diff --git a/.gitignore b/.gitignore
index dbde727..c446b80 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,7 @@
 /.vagrant
 
+/secrets/
+
 /hosts.conf
 /hosts-*.conf
 /hosts.yml
@@ -8,3 +10,6 @@
 /pyenv
 
 /play.retry
+
+/scratch.yml
+/scratch.retry
diff --git a/README.md b/README.md
index 172278e..6fcab20 100644
--- a/README.md
+++ b/README.md
@@ -2,15 +2,22 @@
 
 ## 0. Prerequisites ##
 
+### 0.1 Ansible Environment ###
+
 You must install `Ansible` on the control machine, preferably in a virtual Python environment:
 
     virtualenv pyenv
     . pyenv/bin/activate
     pip install ansible==2.2 netaddr
 
+### 0.2 Keys ###
+
+Place your PEM-formatted private key under `secrets/id_sa`. Ensure the key file has proper permissions (`0600`).  
+
 ## 1. Prepare your inventory  ##
 
-An single inventory file should be created at `hosts.yml`. Both `vagrant` and `ansible` will use this. An example inventory file can be found [here](hosts.yml.example).
+An single inventory file should be created at `hosts.yml`. Both `vagrant` and `ansible` will use this same inventory.
+An example inventory file can be found [here](hosts.yml.example).
 
 ## 2.1 Setup with Vagrant and Ansible ##
 
@@ -18,7 +25,7 @@ If we want a full Vagrant environment (of course we will also need `vagrant` ins
 
     vagrant up
 
-In this case, `vagrant` will provide the virtual machines (via virtualbox) and setup the private network, 
+In this case, `vagrant` will provide the virtual machines (via virtualbox), will setup the private network, 
 and then will delegate to an `ansible` playbook to actually setup the swarm nodes.
 
 ## 2.2 Setup with Ansible only ##
diff --git a/Vagrantfile b/Vagrantfile
index d5f0e16..25f9ae1 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -19,12 +19,24 @@ inventory_groups = inventory['all']['children']
 #
 
 Vagrant.configure(2) do |config|
-  
+
   config.vm.box = "debian/jessie64"
   config.vm.box_check_update = false
   
   config.vm.synced_folder ".", "/vagrant", type: "rsync"
 
+  inventory_groups['workers']['hosts'].keys.each do |worker_name|
+    config.vm.define worker_name do |worker|
+      h = inventory_groups['workers']['hosts'][worker_name]
+
+      worker.vm.network "private_network", ip: h['ipv4_address']
+      worker.vm.provider "virtualbox" do |vb|
+        vb.name = h['hostname']
+        vb.memory = 512
+      end
+    end
+  end
+
   config.vm.define "manager" do |manager|
     h = inventory_groups['manager']['hosts']['manager']
 
@@ -43,25 +55,17 @@ Vagrant.configure(2) do |config|
     end
   end
 
-  inventory_groups['workers']['hosts'].keys.each do |worker_name|
-    config.vm.define worker_name do |worker|
-      h = inventory_groups['workers']['hosts'][worker_name]
-
-      worker.vm.network "private_network", ip: h['ipv4_address']
-      worker.vm.provider "virtualbox" do |vb|
-        vb.name = h['hostname']
-        vb.memory = 768
-      end
-    end
-  end
 
   # Define common provisioning tasks
 
+  config.vm.provision "file", source: "secrets/id_rsa", destination: ".ssh/id_rsa"
+  config.vm.provision "shell", path: "copy-key.sh", privileged: false
+  
   config.vm.provision "file", source: "profile", destination: ".profile"
   config.vm.provision "file", source: "bashrc", destination: ".bashrc"
   
-  config.vm.provision "file", source: "~/.vimrc", destination: ".vimrc"
-  config.vm.provision "file", source: "~/.vim/", destination: "."
+  #config.vm.provision "file", source: "~/.vimrc", destination: ".vimrc"
+  #config.vm.provision "file", source: "~/.vim/", destination: "."
 
   #config.vm.provision "shell", path: "configure-apt-proxy.sh"
   
diff --git a/ansible.cfg b/ansible.cfg
index cad7973..2b2f099 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,7 @@
 [defaults]
 
+private_key_file = secrets/id_rsa
+
 inventory = hosts.yml
 hostfile = hosts.yml
 
diff --git a/copy-key.sh b/copy-key.sh
new file mode 100755
index 0000000..9c1f5b9
--- /dev/null
+++ b/copy-key.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+cd ~ 
+
+test ! -f .ssh/id_rsa.pub && ssh-keygen -y -f .ssh/id_rsa > .ssh/id_rsa.pub
+
+if [ -z "$(grep -Fx -f .ssh/id_rsa.pub .ssh/authorized_keys)" ]; then 
+    cat .ssh/id_rsa.pub >> .ssh/authorized_keys
+fi
diff --git a/play.yml b/play.yml
index a4c3bf8..f009069 100644
--- a/play.yml
+++ b/play.yml
@@ -28,6 +28,9 @@
     set_fact:
       hostname: '{{ansible_host}}'
     when: not (hostname is defined)
+   
+  - set_fact:
+      hostname_s: '{{hostname.split(".") | first}}'
 
   vars:
   
@@ -54,10 +57,37 @@
       insertafter: '^127\.0\.1\.1 .*'
     with_items: '{{play_hosts}}'
     sudo: yes
+ 
+#
+# 2. Reboot all hosts
+#
+
+- hosts: all
 
+  tasks:
+  
+  - name: Reboot for group membership to be re-evaluated
+    shell: reboot
+    sudo: yes
+    async: 30
+    poll: 0
+    ignore_errors: true
+  
+  - name: Wait for play hosts to be up again
+    wait_for:
+      host: '{{hostvars[item].ansible_host}}'
+      port: 22
+      state: started
+      delay: 10
+      timeout: 40
+    with_items: '{{play_hosts}}' 
+    connection: local
+  
+  - name:
+    shell: uptime
 
 #
-# 2. Initialize manager as a swarm manager node
+# 3. Initialize manager as a swarm manager node
 #
 
 - hosts: manager
@@ -78,7 +108,7 @@
       msg: The join token is {{swarm_join_token}}
 
 #
-# 3. Join worker nodes into swarm
+# 4. Join worker nodes into swarm
 #
 
 - hosts: workers