site_name }}_vsg:
+      type: tosca.nodes.Slice
+      properties:
+        no-delete: true
+        no-create: true
+        no-update: true
+
+    service#volt:
+      type: tosca.nodes.VOLTService
+      properties:
+        no-delete: true
+        no-create: true
+        no-update: true
+
+# Test subscriber
+
+    # Let's add a user who can be administrator of the household
+    johndoe@myhouse.com:
+      type: tosca.nodes.User
+      properties:
+        password: letmein
+        firstname: john
+        lastname: doe
+      requirements:
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+        - dependency:
+            node: {{ site_name }}_vsg
+            relationship: tosca.relationships.DependsOn
+
+    # A subscriber
+    My House:
+      type: tosca.nodes.CORDSubscriber
+      properties:
+        service_specific_id: 123
+        firewall_enable: false
+        cdn_enable: false
+        url_filter_enable: false
+        url_filter_level: R
+      requirements:
+        - house_admin:
+            node: johndoe@myhouse.com
+            relationship: tosca.relationships.AdminPrivilege
+
+    Mom's PC:
+      type: tosca.nodes.CORDUser
+      properties:
+        mac: 01:02:03:04:05:06
+        level: PG_13
+      requirements:
+        - household:
+            node: My House
+            relationship: tosca.relationships.SubscriberDevice
+
+    Dad's PC:
+      type: tosca.nodes.CORDUser
+      properties:
+        mac: 90:E2:BA:82:F9:75
+        level: PG_13
+      requirements:
+        - household:
+            node: My House
+            relationship: tosca.relationships.SubscriberDevice
+
+    Jack's Laptop:
+      type: tosca.nodes.CORDUser
+      properties:
+        mac: 68:5B:35:9D:91:D5
+        level: PG_13
+      requirements:
+        - household:
+            node: My House
+            relationship: tosca.relationships.SubscriberDevice
+
+    Jill's Laptop:
+      type: tosca.nodes.CORDUser
+      properties:
+        mac: 34:36:3B:C9:B6:A6
+        level: PG_13
+      requirements:
+        - household:
+            node: My House
+            relationship: tosca.relationships.SubscriberDevice
+
+    My Volt:
+      type: tosca.nodes.VOLTTenant
+      properties:
+        service_specific_id: 123
+        s_tag: 222
+        c_tag: 111
+      requirements:
+        - provider_service:
+            node: service#volt
+            relationship: tosca.relationships.MemberOfService
+        - subscriber:
+            node: My House
+            relationship: tosca.relationships.BelongsToSubscriber
+        - dependency:
+            node: {{ site_name }}_vsg
+            relationship: tosca.relationships.DependsOn
+
diff --git a/roles/xos-install/templates/deployment.yaml.j2 b/roles/xos-install/templates/deployment.yaml.j2
new file mode 100644
index 0000000..2d5dfd1
--- /dev/null
+++ b/roles/xos-install/templates/deployment.yaml.j2
@@ -0,0 +1,71 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: deployment config, generated by platform-install
+
+topology_template:
+  node_templates:
+
+# Flavors
+
+{% for flavor in deployment_flavors %}
+    {{ flavor }}:
+      type: tosca.nodes.Flavor
+
+{% endfor %}
+
+# Deployment
+    {{ deployment_type }}:
+      type: tosca.nodes.Deployment
+      requirements:
+{% for flavor in deployment_flavors %}
+          - {{ flavor }}:
+              node: {{ flavor }}
+              relationship: tosca.relationships.SupportsFlavor
+
+{% endfor %}
+
+# Site
+    {{ site_name }}:
+      type: tosca.nodes.Site
+      properties:
+          display_name: {{ site_humanname }}
+          site_url: http://{{ site_name }}.opencloud.us/
+          hosts_nodes: true
+      requirements:
+        - deployment:
+            node: {{ deployment_type }}
+            relationship: tosca.relationships.MemberOfDeployment
+
+# Attach the Tenant view to the deployment
+    Tenant:
+      type: tosca.nodes.DashboardView
+      properties:
+          no-create: true
+          no-delete: true
+      requirements:
+          - deployment:
+              node: {{ deployment_type }}
+              relationship: tosca.relationships.SupportsDeployment
+
+# XOS Users
+{% for user in xos_users %}
+    {{ user.email }}:
+      type: tosca.nodes.User
+      properties:
+        password: {{ user.password }}
+        firstname: {{ user.first | default(user.email) }}
+        lastname: {{ user.last | default("unknown") }}
+        is_admin: {{ user.admin | default("false") }}
+      requirements:
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+        - tenant_dashboard:
+              node: Tenant
+              relationship: tosca.relationships.UsesDashboard
+
+{% endfor %}
+
diff --git a/roles/xos-install/templates/exampleservice.yaml.j2 b/roles/xos-install/templates/exampleservice.yaml.j2
new file mode 100644
index 0000000..53c2173
--- /dev/null
+++ b/roles/xos-install/templates/exampleservice.yaml.j2
@@ -0,0 +1,104 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+description: Setup the ExampleService on the pod
+
+imports:
+   - custom_types/xos.yaml
+   - custom_types/exampleservice.yaml
+
+topology_template:
