diff --git a/ansible/README.md b/ansible/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..348d9f519bbbe3e2d264f412d78be9bd684641dc
--- /dev/null
+++ b/ansible/README.md
@@ -0,0 +1,13 @@
+# JASS ansible playbooks
+
+This repository contains the playbooks to manage a JASS instance with ansible
+
+- `system.yaml`: install system requirements
+- `deploy.yaml`: download/update JASS and perform required procedures to migrate and restart
+
+## how to use these ?
+
+```
+ansible-playbook -v -i ./hosts_system system.yaml --ask-become-pass --extra-vars "deploy_user_name=jass repo_api_token=XXXXXX"
+ansible-playbook -v -i ./hosts_deploy deploy.yaml --ask-become-pass --extra-vars "deploy_user_name=jass repo_api_token=XXXXXX"
+```
diff --git a/ansible/deploy.retry b/ansible/deploy.retry
new file mode 100644
index 0000000000000000000000000000000000000000..df423178173b81ff3b27bd01fd861733261dfbe0
--- /dev/null
+++ b/ansible/deploy.retry
@@ -0,0 +1 @@
+jass.pasteur.fr
diff --git a/ansible/deploy.yaml b/ansible/deploy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..721a5d9f8ed420b98210b6590475020fb581a003
--- /dev/null
+++ b/ansible/deploy.yaml
@@ -0,0 +1,77 @@
+---
+- hosts: all
+  become: yes
+  gather_facts: yes
+  tasks:
+    #
+    # Install basic non-virtualenv requirements
+    #
+    - name: install git
+      yum: name=git state=present
+      become: true
+    - name: Add repository
+      become: true
+      yum_repository:
+        name: epel
+        description: EPEL YUM repo
+        gpgcheck: no
+        baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
+    - name: install python3
+      yum: name=python34 state=present update_cache=yes
+      become: true
+    - name: install python3 development package
+      yum: name=python34-devel state=present update_cache=yes
+      become: true
+    - name: install setuptools
+      yum: name=python34-setuptools state=present update_cache=yes
+      become: true
+    - name: install pip
+      shell: "easy_install-3.4 pip"
+      become: true
+    - name: install graphviz
+      yum: name=graphviz state=present update_cache=yes
+      become: true
+    - name: install httpd
+      yum: name=httpd state=present update_cache=yes
+      become: true
+    - name: install httpd-devel
+      yum: name=httpd-devel state=present update_cache=yes
+      become: true
+    - name: install mod_wsgi
+      pip: name=mod_wsgi extra_args=--upgrade executable=pip3
+      become: true
+    - name: install the 'Development tools' package group
+      yum:
+        name: "@Development tools"
+        state: present
+      become: true
+    #
+    # Stop web server(s)
+    #
+    - name: stop "generic" httpd service if relevant
+      systemd: state=stopped name=httpd
+    - name: stop iPPIDB service if relevant
+      systemd: state=stopped name=jass-web
+    #
+    # Fetch/Update code and prep django app for publication
+    #
+    - name: pull branch master
+      become_user: "{{ deploy_user_name }}"
+      git:
+        repo=git@gitlab.pasteur.fr:statistical-genetics/jass.git
+        dest=/home/{{ deploy_user_name }}/jass
+        accept_hostkey=yes
+    - name: install python requirements
+      pip: requirements=/home/{{ deploy_user_name }}/jass/requirements.txt extra_args=--upgrade executable=pip3
+#    - name: copy systemd service file for IPPIDB-web
+#      copy: 
+#        remote_src: true
+#        src: /home/{{ deploy_user_name }}/iPPIDB/ansible/ippidb-web.service 
+#        dest: /lib/systemd/system/ippidb-web.service
+#        owner: root
+#        group: root
+    #
+    # Start web server
+    #
+#    - name: start iPPIDB service if relevant
+#      systemd: state=started name=ippidb-web enabled=true
