diff --git a/.typos.toml b/.typos.toml
index ee031846e..40e4c2105 100644
--- a/.typos.toml
+++ b/.typos.toml
@@ -7,7 +7,6 @@ extend-exclude = [
     "python/understack-workflows/tests/json_samples/",
     "containers/*/patches",
     "go.mod",
-    "ansible/roles/statuses/defaults/main.yaml",
 ]
 
 [default]
@@ -20,4 +19,4 @@ extend-ignore-identifiers-re = [
 HPE = "HPE"
 fo = "fo"
 sme = "sme"
-4caf50 = "4caf50"
+caf = "caf"
diff --git a/ansible/playbooks/openstack_network.yaml b/ansible/playbooks/openstack_infra.yaml
similarity index 96%
rename from ansible/playbooks/openstack_network.yaml
rename to ansible/playbooks/openstack_infra.yaml
index 03be83ee6..71c8bcf41 100644
--- a/ansible/playbooks/openstack_network.yaml
+++ b/ansible/playbooks/openstack_infra.yaml
@@ -27,3 +27,4 @@
 
   roles:
     - role: openstack_network
+    - role: openstack_baremetal
diff --git a/ansible/requirements.txt b/ansible/requirements.txt
index 12954e6d4..a43c81896 100644
--- a/ansible/requirements.txt
+++ b/ansible/requirements.txt
@@ -5,3 +5,4 @@ pynautobot==2.6.2
 jmespath==1.0.1
 # remove me after the inherited roles workaround can be dropped
 python-openstackclient
+python-ironicclient==5.11.0
diff --git a/ansible/roles/openstack_baremetal/tasks/baremetal_port.yml b/ansible/roles/openstack_baremetal/tasks/baremetal_port.yml
new file mode 100644
index 000000000..d93ba01d0
--- /dev/null
+++ b/ansible/roles/openstack_baremetal/tasks/baremetal_port.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Create baremetal port
+  openstack.cloud.baremetal_port:
+    address: "{{ port_info.mac }}"
+    node: "{{ port_node_name }}"
+    state: present
diff --git a/ansible/roles/openstack_baremetal/tasks/main.yml b/ansible/roles/openstack_baremetal/tasks/main.yml
new file mode 100644
index 000000000..289085375
--- /dev/null
+++ b/ansible/roles/openstack_baremetal/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Enroll infra nodes
+  ansible.builtin.include_tasks: node.yml
+  loop: "{{ infra_nodes }}"
+  loop_control:
+    loop_var: node
+  vars:
+    item: "{{ node }}"
diff --git a/ansible/roles/openstack_baremetal/tasks/neutron_port.yml b/ansible/roles/openstack_baremetal/tasks/neutron_port.yml
new file mode 100644
index 000000000..66cb84cf0
--- /dev/null
+++ b/ansible/roles/openstack_baremetal/tasks/neutron_port.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Create neutron port for network {{ port_info.neutron_network }}
+  openstack.cloud.port:
+    state: present
+    name: "{{ port_info.neutron_name }}"
+    mac_address: "{{ port_info.mac }}"
+    network: "{{ port_info.neutron_network }}"
+  when: port_info.neutron_name is defined
diff --git a/ansible/roles/openstack_baremetal/tasks/node.yml b/ansible/roles/openstack_baremetal/tasks/node.yml
new file mode 100644
index 000000000..c97c227ce
--- /dev/null
+++ b/ansible/roles/openstack_baremetal/tasks/node.yml
@@ -0,0 +1,51 @@
+---
+
+- name: Extract MAC addresses
+  ansible.builtin.set_fact:
+    node_mac_addresses: >-
+      {{
+        item.port_info
+        | map(attribute='port')
+        | map(attribute='mac')
+        | map('community.general.dict_kv', 'mac')
+        | list
+      }}
+
+- name: Enroll infra node {{ item.name }}
+  openstack.cloud.baremetal_node:
+    name: "{{ item.name }}"
+    driver: "{{ item.driver }}"
+    driver_info: "{{ item.driver_info }}"
+    nics: "{{ node_mac_addresses }}"
+    state: present
+  register: enrolled_node
+
+
+- name: Create baremetal port group for node {{ item.name }}
+  ansible.builtin.include_tasks: port_group.yml
+  loop: "{{ port_groups }}"
+  loop_control:
+    loop_var: port_group
+  vars:
+    node_id: "{{ enrolled_node.node.id }}"
+    port_groups: >-
+      {{
+        item.port_info
+        | map(attribute='port_group')
+        | select('defined')