+  node_templates:
+
+# image/flavor are hardcoded - FIXME if/when they change
+    m1.small:
+      type: tosca.nodes.Flavor
+
+    trusty-server-multi-nic:
+      type: tosca.nodes.Image
+
+# private network template, created in fixtures.yml
+    Private:
+      type: tosca.nodes.NetworkTemplate
+
+# site, fully created in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+
+# management network, fully created in management-net.yaml
+    management:
+      type: tosca.nodes.network.Network.XOS
+      properties:
+        no-create: true
+        no-delete: true
+        no-update: true
+
+# public network, fully created in public-net.yaml
+    public:
+      type: tosca.nodes.network.Network.XOS
+      properties:
+        no-create: true
+        no-delete: true
+        no-update: true
+
+# vrouter service, fully created in cord-service.yaml
+    service#vrouter:
+      type: tosca.nodes.Service
+      properties:
+        no-create: true
+        no-delete: true
+        no-update: true
+
+# ExampleService/ExampleTenant
+
+    {{ site_name }}_exampleservice:
+      description: This slice holds the ExampleService
+      type: tosca.nodes.Slice
+      properties:
+        network: noauto
+      requirements:
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+        - management:
+            node: management
+            relationship: tosca.relationships.ConnectsToNetwork
+        - public:
+            node: public
+            relationship: tosca.relationships.ConnectsToNetwork
+        - exmapleserver:
+            node: service#exampleservice
+            relationship: tosca.relationships.MemberOfService
+        - image:
+            node: trusty-server-multi-nic
+            relationship: tosca.relationships.DefaultImage
+        - default_flavor:
+            node: m1.small
+            relationship: tosca.relationships.DefaultFlavor
+
+    service#exampleservice:
+      type: tosca.nodes.ExampleService
+      requirements:
+        - management:
+            node: management
+            relationship: tosca.relationships.UsesNetwork
+      properties:
+        view_url: /admin/exampleservice/exampleservice/$id$/
+        kind: exampleservice
+        public_key: { get_artifact: [ SELF, pubkey, LOCAL_FILE] }
+        private_key_fn: /opt/xos/services/exampleservice/keys/exampleservice_rsa
+        service_message: hello
+      artifacts:
+        pubkey: /opt/xos/services/exampleservice/keys/exampleservice_rsa.pub
+
+    tenant#exampletenant1:
+      type: tosca.nodes.ExampleTenant
+      properties:
+        tenant_message: world
+      requirements:
+        - tenant:
+            node: service#exampleservice
+            relationship: tosca.relationships.TenantOfService
+        - dependency:
+            node: {{ site_name }}_exampleservice
+            relationship: tosca.relationships.DependsOn
+
diff --git a/roles/xos-install/templates/fabric.yaml.j2 b/roles/xos-install/templates/fabric.yaml.j2
new file mode 100644
index 0000000..664505f
--- /dev/null
+++ b/roles/xos-install/templates/fabric.yaml.j2
@@ -0,0 +1,62 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: fabric configuration generated by platform-install
+
+
+topology_template:
+  node_templates:
+
+    service#ONOS_Fabric:
+      type: tosca.nodes.ONOSService
+      requirements:
+      properties:
+          kind: onos
+          view_url: /admin/onos/onosservice/$id$/
+          no_container: true
+          rest_hostname: onos-fabric
+          replaces: service_ONOS_Fabric
+          rest_onos/v1/network/configuration/: { get_artifact: [ SELF, fabric_network_cfg_json, LOCAL_FILE ] }
+      artifacts:
+          fabric_network_cfg_json: /root/setup/network-cfg-quickstart.json
+
+    service#fabric:
+      type: tosca.nodes.FabricService
+      properties:
+          view_url: /admin/fabric/fabricservice/$id$/
+          replaces: service_fabric
+
+    Fabric_ONOS_app:
+      type: tosca.nodes.ONOSApp
+      requirements:
+          - onos_tenant:
+              node: service#ONOS_Fabric
+              relationship: tosca.relationships.TenantOfService
+          - fabric_service:
+              node: service#fabric
+              relationship: tosca.relationships.UsedByService
+      properties:
+          dependencies: org.onosproject.drivers, org.onosproject.openflow-base, org.onosproject.netcfghostprovider, org.onosproject.netcfglinksprovider, org.onosproject.segmentrouting, org.onosproject.vrouter, org.onosproject.hostprovider
+
+{% for node in groups["compute"] %}
+    {{ node }}:
+      type: tosca.nodes.Node
+
+    # Fabric location field for node $NODE
+    {{ node }}_location_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: location
+          value: of:0000000000000001/1
+      requirements:
+          - target:
+              node: {{ node }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_Fabric
+              relationship: tosca.relationships.MemberOfService
+
+{% endfor %}
+
diff --git a/roles/xos-install/templates/management-net.yaml.j2 b/roles/xos-install/templates/management-net.yaml.j2
new file mode 100644
index 0000000..79ea589
--- /dev/null
