diff --git a/roles/ceph/handlers/main.yml b/roles/ceph/handlers/main.yml
new file mode 100644
index 0000000..ed7ebba
--- /dev/null
+++ b/roles/ceph/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: import keyring to admin
+  command:
+    cmd: ceph-authtool /etc/ceph/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring
+- name: import keyring to osd
+  command:
+    cmd: ceph-authtool /etc/ceph/ceph.mon.keyring --import-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring
diff --git a/roles/ceph/tasks/main.yml b/roles/ceph/tasks/main.yml
new file mode 100644
index 0000000..4c451f2
--- /dev/null
+++ b/roles/ceph/tasks/main.yml
@@ -0,0 +1,70 @@
+---
+- name: install ceph utilities
+  apt:
+    name: "{{item}}"
+  loop:
+    - ceph
+    - ceph-mds
+    - lvm2
+- name: setup ceph monitor
+  block:
+   - name: configure ceph monitor host
+     template:
+       src: ceph.conf.j2
+       dest: /etc/ceph/ceph.conf
+   - name: create ceph mon keyring
+     command:
+       cmd: ceph-authtool --create-keyring /etc/ceph/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'
+     args:
+       creates: /etc/ceph/ceph.mon.keyring
+     notify: import keyring to admin
+   - name: create ceph admin keyring
+     command:
+       cmd: ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'
+     args:
+       creates: /etc/ceph/ceph.client.admin.keyring
+   - name: create ceph bootstrap-osd keyring
+     command:
+       cmd: ceph-authtool --create-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring --gen-key -n client.bootstrap-osd --cap mon 'profile bootstrap-osd' --cap mgr 'allow r'
+     args:
+       creates: /var/lib/ceph/bootstrap-osd/ceph.keyring
+     notify: import keyring to osd
+   - name: flush handlers
+     meta: flush_handlers
+   - name: change ownership of mon keyring
+     file:
+       path: /etc/ceph/ceph.mon.keyring
+       owner: ceph
+       group: ceph
+   - name: generate monitor map
+     shell:
+       cmd: monmaptool --create --add {{ansible_nodename}} {{wg_ip}} --fsid {{'zkntceph'|to_uuid}} /etc/ceph/monmap
+     args:
+       creates: /etc/ceph/monmap
+   - name: create data directory
+     file:
+       path: /var/lib/ceph/mon/ceph-{{ansible_nodename}}
+       state: directory
+       owner: ceph
+       group: ceph
+   - name: populate monitor daemon
+     command:
+       cmd: ceph-mon --mkfs -i {{ansible_nodename}} --monmap /etc/ceph/monmap --keyring /etc/ceph/ceph.mon.keyring
+     args:
+       creates: /var/lib/ceph/mon/ceph-{{ansible_nodename}}kv_backend
+     become_user: ceph
+   - name: start and enable ceph-mon
+     systemd:
+       name: ceph-mon@node01
+       enabled: yes
+       state: started
+  when: ansible_hostname == "node01"
+- name: set up ceph manager
+  block:
+    - name: create authentication key
+      shell:
+        cmd: ceph auth get-or-create mgr.{{ansible_nodename}} mon 'allow profile mgr' osd 'allow *' mds 'allow *' > /var/lib/ceph/mgr/ceph-{{ansible_nodename}}
+      args:
+        creates: /var/lib/ceph/mgr/ceph-{{ansible_nodename}}
+  when: ansible_hostname == "node01"
+
diff --git a/roles/ceph/templates/ceph.conf.j2 b/roles/ceph/templates/ceph.conf.j2
new file mode 100644
index 0000000..6c24f70
--- /dev/null
+++ b/roles/ceph/templates/ceph.conf.j2
@@ -0,0 +1,14 @@
+[global]
+fsid = {{ 'zkntceph' | to_uuid }}
+mon initial members = node01
+mon host = 10.23.23.11
+public network = 10.23.23.0/24
+auth cluster required = cephx
+auth service required = cephx
+auth client required = cephx
+osd journal size = 1024
+osd pool default size = 3
+osd pool default min size = 2
+osd pool default pg num = 333
+osd pool default pgp num = 333
+osd crush chooseleaf type = 1
diff --git a/site.yml b/site.yml
index 2b3fb3d..26d5637 100644
--- a/site.yml
+++ b/site.yml
@@ -4,6 +4,7 @@
   roles:
     - base
     - wireguard
-    - gluster
-    - etcd
-    - k3s
+    - ceph
+    #- gluster
+    #- etcd
+    #- k3s