diff --git a/ansible/hosts_deploy b/ansible/hosts_deploy
new file mode 100644
index 0000000000000000000000000000000000000000..0bae0ecbd67d31c10537f84ca4bbe2cd0c3ad096
--- /dev/null
+++ b/ansible/hosts_deploy
@@ -0,0 +1 @@
+jass.pasteur.fr   ansible_user=jass
diff --git a/ansible/hosts_system b/ansible/hosts_system
new file mode 100644
index 0000000000000000000000000000000000000000..df423178173b81ff3b27bd01fd861733261dfbe0
--- /dev/null
+++ b/ansible/hosts_system
@@ -0,0 +1 @@
+jass.pasteur.fr
diff --git a/ansible/ippidb-web.service b/ansible/ippidb-web.service
new file mode 100644
index 0000000000000000000000000000000000000000..a731fa72e3ee913946131160987aca238c030395
--- /dev/null
+++ b/ansible/ippidb-web.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=IPPIDB Web Server
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/etc/ippidb-80/apachectl start
+ExecStop=/etc/ippidb-80/apachectl stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ansible/ssh_key.json.j2 b/ansible/ssh_key.json.j2
new file mode 100644
index 0000000000000000000000000000000000000000..e1d0a32a3e9b64cd091ddc8b776e6e49969f7c02
--- /dev/null
+++ b/ansible/ssh_key.json.j2
@@ -0,0 +1 @@
+{"id": "Statistical-Genetics/jass","title" : "jass_deploy_key","key": "{{ key_value.stdout }}"}
diff --git a/ansible/system.retry b/ansible/system.retry
new file mode 100644
index 0000000000000000000000000000000000000000..df423178173b81ff3b27bd01fd861733261dfbe0
--- /dev/null
+++ b/ansible/system.retry
@@ -0,0 +1 @@
+jass.pasteur.fr
diff --git a/ansible/system.yaml b/ansible/system.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f8e2bec88a41c30aa9789ffa4e8df333e3f90cda
--- /dev/null
+++ b/ansible/system.yaml
@@ -0,0 +1,52 @@
+---
+- hosts: all
+  gather_facts: no
+  tasks:
+    #
+    # User and Group configuration
+    #
+    # application user ({{deploy_user_name}}) is created
+    # in the wheel group, which has to be passwordless sudo
+    # and upload the key as a deploy key to gitlab
+    - name: Make sure we have a 'wheel' group
+      become: true
+      group:
+        name: wheel
+        state: present
+    - name: Allow 'wheel' group to have passwordless sudo
+      become: true
+      lineinfile:
+        dest: /etc/sudoers
+        state: present
+        regexp: '^%wheel'
+        line: '%wheel ALL=(ALL) NOPASSWD: ALL'
+    - name: Create {{ deploy_user_name }} user
+      user: name={{ deploy_user_name }} groups=wheel append=yes state=present createhome=yes generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
+      become: true
+    - name: Cat deployer's user public key
+      shell: "cat /home/{{ deploy_user_name }}/.ssh/id_rsa.pub"
+      register: key_value
+      become: true
+    - name: Create ssh_key json
+      template: src=ssh_key.json.j2 dest=/home/{{ deploy_user_name }}/ssh_key.json group={{ deploy_user_name }} owner={{ deploy_user_name }} force=yes
+      become: true
+    - name: Cat deployer's user public key
+      shell: "cat /home/{{ deploy_user_name }}/ssh_key.json"
+      become: true
+    - name: Upload deploy keys to gitlab
+      shell: "curl -X POST -H 'Accept: application/json' -H 'Content-type: application/json' -H 'PRIVATE-TOKEN: {{ repo_api_token }}' --data-binary @/home/{{ deploy_user_name }}/ssh_key.json https://gitlab.pasteur.fr/api/v3/projects/251/keys"
+      become: true
+    #
+    # Security configuration
+    #
+    # disable SELinux, and open firewall to incoming http 
+    - name: disable SELinux
+      become: true
+      selinux:
+        state: disabled
+    - name: Open firewall to HTTP traffic
+      firewalld:
+        service: http
+        permanent: true
+        state: enabled
+      become: true