diff --git a/defaults/main.yml b/defaults/main.yml
index 6fa759b..aa98732 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -91,6 +91,8 @@ barbican_venv_download: "{{ not barbican_developer_mode | bool }}"
 barbican_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/barbican.tgz
 
 # Database vars
+barbican_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
+barbican_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 barbican_galera_database: barbican
 barbican_galera_user: barbican
 barbican_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
diff --git a/examples/playbook.yml b/examples/playbook.yml
index e68e754..fa02139 100644
--- a/examples/playbook.yml
+++ b/examples/playbook.yml
@@ -4,12 +4,16 @@
   roles:
    - role: "os_barbican"
   vars:
-   external_lb_vip_address: 172.16.24.1
-   internal_lb_vip_address: 192.168.0.1
-   barbican_galera_address: "{{ internal_lb_vip_address }}"
-   barbican_service_password: SuperSecretePassword1
-   barbican_galera_password: SuperSecretePassword2
-   barbican_rabbitmq_password: SuperSecretePassword3
-   keystone_admin_user_name: admin
-   keystone_auth_admin_password: SuperSecretePassword4
-   keystone_admin_tenant_name: admin
+    external_lb_vip_address: 172.16.24.1
+    internal_lb_vip_address: 192.168.0.1
+    barbican_galera_address: "{{ internal_lb_vip_address }}"
+    barbican_service_password: SuperSecretePassword1
+    barbican_galera_password: SuperSecretePassword2
+    barbican_rabbitmq_password: SuperSecretePassword3
+    keystone_admin_user_name: admin
+    keystone_auth_admin_password: SuperSecretePassword4
+    keystone_admin_tenant_name: admin
+    galera_root_user: root
+  vars_prompt:
+    - name: "galera_root_password"
+      prompt: "What is galera_root_password?"
diff --git a/tasks/barbican_db_setup.yml b/tasks/barbican_db_setup.yml
index 91bf084..2346eac 100644
--- a/tasks/barbican_db_setup.yml
+++ b/tasks/barbican_db_setup.yml
@@ -13,6 +13,32 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Create DB for service
+  mysql_db:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ barbican_galera_address }}"
+    name: "{{ barbican_galera_database }}"
+    state: "present"
+  delegate_to: "{{ barbican_db_setup_host }}"
+  no_log: True
+
+- name: Grant access to the DB for the service
+  mysql_user:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ barbican_galera_address }}"
+    name: "{{ barbican_galera_user }}"
+    password: "{{ barbican_galera_password }}"
+    host: "{{ item }}"
+    state: "present"
+    priv: "{{ barbican_galera_database }}.*:ALL"
+  delegate_to: "{{ barbican_db_setup_host }}"
+  with_items:
+    - "localhost"
+    - "%"
+  no_log: True
+
 - name: Perform a synchronization of the Barbican database
   command: "{{ barbican_bin }}/barbican-manage db upgrade"
   become: yes
diff --git a/tests/test-install-barbican.yml b/tests/test-install-barbican.yml
index 41e1b8c..daba03f 100644
--- a/tests/test-install-barbican.yml
+++ b/tests/test-install-barbican.yml
@@ -24,6 +24,7 @@
         state: "present"
       delegate_to: "{{ hostvars[groups['rabbitmq_all'][0]]['ansible_host'] }}"
       when: inventory_hostname == groups['barbican_all'][0]
+
     - name: Ensure rabbitmq user
       rabbitmq_user:
         user: "{{ barbican_rabbitmq_userid }}"
@@ -36,32 +37,7 @@
       delegate_to: "{{ hostvars[groups['rabbitmq_all'][0]]['ansible_host'] }}"
       when: inventory_hostname == groups['barbican_all'][0]
       no_log: true
-    - name: Create DB for service
-      mysql_db:
-        login_user: "root"
-        login_password: "secrete"
-        login_host: "localhost"
-        name: "{{ barbican_galera_database }}"
-        state: "present"
-      delegate_to: "{{ hostvars[groups['galera_all'][0]]['ansible_host'] }}"
-      when: inventory_hostname == groups['barbican_all'][0]
-      no_log: true
-    - name: Grant access to the DB for the service
-      mysql_user:
-        login_user: "root"
-        login_password: "secrete"
-        login_host: "localhost"
-        name: "{{ barbican_galera_database }}"
-        password: "{{ barbican_galera_password }}"
-        host: "{{ item }}"
-        state: "present"
-        priv: "{{ barbican_galera_database }}.*:ALL"
-      with_items:
-        - "localhost"
-        - "%"
-      delegate_to: "{{ hostvars[groups['galera_all'][0]]['ansible_host'] }}"
-      when: inventory_hostname == groups['barbican_all'][0]
-      no_log: true
+
   roles:
     - role: "os_barbican"
   vars_files: