diff --git a/defaults/main.yml b/defaults/main.yml
index d8429f65..0010e04a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -155,8 +155,12 @@ ironic_oneviewd_audit_map_file: "None"
 ironic_oneviewd_audit_output_file: "None"
 
 # Database
+ironic_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
+ironic_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 ironic_galera_user: ironic
 ironic_galera_database: ironic
+ironic_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
+ironic_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
 
 ## Keystone authentication middleware
 ironic_keystone_auth_plugin: password
@@ -181,8 +185,6 @@ ironic_openstack_auth_strategy: keystone
 #ironic_openstack_api_url: ''  # Not required when we have keystone
 ironic_openstack_dhcp_provider: neutron
 ironic_openstack_sync_power_state_interval: 60
-ironic_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
-ironic_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
 ironic_openstack_db_connection_string: "mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_container_mysql_password }}@{{ ironic_galera_address }}/ironic{% if ironic_galera_use_ssl | bool %}&ssl_ca={{ ironic_galera_ssl_ca_cert }}{% endif %}"
 
 # Standalone Ironic configuration
diff --git a/examples/playbook.yml b/examples/playbook.yml
index ead2da61..c67b8a68 100644
--- a/examples/playbook.yml
+++ b/examples/playbook.yml
@@ -2,4 +2,9 @@
   hosts: localhost
   remote_user: root
   roles:
-    - role: openstack-ansible-os_ironic
+    - role: "os_ironic"
+  vars:
+    galera_root_user: root
+  vars_prompt:
+    - name: "galera_root_password"
+      prompt: "What is galera_root_password?"
diff --git a/tasks/ironic_db_setup.yml b/tasks/ironic_db_setup.yml
index b0cf1cbc..cc22d0ed 100644
--- a/tasks/ironic_db_setup.yml
+++ b/tasks/ironic_db_setup.yml
@@ -13,6 +13,32 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Create DB for service
+  mysql_db:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ ironic_galera_address }}"
+    name: "{{ ironic_galera_database }}"
+    state: "present"
+  delegate_to: "{{ ironic_db_setup_host }}"
+  no_log: True
+
+- name: Grant access to the DB for the service
+  mysql_user:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ ironic_galera_address }}"
+    name: "{{ ironic_galera_user }}"
+    password: "{{ ironic_container_mysql_password }}"
+    host: "{{ item }}"
+    state: "present"
+    priv: "{{ ironic_galera_database }}.*:ALL"
+  delegate_to: "{{ ironic_db_setup_host }}"
+  with_items:
+    - "localhost"
+    - "%"
+  no_log: True
+
 - name: Update database schema
   command: "{{ ironic_bin }}/ironic-dbsync upgrade"
   become: yes