diff --git a/buildvm.yml b/buildvm.yml
new file mode 100644
index 0000000..85fc0d2
--- /dev/null
+++ b/buildvm.yml
@@ -0,0 +1,118 @@
+# Playbook to build new VMs in RHV Cluster
+# Currently only builds RHEL VMs
+- name: Create VMs
+  hosts: cluster_ToalLabRHV
+  connection: local
+  gather_facts: no
+  collections:
+    - netbox.netbox
+  vars:
+    # Workaround to get correct venv python interpreter
+    ansible_python_interpreter: "{{ ansible_playbook_python }}"
+
+  # Never run this, unless specifically enabled
+  # tags:
+  #  - never
+  #  - rebuild
+
+  tasks:
+    - name: Basic Disk Profile
+      set_fact:
+        vm_disks:
+        -  name: '{{ inventory_hostname }}_boot'
+           bootable: true
+           sparse: true
+           descr: '{{ inventory_hostname }} Boot / Root disk'
+           interface: virtio
+           size: '{{ disk|default(40) }}'
+           state: present
+           storage_domain: 'ssdvdo0'
+           activate: true
+      when: vm_disks is not defined
+
+    - name: Create VM Disks
+      ovirt_disk:
+        auth: '{{ ovirt_auth }}'
+        name: '{{ item.name }}'
+        description: '{{ item.descr }}'
+        interface: '{{ item.interface }}'
+        size: '{{ item.size }}'
+        state: '{{ item.state }}'
+        sparse: '{{ item.sparse }}'
+        wait: true
+        storage_domain: '{{ item.storage_domain }}'
+      async: 300
+      poll: 15
+      loop: '{{ vm_disks }}'
+
+
+    - set_fact:
+        nb_query_filter: "slug={{ platform }}"
+    - debug: msg='{{ query("netbox.netbox.nb_lookup", "platforms", api_filter=nb_query_filter, api_endpoint=netbox_api, token=netbox_token)[0].value.name }}'
+
+    - name: Create VM in RHV
+      ovirt_vm:
+        auth: '{{ ovirt_auth }}'
+        name: '{{ inventory_hostname }}'
+        state: present
+        memory: '{{ memory }}MiB'
+        memory_guaranteed: '{{ (memory / 2)|int }}MiB'
+        disks: '{{ vm_disks }}'
+        cpu_cores: '{{ vcpus }}'
+        cluster: '{{ cluster }}'
+        # Damn... This is ugly
+        operating_system: '{{ query("netbox.netbox.nb_lookup", "platforms", api_filter=nb_query_filter, api_endpoint=netbox_api, token=netbox_token)[0].value.name }}'
+        type: server
+        graphical_console:
+          protocol:
+            - vnc
+            - spice
+        boot_devices:
+          - hd
+      async: 300
+      poll: 15
+
+    - name: Assign NIC
+      ovirt_nic:
+        auth: '{{ ovirt_auth }}'
+        interface: virtio
+        mac_address: '{{ item.mac_address|default(omit) }}'
+        name: '{{ item.name }}'
+        profile: ovirtmgmt
+        network: '{{ item.untagged_vlan.name }}' # This is fragile
+        state: '{{ (item.enabled == True) |ternary("plugged","unplugged") }}'
+        linked: yes
+        vm: '{{ inventory_hostname }}'
+      loop: '{{ interfaces }}'
+
+  handlers:
+    - name: PXE Boot
+      ovirt_vm:
+        auth: "{{ ovirt_auth }}"
+        name: "{{ inventory_hostname }}"
+        boot_devices:
+         - network
+        state: running
+      register: vm_build_result
+
+- name: Ensure VM is running and reachable
+  hosts: cluster_ToalLabRHV
+  gather_facts: no
+  connection: local
+  vars:
+    # Hack to work around virtualenv python interpreter
+    ansible_python_interpreter: "{{ ansible_playbook_python }}"
+
+  tasks:
+    - name: VM is running
+      ovirt_vm:
+          auth: "{{ ovirt_auth }}"
+          name: "{{ inventory_hostname }}"
+          state: running
+          boot_devices:
+          - hd
+
+    - name: Wait for SSH to be ready
+      wait_for_connection:
+        timeout: 1800
+        sleep: 5
diff --git a/monitoring.yml b/monitoring.yml
index a87081a..1b5c8fa 100644
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -1,15 +1,15 @@
 ---
 - name: Prometheus
-  hosts: podhost1.mgmt.toal.ca # Hard-coded for now
+  hosts: monitor.mgmt.toal.ca # Hard-coded for now
   become: yes
   vars:
     container_image: prom/prometheus
     container_name: prometheus
     container_state: running
     container_firewall_ports:
-      - 9090/tcp
+      - 8090/tcp
     container_run_args: >-
-      -p 9090:9090
+      -p 8090:8090
       -v /home/prometheus/etc:/etc/prometheus:Z
       -v /home/prometheus/data:/prometheus:Z
       -v /home/prometheus/console_libraries:/usr/share/prometheus/console_libraries:Z
@@ -29,9 +29,15 @@
         - /home/prometheus/data
         - /home/prometheus/console_libraries
         - /home/prometheus/console_template
+  post_tasks:
+    - name: Firewall
+      firewalld:
+          state: enabled # required. choices: enabled;disabled;present;absent. Enable or disable a setting. For ports: Should this port accept(enabled) or reject(disabled) connections. The states "present" and "absent" can only be used in zone level operations (i.e. when no other parameters but zone and state are set).
+          permanent: true
+          port: 9090/tcp
 