+++ b/roles/xos-install/templates/management-net.yaml.j2
@@ -0,0 +1,52 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: management network config, generated by platform-install
+
+topology_template:
+  node_templates:
+
+# site, fully created in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+
+# management network
+    management_template:
+      type: tosca.nodes.NetworkTemplate
+      properties:
+        visibility: private
+        translation: none
+        vtn_kind: MANAGEMENT_LOCAL
+
+    management_hosts_template:
+      type: tosca.nodes.NetworkTemplate
+      properties:
+          visibility: private
+          translation: none
+          vtn_kind: MANAGEMENT_HOST
+
+    management:
+      type: tosca.nodes.network.Network
+      properties:
+        ip_version: 4
+        cidr: {{ management_network_cidr }}
+      requirements:
+        - network_template:
+            node: management_template
+            relationship: tosca.relationships.UsesNetworkTemplate
+        - owner:
+            node: {{ site_name }}_management
+            relationship: tosca.relationships.MemberOfSlice
+
+    {{ site_name }}_management:
+      description: This slice exists solely to own the management network
+      type: tosca.nodes.Slice
+      properties:
+        network: noauto
+      requirements:
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+
diff --git a/roles/xos-install/templates/nodes.yaml.j2 b/roles/xos-install/templates/nodes.yaml.j2
new file mode 100644
index 0000000..7ba953b
--- /dev/null
+++ b/roles/xos-install/templates/nodes.yaml.j2
@@ -0,0 +1,31 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: list of compute nodes, created by platform-install
+
+topology_template:
+  node_templates:
+
+# Site/Deployment, fully defined in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+
+    {{ deployment_type }}:
+      type: tosca.nodes.Deployment
+
+# compute nodes
+{% for node in groups["compute"] %}
+    {{ hostvars[node]['ansible_hostname'] }}:
+      type: tosca.nodes.Node
+      requirements:
+        - site:
+            node: {{ site_name }}
+            relationship: tosca.relationships.MemberOfSite
+        - deployment:
+            node: {{ deployment_type }}
+            relationship: tosca.relationships.MemberOfDeployment
+
+{% endfor %}
+
diff --git a/roles/xos-install/templates/openstack.yaml.j2 b/roles/xos-install/templates/openstack.yaml.j2
new file mode 100644
index 0000000..65d2338
--- /dev/null
+++ b/roles/xos-install/templates/openstack.yaml.j2
@@ -0,0 +1,70 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: openstack extensions to deployment, generated by platform-install
+
+topology_template:
+  node_templates:
+
+# Images and flavors
+{% for image in xos_images %}
+    {{ image.name }}:
+      type: tosca.nodes.Image
+      properties:
+         path: /opt/xos/images/{{ image.name }}.qcow2
+         disk_format: QCOW2
+         container_format: BARE
+
+{% endfor %}
+
+{% for flavor in deployment_flavors %}
+    {{ flavor }}:
+      type: tosca.nodes.Flavor
+
+{% endfor %}
+
+# Deployment - adds images/flavors to site defined in deployment.yaml
+    {{ deployment_type }}:
+      type: tosca.nodes.Deployment
+      requirements:
+{% for flavor in deployment_flavors %}
+          - {{ flavor }}:
+              node: {{ flavor }}
+              relationship: tosca.relationships.SupportsFlavor
+{% endfor %}
+
+# OpenStack Controller
+    {{ site_name }}_{{ deployment_type }}_openstack:
+      type: tosca.nodes.Controller
+      requirements:
+        - deployment:
+            node: {{ deployment_type }}
+            relationship: tosca.relationships.ControllerDeployment
+      properties:
+          backend_type: OpenStack
+          version: Kilo
+          auth_url: { get_script_env: [ SELF, adminrc, OS_AUTH_URL, LOCAL_FILE] }
+          admin_user: { get_script_env: [ SELF, adminrc, OS_USERNAME, LOCAL_FILE] }
+          admin_password: { get_script_env: [ SELF, adminrc, OS_PASSWORD, LOCAL_FILE] }
+          admin_tenant: { get_script_env: [ SELF, adminrc, OS_TENANT_NAME, LOCAL_FILE] }
+          domain: Default
+      artifacts:
+          adminrc: /root/setup/admin-openrc.sh
+
+# Site - adds openstack controller to site defined in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+      properties:
+          display_name: {{ site_humanname }}
+          site_url: http://{{ site_name }}.opencloud.us/
+          hosts_nodes: true
+      requirements:
+        - deployment:
+            node: {{ deployment_type }}
+            relationship: tosca.relationships.MemberOfDeployment
+        - controller:
+            node: {{ site_name }}_{{ deployment_type }}_openstack
+            relationship: tosca.relationships.UsesController
+
diff --git a/roles/xos-install/templates/public-net.yaml.j2 b/roles/xos-install/templates/public-net.yaml.j2
new file mode 100644
index 0000000..bd12924
--- /dev/null
+++ b/roles/xos-install/templates/public-net.yaml.j2
@@ -0,0 +1,52 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: public network config, generated by platform-install
+
+topology_template:
+  node_templates:
+
+# site, fully created in deployment.yaml
