diff --git a/compute.tf b/compute.tf
index 054b990a76671cc6c7769a4edf57002dd2f4336e..82fc1cb166b4ffd1a032be376e9991421a6d3f0c 100644
--- a/compute.tf
+++ b/compute.tf
@@ -12,6 +12,15 @@ data "openstack_compute_flavor_v2" "m1_small" {
 
 
 # template file cloud-init.yml
+#
+data "template_file" "cloud_init_admin_yml" {
+  template = file("${path.module}/templates/cloud-init-admin.yml")
+  vars = {
+    sles_reg_code  = var.sles_reg_code
+    sles_reg_email = var.sles_reg_email
+    sles_ses_reg   = var.sles_ses_reg
+  }
+}
 
 data "template_file" "cloud_init_yml" {
   template = file("${path.module}/templates/cloud-init.yml")
@@ -34,7 +43,7 @@ resource "openstack_compute_instance_v2" "admin" {
     openstack_compute_secgroup_v2.allow_ssh.name
   ]
 
-  user_data = data.template_file.cloud_init_yml.rendered
+  user_data = data.template_file.cloud_init_admin_yml.rendered
 
   block_device {
     # this is the image to clone from
@@ -140,7 +149,8 @@ resource "openstack_compute_instance_v2" "mon" {
   flavor_id = data.openstack_compute_flavor_v2.m1_small.id
   key_pair  = var.ssh_keypair
   security_groups = [
-    "default"
+    "default",
+    openstack_compute_secgroup_v2.allow_web_interface.name
   ]
 
   user_data = data.template_file.cloud_init_yml.rendered
@@ -158,3 +168,9 @@ resource "openstack_compute_instance_v2" "mon" {
     uuid = openstack_networking_network_v2.public_network.id
   }
 }
+
+resource "openstack_compute_floatingip_associate_v2" "mon_association" {
+  floating_ip = openstack_compute_floatingip_v2.floating_ip_mon.address
+  instance_id = openstack_compute_instance_v2.mon[0].id
+}
+
diff --git a/networks.tf b/networks.tf
index 9f3a51cb871188a82a1d5b176063ae1f348c646f..9c2de7b69450b8bd7e6bd8aa420cc7c9e6cd8960 100644
--- a/networks.tf
+++ b/networks.tf
@@ -45,6 +45,12 @@ resource "openstack_networking_router_interface_v2" "router_interface_public" {
 
 # floating ip
 
+# ip for admin node
 resource "openstack_compute_floatingip_v2" "floating_ip" {
   pool = data.openstack_networking_network_v2.external.name
 }
+
+# ip for mon node
+resource "openstack_compute_floatingip_v2" "floating_ip_mon" {
+  pool = data.openstack_networking_network_v2.external.name
+}
diff --git a/outputs.tf b/outputs.tf
index 3e9ec7eb8816276977b190833482694bee14feab..a545ee7e117457092ddc1d83ad38f7b37c23828a 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,3 +1,7 @@
 output "admin_ip_address" {
   value = openstack_compute_floatingip_v2.floating_ip.address
 }
+
+output "web_ip_address" {
+  value = "https://${openstack_compute_floatingip_v2.floating_ip_mon.address}:8443/"
+}
diff --git a/securitygroups.tf b/securitygroups.tf
index 737af1d00ebe0777493dcb014752d25e6ae9ec67..7d0307d3e51f0b0bcca521eac2618803e48c8747 100644
--- a/securitygroups.tf
+++ b/securitygroups.tf
@@ -9,3 +9,22 @@ resource "openstack_compute_secgroup_v2" "allow_ssh" {
     cidr        = "0.0.0.0/0"
   }
 }
+
+resource "openstack_compute_secgroup_v2" "allow_web_interface" {
+  name        = "allow web interfaces for ceph"
+  description = "allow 8080/8443 to the monitor host"
+
+  rule {
+    from_port   = 8080
+    to_port     = 8080
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+
+  rule {
+    from_port   = 8443
+    to_port     = 8443
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+}
diff --git a/templates/cloud-init-admin.yml b/templates/cloud-init-admin.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4bd808dd58bf4fe07b2ed28649fa136802a50ea9
--- /dev/null
+++ b/templates/cloud-init-admin.yml
@@ -0,0 +1,11 @@
+#cloud-config
+
+runcmd:
+  - sudo SUSEConnect -r ${sles_reg_code} -e ${sles_reg_email}
+  - sudo SUSEConnect -p ses/7/x86_64 -r ${sles_ses_reg}
+  - sudo zypper in -y salt-minion salt-master
+  - sudo sed -i 's/^#\(log_level_logfile:\).*/\1 info/' /etc/salt/minion
+  - sudo sed -i 's/^#\(master:\).*/\1 admin.openstack.internal/' /etc/salt/minion
+  - sudo systemctl enable salt-minion && sudo systemctl start salt-minion && sudo systemctl enable salt-master && sudo systemctl start salt-master
+  - sudo zypper in -y ceph-salt
+  - sudo systemctl restart salt-master.service
diff --git a/templates/cloud-init.yml b/templates/cloud-init.yml
index ee4a44557b4de59d460274ce6e04e69c6d0160e9..790cce954b922a56524d8f59ab3d6fb790af6f79 100644
--- a/templates/cloud-init.yml
+++ b/templates/cloud-init.yml
@@ -3,3 +3,7 @@
 runcmd:
   - sudo SUSEConnect -r ${sles_reg_code} -e ${sles_reg_email}
   - sudo SUSEConnect -p ses/7/x86_64 -r ${sles_ses_reg}
+  - sudo zypper in -y salt-minion
+  - sudo sed -i 's/^#\(log_level_logfile:\).*/\1 info/' /etc/salt/minion
+  - sudo sed -i 's/^#\(master:\).*/\1 admin.openstack.internal/' /etc/salt/minion
+  - sudo systemctl enable salt-minion && sudo systemctl start salt-minion