 - name: Grafana
-  hosts: podhost1.mgmt.toal.ca # Hard-coded for now
+  hosts: monitor.mgmt.toal.ca # Hard-coded for now
   become: yes
   vars:
     container_image: grafana/grafana
@@ -41,5 +47,21 @@
       - 3000/tcp
     container_run_args: >-
       -p 3000:3000
+      -v /home/grafana/data:/var/lib/grafana:Z
+  pre_tasks:
+    - name: Directories exist
+      file:
+        path: '{{ item }}'
+        state: directory
+        owner: nobody
+        group: nobody
+      loop:
+        - /home/grafana/data
   roles:
     - ikke_t.podman_container_systemd
+  post_tasks:
+    - name: Firewall
+      firewalld:
+          state: enabled # required. choices: enabled;disabled;present;absent. Enable or disable a setting. For ports: Should this port accept(enabled) or reject(disabled) connections. The states "present" and "absent" can only be used in zone level operations (i.e. when no other parameters but zone and state are set).
+          permanent: true
+          port: 3000/tcp
diff --git a/roles/requirements.yml b/roles/requirements.yml
index a1b5c94..d7889ba 100644
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
@@ -13,4 +13,8 @@
 - name: oatakan.windows_ovirt_guest_agent
 - name: oatakan.windows_virtio
 - name: ikke_t.podman_container_systemd
-- name: ikke_t.container_image_cleanup
\ No newline at end of file
+- name: ikke_t.container_image_cleanup
+
+# Infra
+- name: bertvv.bind
+- name: bertvv.dhcp  
diff --git a/roles/toal-common/tasks/main.yml b/roles/toal-common/tasks/main.yml
index 4e5b58d..4f4cbbd 100644
--- a/roles/toal-common/tasks/main.yml
+++ b/roles/toal-common/tasks/main.yml
@@ -7,36 +7,33 @@
       name: rhel-7-server-rh-common-rpms
       state: present
     when:
-     - ansible_os_family == "RedHat"
      - ansible_distribution_major_version == '7'
 
-  - name: Guest Tools Repository
-    rhsm_repository:
-      name: rhel-8-for-x86_64-appstream-rpms
-      state: present
-    when:
-     - ansible_os_family == "RedHat"
-     - ansible_distribution_major_version == '8'
-
   - name: Install ovirt-guest-agent on RHV Guests
     yum:
       name: ovirt-guest-agent
       state: present
     notify: Ovirt Agent Restart
     when:
-     - ansible_os_family == "RedHat"
      - ansible_distribution_major_version == '7'
 
+  - name: Guest Tools Repository
+    rhsm_repository:
+      name: rhel-8-for-x86_64-appstream-rpms
+      state: present
+    when:
+     - ansible_distribution_major_version == '8'
+
   - name: Install qemu-guest agent on RHEL8 Guest
     yum:
       name: qemu-guest-agent
       state: present
     notify: Qemu Agent Restart
     when:
-     - ansible_os_family == "RedHat"
      - ansible_distribution_major_version == '8'
 
   when:
+    - ansible_os_family == "RedHat"
     - ansible_virtualization_type == "RHEV"
 
 - name: Install katello-agent on Satellite managed systems
@@ -49,13 +46,13 @@
   yum:
     name: insights-client
     state: present
-  when: ansible_os_family == "RedHat"
+  when: ansible_distribution == "RedHat"
 
 - name: Performance Co-Pilot
   yum:
     name:
-     - pcp
-     - cockpit-pcp
      - pcp-system-tools
+     - pcp-zeroconf
+     - cockpit-pcp
      - pcp-pmda-trace
      - pcp-selinux