diff --git a/deploy_partition.yaml b/deploy_partition.yaml
index 58c8b6a4..aa37a45a 100644
--- a/deploy_partition.yaml
+++ b/deploy_partition.yaml
@@ -86,6 +86,8 @@
       tags: always
     - name: metal-roles/partition/roles/pixiecore
       tags: pixiecore
+    - name: metal-roles/partition/roles/metal-bmc
+      tags: metal-bmc
 
 - name: Deploy metal-core
   hosts: leaves
diff --git a/files/certs/nsq/client.json b/files/certs/nsq/client.json
index bf8ce2b9..a30408b1 100644
--- a/files/certs/nsq/client.json
+++ b/files/certs/nsq/client.json
@@ -2,6 +2,7 @@
   "CN": "nsqd",
   "hosts": [
     "metal-control-plane-nsqd",
+    "172.17.0.1.nip.io",
     "nsqd",
     ""
   ],
diff --git a/inventories/group_vars/partition/metal-bmc.yaml b/inventories/group_vars/partition/metal-bmc.yaml
new file mode 100644
index 00000000..36b993fd
--- /dev/null
+++ b/inventories/group_vars/partition/metal-bmc.yaml
@@ -0,0 +1,14 @@
+---
+# taken from images/machine/openipmi/lan.conf
+metal_bmc_bmc_superuser: ADMIN
+metal_bmc_bmc_superuser_pwd: ADMIN
+
+metal_bmc_nsqd_addr: "{{ metal_control_plane_ingress_dns }}:4150"
+metal_bmc_nsqd_ca_cert: "{{ lookup('file', 'certs/ca.pem') }}"
+metal_bmc_nsqd_client_cert: "{{ lookup('file', 'certs/nsq/client.crt') }}"
+metal_bmc_nsqd_client_cert_key: "{{ lookup('file', 'certs/nsq/client-key.pem') }}"
+
+# TODO console can not be disabled in metal-bmc, use the nsq certs to be able to start
+metal_bmc_console_ca_cert: "{{ lookup('file', 'certs/ca.pem') }}"
+metal_bmc_console_cert: "{{ lookup('file', 'certs/nsq/client.crt') }}"
+metal_bmc_console_key: "{{ lookup('file', 'certs/nsq/client-key.pem') }}"