+    {{ site_name }}:
+      type: tosca.nodes.Site
+
+# vrouter service, fully created in cord-service.yaml
+    service#vrouter:
+      type: tosca.nodes.VRouterService
+
+# public network
+    public_template:
+      type: tosca.nodes.NetworkTemplate
+      properties:
+          visibility: private
+          translation: none
+          vtn_kind: PUBLIC
+
+    public:
+      type: tosca.nodes.network.Network
+      properties:
+          ip_version: 4
+      requirements:
+          - network_template:
+              node: public_template
+              relationship: tosca.relationships.UsesNetworkTemplate
+          - owner:
+              node: {{ site_name }}_public
+              relationship: tosca.relationships.MemberOfSlice
+          - vrouter_tenant:
+              node: service#vrouter
+              relationship: tosca.relationships.TenantOfService
+
+
+    {{ site_name }}_public:
+      description: This slice exists solely to own the public network
+      type: tosca.nodes.Slice
+      properties:
+          network: noauto
+      requirements:
+          - site:
+              node: {{ site_name }}
+              relationship: tosca.relationships.MemberOfSite
+
diff --git a/roles/xos-install/templates/vtn.yaml.j2 b/roles/xos-install/templates/vtn.yaml.j2
new file mode 100644
index 0000000..498eeef
--- /dev/null
+++ b/roles/xos-install/templates/vtn.yaml.j2
@@ -0,0 +1,102 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+   - custom_types/xos.yaml
+
+description: autogenerated node tags file for VTN configuration
+
+topology_template:
+  node_templates:
+
+    service#ONOS_CORD:
+      type: tosca.nodes.ONOSService
+      requirements:
+      properties:
+          kind: onos
+          view_url: /admin/onos/onosservice/$id$/
+          no_container: true
+          rest_hostname: onos-cord
+          replaces: service_ONOS_CORD
+
+    service#vtn:
+      type: tosca.nodes.VTNService
+      properties:
+          view_url: /admin/vtn/vtnservice/$id$/
+          privateGatewayMac: 00:00:00:00:00:01
+          localManagementIp: {{ management_network_ip }}
+          ovsdbPort: 6641
+          sshUser: root
+          sshKeyFile: /root/node_key
+          sshPort: 22
+          xosEndpoint: http://xos:8888/
+          xosUser: padmin@vicci.org
+          xosPassword: letmein
+          replaces: service_vtn
+          vtnAPIVersion: 2
+
+{% for node in groups["compute"] %}
+    {{ hostvars[node]['ansible_hostname'] }}:
+      type: tosca.nodes.Node
+
+    # VTN bridgeId field for node {{ hostvars[node]['ansible_hostname'] }}
+    {{ hostvars[node]['ansible_hostname'] }}_bridgeId_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: bridgeId
+          value: of:{{ "%016d" | format(loop.index) }}
+      requirements:
+          - target:
+              node: {{ hostvars[node]['ansible_hostname'] }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.MemberOfService
+
+    # VTN dataPlaneIntf field for node {{ hostvars[node]['ansible_hostname'] }}
+    {{ hostvars[node]['ansible_hostname'] }}_dataPlaneIntf_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: dataPlaneIntf
+          value: fabric
+      requirements:
+          - target:
+              node: {{ hostvars[node]['ansible_hostname'] }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.MemberOfService
+
+    # VTN dataPlaneIp field for node {{ hostvars[node]['ansible_hostname'] }}
+    {{ hostvars[node]['ansible_hostname'] }}_dataPlaneIp_tag:
+      type: tosca.nodes.Tag
+      properties:
+          name: dataPlaneIp
+{% if 'ipv4' in hostvars[node]['ansible_fabric'] %}
+          value: {{ ( hostvars[node]['ansible_fabric']['ipv4']['address'] ~ '/' ~ hostvars[node]['ansible_fabric']['ipv4']['netmask'] ) | ipaddr('cidr') }}
+{% else %}{# single node case #}
+          value: 10.168.0.253/24
+{% endif %}
+      requirements:
+          - target:
+              node: {{ hostvars[node]['ansible_hostname'] }}
+              relationship: tosca.relationships.TagsObject
+          - service:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.MemberOfService
+
+{% endfor %}
+
+    VTN_ONOS_app:
+      type: tosca.nodes.ONOSVTNApp
+      requirements:
+          - onos_tenant:
+              node: service#ONOS_CORD
+              relationship: tosca.relationships.TenantOfService
+          - vtn_service:
+              node: service#vtn
+              relationship: tosca.relationships.UsedByService
+      properties:
+          install_dependencies: http://mavenrepo:8080/repository/org/opencord/cord-config/1.1-SNAPSHOT/cord-config-1.1-SNAPSHOT.oar,http://mavenrepo:8080/repository/org/opencord/vtn/1.1-SNAPSHOT/vtn-1.1-SNAPSHOT.oar
+          dependencies: org.onosproject.drivers, org.onosproject.drivers.ovsdb, org.onosproject.openflow-base, org.onosproject.ovsdb-base, org.onosproject.dhcp
+          autogenerate: vtn-network-cfg
+
diff --git a/scripts/lintcheck.sh b/scripts/lintcheck.sh
old mode 100644
new mode 100755
diff --git a/vars/aztest.yml b/vars/aztest.yml
index 13702f4..8a2ea6c 100644
--- a/vars/aztest.yml
+++ b/vars/aztest.yml
@@ -1,22 +1,32 @@
 ---
 # file: group_vars/aztest.yml
 
