diff --git a/roles/glusterfs/tasks/main.yml b/roles/glusterfs/tasks/main.yml
new file mode 100644
index 0000000..f3fc9e6
--- /dev/null
+++ b/roles/glusterfs/tasks/main.yml
@@ -0,0 +1,68 @@
+---
+
+- name: install packages
+  package:
+    name: glusterfs-server
+    state: installed
+
+- name: create datadir
+  file:
+    path: /export/glusterfs
+    state: directory
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: link tls certificates and keys
+  file:
+    dest: "{{ item.path }}"
+    src: "{{ item.target }}"
+    state: link
+    owner: root
+    group: "{{ ansible_wheel }}"
+    follow: false
+  with_items:
+    - path: /etc/ssl/glusterfs.pem
+      target: "{{ tls_certs }}/{{ inventory_hostname }}.crt"
+    - path: /etc/ssl/glusterfs.key
+      target: "{{ tls_private }}/{{ inventory_hostname }}.key"
+    - path: /etc/ssl/glusterfs.ca
+      target: "{{ tls_certs }}/ca.crt"
+  notify: restart glusterd
+
+- name: enable tls on management
+  copy:
+    dest: /var/lib/glusterd/secure-access
+    content: "option transport.socket.ssl-cert-depth 1\n"
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart glusterd
+
+- name: start server service
+  service:
+    name: glusterd
+    state: started
+    enabled: true
+
+- name: discover peers
+  gluster_peer:
+    state: present
+    nodes: "{{ item }}"
+  with_items: "{{ groups[glusterfs_group] }}"
+
+- name: configure volume
+  gluster_volume:
+    name: gv0
+    state: present
+    brick: /export/glusterfs
+    cluster: "{{ groups[glusterfs_group] | join(',') }}"
+    replicas: "{{ groups[glusterfs_group] | count }}"
+    host: "{{ inventory_hostname }}"
+    options:
+      {
+        client.ssl: "on",
+        server.ssl: "on",
+        ssl.certificate-depth: "1",
+      }
+  run_once: true