+        | list
+      }}
+
+- name: Create baremetal ports for node {{ item.name }}
+  ansible.builtin.include_tasks: baremetal_port.yml
+  loop: "{{ node_mac_addresses }}"
+  loop_control:
+    loop_var: port_info
+  vars:
+    port_node_name: "{{ item.name }}"
+
+- name: Create neutron ports
+  ansible.builtin.include_tasks: neutron_port.yml
+  loop: "{{ item.port_info }}"
+  loop_control:
+    loop_var: port_info
diff --git a/ansible/roles/openstack_baremetal/tasks/port_group.yml b/ansible/roles/openstack_baremetal/tasks/port_group.yml
new file mode 100644
index 000000000..525e92110
--- /dev/null
+++ b/ansible/roles/openstack_baremetal/tasks/port_group.yml
@@ -0,0 +1,17 @@
+---
+
+- name: Check if baremetal port group exists
+  ansible.builtin.command: openstack baremetal port group show {{ port_group.name }}
+  register: port_group_check
+  failed_when: false
+  changed_when: false
+
+- name: Create baremetal port group
+  ansible.builtin.shell: >
+    openstack baremetal port group create
+    --node {{ node_id }}
+    --name {{ port_group.name }}
+    --mode {{ port_group.mode }}
+  when: port_group_check.rc != 0
+  register: port_group_created
+  changed_when: true
diff --git a/ansible/roles/openstack_network/tasks/main.yml b/ansible/roles/openstack_network/tasks/main.yml
index cbf4b01ea..5ea383285 100644
--- a/ansible/roles/openstack_network/tasks/main.yml
+++ b/ansible/roles/openstack_network/tasks/main.yml
@@ -17,3 +17,29 @@
   loop: "{{ existing_networks.results }}"
   loop_control:
     label: "{{ item.item.network_name }}"
+
+- name: Create subnet pool
+  ansible.builtin.include_tasks: subnet_pool.yml
+  loop: "{{ subnet_pools }}"
+  loop_control:
+    loop_var: subnet_pool
+  vars:
+    item: "{{ subnet_pool }}"
+
+- name: Create fabric segment range
+  ansible.builtin.include_tasks: segment_range.yml
+  vars:
+    item: "{{ fabric_network_segment_range }}"
+
+- name: Create segment range
+  ansible.builtin.include_tasks: segment_range.yml
+  loop: "{{ network_segment_ranges.physical_networks }}"
+  loop_control:
+    loop_var: physical_network
+  vars:
+    item:
+      name: "{{ physical_network }}"
+      range_min: "{{ network_segment_ranges.range_min }}"
+      range_max: "{{ network_segment_ranges.range_max }}"
+      network_type: "{{ network_segment_ranges.network_type }}"
+      physical_network: "{{ physical_network }}"
diff --git a/ansible/roles/openstack_network/tasks/segment_range.yml b/ansible/roles/openstack_network/tasks/segment_range.yml
new file mode 100644
index 000000000..58f0dc2f7
--- /dev/null
+++ b/ansible/roles/openstack_network/tasks/segment_range.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Check if segment range exists
+  ansible.builtin.command: openstack network segment range show {{ item.name }}
+  register: segment_range_check
+  failed_when: false
+  changed_when: false
+
+- name: Create network segment range if missing
+  ansible.builtin.shell: >
+    openstack network segment range create
+    --shared
+    --network-type {{ item.network_type }}
+    --minimum {{ item.range_min }}
+    --maximum {{ item.range_max }}
+    {% if item.physical_network is defined %}
+    --physical-network {{ item.physical_network }}
+    {% endif %}
+    {{ item.name }}
+  when: segment_range_check.rc != 0
+  register: segment_range_created
+  changed_when: true
diff --git a/ansible/roles/openstack_network/tasks/subnet_pool.yml b/ansible/roles/openstack_network/tasks/subnet_pool.yml
new file mode 100644
index 000000000..1f2de1e34
--- /dev/null
+++ b/ansible/roles/openstack_network/tasks/subnet_pool.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Create subnet pool for OUTSIDE network
+  openstack.cloud.subnet_pool:
+    state: present
+    name: "{{ item.name }}"
+    is_shared: true
+    prefixes: "{{ item.prefixes }}"