+# site configuration
+site_name: aztest
+site_humanname: "Arizona Test Site"
+
+deployment_type: campus
+
+xos_users:
+  - email: padmin@vicci.org
+    password: letmein
+    first: PAdmin
+    last: VicciOrg
+    admin: true
+
 # IP prefix for VMs
 virt_nets:
   - name: mgmtbr
     ipv4_prefix: 192.168.250
     head_vms: true
 
-# site domain suffix
+# DNS/domain settings
 site_suffix: aztest.infra.opencloud.us
 
-# resolv.conf settings
 dns_search:
   - aztest.infra.opencloud.us
   - opencloud.cs.arizona.edu
 
-# NSD/Unbound settings
-
 nsd_zones:
   - name: aztest.infra.opencloud.us
     ipv4_first_octets: 192.168.250
@@ -35,3 +45,8 @@
 # If true, unbound listens on the head node's `ansible_default_ipv4` interface
 unbound_listen_on_default: True
 
+# VTN network configuration
+management_network_cidr: 172.27.0.0/24
+management_network_ip: 172.27.0.1/24
+data_plane_ip: 10.168.0.253/24
+
diff --git a/vars/cord.yml b/vars/cord.yml
index ada677e..1209ab7 100644
--- a/vars/cord.yml
+++ b/vars/cord.yml
@@ -1,6 +1,19 @@
 ---
 # file: group_vars/cord.yml
 
+# site configuration
+site_name: mysite
+site_humanname: MySite
+
+deployment_type: MyDeployment
+
+xos_users:
+  - email: padmin@vicci.org
+    password: letmein
+    first: PAdmin
+    last: VicciOrg
+    admin: true
+
 # VM networks/bridges on head
 virt_nets:
   - name: mgmtbr
@@ -33,22 +46,11 @@
 # If true, unbound listens on the head node's `ansible_default_ipv4` interface
 unbound_listen_on_default: True
 
-xos_images:
-  - name: "trusty-server-multi-nic"
-    url: "http://www.vicci.org/opencloud/trusty-server-cloudimg-amd64-disk1.img"
-    checksum: "sha256:c2d0ffc937aeb96016164881052a496658efeb98959dc68e73d9895c5d9920f7"
-  - name: "vsg-1.1"
-    url: "http://www.vicci.org/cord/vsg-1.1.img"
-    checksum: "sha256:16b0beb6778aed0f5feecb05f8d5750e6c262f98e6011e99ddadf7d46a177b6f"
-  - name: ceilometer-trusty-server-multi-nic
-    url: "http://www.vicci.org/cord/ceilometer-trusty-server-multi-nic.compressed.qcow2"
-    checksum: "sha256:afde3f0448483902693be4d52ae76bb683fd74b1c7728019094bf81b37d86105"
-  - name: ceilometer-service-trusty-server-multi-nic
-    url: "http://www.vicci.org/cord/ceilometer-service-trusty-server-multi-nic.compressed.qcow2"
-    checksum: "sha256:9c346ff15727e9a98942835d6bd34b3d033f868234425f517e53d64b5a124a13"
-
 # turn this on, or override it when running the playbook with --extra-vars="on_cloudlab=True"
 on_cloudlab: False
 
-# turn this on, or override it when running the playbook with --extra-vars="cord_in_a_box=True"
-cord_in_a_box: False
+# VTN network configuration
+management_network_cidr: 172.27.0.0/24
+management_network_ip: 172.27.0.1/24
+data_plane_ip: 10.168.0.253/24
+
diff --git a/vars/cord_defaults.yml b/vars/cord_defaults.yml
index b6b709a..92ca603 100644
--- a/vars/cord_defaults.yml
+++ b/vars/cord_defaults.yml
@@ -18,7 +18,30 @@
 
 xos_configuration: cord-pod
 
-xos_repo_dest: "~/xos"
+xos_config_targets:
+  - local_containers
+  - xos
+  - vtn
+  - fabric
+  - cord
+
+xos_tosca_templates:
+  - cord-services.yaml
+  - cord-test-subscriber.yaml
+  - deployment.yaml
+  - exampleservice.yaml
+  - fabric.yaml
+  - management-net.yaml
+  - nodes.yaml
+  - openstack.yaml
+  - public-net.yaml
+  - vtn.yaml
+
+deployment_flavors:
+  - m1.small
+  - m1.medium
+  - m1.large
+  - m1.xlarge
 
 xos_container_rebuild: False
 
@@ -199,6 +222,7 @@
   - name: "ceilometer:ceilometer-service"
     relations: [ "ceilometer-agent:ceilometer-service", ]
 
+
 compute_relations:
   - name: nova-compute
     relations: [ "ceilometer-agent", "glance", "nova-cloud-controller", "nagios", "nrpe", ]
@@ -211,3 +235,22 @@
 
   - name: ntp
     relations: [ "nova-compute", ]
+
+
+xos_images:
+  - name: "trusty-server-multi-nic"
+    url: "http://www.vicci.org/opencloud/trusty-server-cloudimg-amd64-disk1.img"
+    checksum: "sha256:c2d0ffc937aeb96016164881052a496658efeb98959dc68e73d9895c5d9920f7"
+
+  - name: "vsg-1.1"
+    url: "http://www.vicci.org/cord/vsg-1.1.img"
+    checksum: "sha256:16b0beb6778aed0f5feecb05f8d5750e6c262f98e6011e99ddadf7d46a177b6f"
+
+  - name: "ceilometer-trusty-server-multi-nic"
+    url: "http://www.vicci.org/cord/ceilometer-trusty-server-multi-nic.compressed.qcow2"
+    checksum: "sha256:afde3f0448483902693be4d52ae76bb683fd74b1c7728019094bf81b37d86105"
+
+  - name: "ceilometer-service-trusty-server-multi-nic"
+    url: "http://www.vicci.org/cord/ceilometer-service-trusty-server-multi-nic.compressed.qcow2"
+    checksum: "sha256:9c346ff15727e9a98942835d6bd34b3d033f868234425f517e53d64b5a124a13"
+
diff --git a/vars/cord_single_defaults.yml b/vars/cord_single_defaults.yml
deleted file mode 100644
index 41ae667..0000000
--- a/vars/cord_single_defaults.yml
+++ /dev/null
@@ -1,232 +0,0 @@
----
-# vars/cord_defaults.yml
-
-# For a single-node case, we don't expect the node to already have been
-# provisioned by CORD MaaS.  It's just Ubuntu 14.04.
-on_maas: false
-
-run_dist_upgrade: false
-
-openstack_version: kilo
-
-juju_config_name: cord
-
-juju_config_path: /usr/local/src/juju_config.yml
-
-service_profile_repo_dest: "{{ ansible_user_dir }}/service-profile"
-
-xos_configuration: cord-pod
-
-xos_container_rebuild: False
-
-test_client_install: True
-
-apt_cacher_name: apt-cache
-
-apt_ssl_sites:
-  - apt.dockerproject.org
-  - butler.opencloud.cs.arizona.edu
-  - deb.nodesource.com
-
-charm_versions:
-  ceilometer: "cs:trusty/ceilometer-17"
-  ceilometer-agent: "cs:trusty/ceilometer-agent-13"
-  glance: "cs:trusty/glance-28"
-  keystone: "cs:trusty/keystone-33"
-  mongodb: "cs:trusty/mongodb-33"
-  percona-cluster: "cs:trusty/percona-cluster-31"
-  neutron-api: "cs:~cordteam/trusty/neutron-api-3"
-  nova-cloud-controller: "cs:trusty/nova-cloud-controller-64"
-  nova-compute: "cs:~cordteam/trusty/nova-compute-2"
-  ntp: "cs:trusty/ntp-14"
-  openstack-dashboard: "cs:trusty/openstack-dashboard-19"
-  rabbitmq-server: "cs:trusty/rabbitmq-server-42"
-
-head_vm_list:
-  - name: "juju-1"
-    service: "juju"
-    aliases:
-      - "juju"
-    ipv4_last_octet: 10
-    cpu: 1
-    memMB: 2048
-    diskGB: 20
-
-  - name: "ceilometer-1"
-    service: "ceilometer"
-    aliases:
-      - "ceilometer"
-    ipv4_last_octet: 20
-    cpu: 1
-    memMB: 2048
-    diskGB: 20
-    forwarded_ports:
-      - { ext: 8777, int: 8777 }
-
-  - name: "glance-1"
-    service: "glance"
-    aliases:
-      - "glance"
-    ipv4_last_octet: 30
-    cpu: 2
-    memMB: 4096
-    diskGB: 160
-    forwarded_ports:
-      - { ext: 9292, int: 9292 }
-
-  - name: "keystone-1"
-    service: "keystone"
-    aliases:
-      - "keystone"
-    ipv4_last_octet: 40
-    cpu: 2
-    memMB: 4096
-    diskGB: 40
-    forwarded_ports:
-      - { ext: 35357, int: 35357 }
-      - { ext: 4990, int: 4990 }
-      - { ext: 5000, int: 5000 }
-
-  - name: "percona-cluster-1"
-    service: "percona-cluster"
-    aliases:
-      - "percona-cluster"
-    ipv4_last_octet: 50
-    cpu: 2
-    memMB: 4096
-    diskGB: 40
-
-  - name: "neutron-api-1"
-    service: "neutron-api"
-    aliases:
-      - "neutron-api"
-    ipv4_last_octet: 70
-    cpu: 2
-    memMB: 4096
-    diskGB: 40
-    forwarded_ports:
-      - { ext: 9696, int: 9696 }
-
-  - name: "nova-cloud-controller-1"
-    service: "nova-cloud-controller"
-    aliases:
-      - "nova-cloud-controller"
-    ipv4_last_octet: 80
-    cpu: 2
-    memMB: 4096
-    diskGB: 40
-    forwarded_ports:
-      - { ext: 8774, int: 8774 }
-
-  - name: "openstack-dashboard-1"
-    service: "openstack-dashboard"
-    aliases:
-      - "openstack-dashboard"
-    ipv4_last_octet: 90
-    cpu: 1
-    memMB: 2048
-    diskGB: 20
-    forwarded_ports:
-      - { ext: 8080, int: 80 }
-
-  - name: "rabbitmq-server-1"
-    service: "rabbitmq-server"
-    aliases:
-      - "rabbitmq-server"
-    ipv4_last_octet: 100
-    cpu: 2
-    memMB: 4096
-    diskGB: 40
-
-  - name: "onos-cord-1"
-    aliases:
-      - "onos-cord"
-    ipv4_last_octet: 110
-    cpu: 2
-    memMB: 4096
-    diskGB: 40
-    docker_path: "cord"
-
-  - name: "onos-fabric-1"
-    aliases:
-      - "onos-fabric"
-    ipv4_last_octet: 120
-    cpu: 2
-    memMB: 4096
-    diskGB: 40
-    docker_path: "cord"
-
-#  - name: "xos-1"
-#    aliases:
-#      - "xos"
-#    ipv4_last_octet: 130
-#    cpu: 2
-#    memMB: 4096
-#    diskGB: 40
-#    docker_path: 'service-profile/cord-pod'
-
-  - name: "nova-compute-1"
-    service: "nova-compute"
-    root_ssh_login: true
-    aliases:
-      - "nova-compute"
-    ipv4_last_octet: 140
-    cpu: 6
-    memMB: 16384
-    diskGB: 240
-
-
-vm_service_list:
-  - ceilometer
-  - glance
-  - keystone
-  - percona-cluster
-  - neutron-api
-  - nova-cloud-controller
-  - openstack-dashboard
-  - rabbitmq-server
-  - nova-compute
-
-
-standalone_service_list:
-  - ntp
-  - ceilometer-agent
-
-
-service_relations:
-  - name: keystone
-    relations: [ "percona-cluster", ]
-
-  - name: nova-cloud-controller
-    relations: [ "percona-cluster", "rabbitmq-server", "glance", "keystone", ]
-
-  - name: glance
-    relations: [ "percona-cluster", "keystone", ]
-
-  - name: neutron-api
-    relations: [ "keystone",  "percona-cluster", "rabbitmq-server", "nova-cloud-controller", ]
-
-  - name: openstack-dashboard
-    relations: [ "keystone", ]
-
-  - name: ceilometer
-    relations: [ "mongodb", "rabbitmq-server", ]
-
-  - name: "ceilometer:identity-service"
-    relations: [ "keystone:identity-service", ]
-
-  - name: "ceilometer:ceilometer-service"
-    relations: [ "ceilometer-agent:ceilometer-service", ]
-
-  - name: nova-compute
-    relations: [ "ceilometer-agent", "glance", "nova-cloud-controller", ]
-
-  - name: "nova-compute:shared-db"
-    relations: [ "percona-cluster:shared-db", ]
-
-  - name: "nova-compute:amqp"
-    relations: [ "rabbitmq-server:amqp", ]
-
-  - name: ntp
-    relations: [ "nova-compute", ]
-
diff --git a/vars/opencloud_defaults.yml b/vars/opencloud_defaults.yml
index 3f9bf90..bc16f70 100644
--- a/vars/opencloud_defaults.yml
+++ b/vars/opencloud_defaults.yml
@@ -9,14 +9,38 @@
 
 juju_config_name: opencloud
 
+xos_configuration: opencloud
+
+xos_config_targets:
+  - local_containers
+  - xos
+  - opencloud
+
+xos_tosca_templates:
+  - deployment.yaml
+  - exampleservice.yaml
+  - management-net.yaml
+  - nodes.yaml
+  - openstack.yaml
+  - public-net.yaml
+  - vtn.yaml
+
+deployment_flavors:
+  - m1.small
+  - m1.medium
+  - m1.large
+  - m1.xlarge
+
 apt_cacher_name: apt-cache
 
-xos_images:
-  - name: "trusty-server-multi-nic"
-    url: "http://www.vicci.org/opencloud/trusty-server-cloudimg-amd64-disk1.img"
-    checksum: "sha256:c2d0ffc937aeb96016164881052a496658efeb98959dc68e73d9895c5d9920f7"
+apt_ssl_sites:
+  - apt.dockerproject.org
+  - butler.opencloud.cs.arizona.edu
+  - deb.nodesource.com
 
-charm_versions: {}
+charm_versions:
+  neutron-api: "cs:~cordteam/trusty/neutron-api-3"
+  nova-compute: "cs:~cordteam/trusty/nova-compute-2"
 
 head_vm_list:
   - name: "juju-1"
@@ -94,14 +118,6 @@
     forwarded_ports:
       - { ext: 9696, int: 9696 }
 
-  - name: "neutron-gateway-1"
-    service: "neutron-gateway"
-    aliases:
-      - "neutron-gateway"
-    ipv4_last_octet: 80
-    cpu: 2
-    memMB: 4096
-    diskGB: 40
 
   - name: "nova-cloud-controller-1"
     service: "nova-cloud-controller"
@@ -134,13 +150,30 @@
     memMB: 4096
     diskGB: 40
 
+  - name: "onos-cord-1"
+    aliases:
+      - "onos-cord"
+    ipv4_last_octet: 110
+    cpu: 2
+    memMB: 4096
+    diskGB: 40
+    docker_path: "cord"
+
+  - name: "xos-1"
+    aliases:
+      - "xos"
+    ipv4_last_octet: 130
+    cpu: 2
+    memMB: 4096
+    diskGB: 40
+    docker_path: 'service-profile/opencloud'
+
 vm_service_list:
   - ceilometer
   - glance
   - keystone
   - nagios
   - neutron-api
-  - neutron-gateway
   - nova-cloud-controller
   - openstack-dashboard
   - percona-cluster
@@ -148,7 +181,6 @@
 
 standalone_service_list:
   - ceilometer-agent
-  - neutron-openvswitch
   - nrpe
   - ntp
 
@@ -162,17 +194,8 @@
   - name: glance
     relations: [ "percona-cluster", "keystone", "nrpe", ]
 
-  - name: neutron-gateway
-    relations: [ "neutron-api", "nova-cloud-controller", "nrpe", ]
-
-  - name: "neutron-gateway:amqp"
-    relations: [ "rabbitmq-server:amqp", ]
-
   - name: neutron-api
-    relations: [ "keystone", "neutron-openvswitch", "percona-cluster", "rabbitmq-server", "nova-cloud-controller", "nrpe", ]
-
-  - name: neutron-openvswitch
-    relations: [ "rabbitmq-server", ]
+    relations: [ "keystone", "percona-cluster", "rabbitmq-server", "nova-cloud-controller", "nrpe", ]
 
   - name: openstack-dashboard
     relations: [ "keystone", "nrpe", ]
@@ -195,6 +218,7 @@
   - name: "ceilometer:ceilometer-service"
     relations: [ "ceilometer-agent:ceilometer-service", ]
 
+
 compute_relations:
   - name: nova-compute
     relations: [ "ceilometer-agent", "glance", "nova-cloud-controller", "nagios", "nrpe", ]
@@ -208,3 +232,9 @@
   - name: ntp
     relations: [ "nova-compute", ]
 
+
+xos_images:
+  - name: "trusty-server-multi-nic"
+    url: "http://www.vicci.org/opencloud/trusty-server-cloudimg-amd64-disk1.img"
+    checksum: "sha256:c2d0ffc937aeb96016164881052a496658efeb98959dc68e73d9895c5d9920f7"
+