diff --git a/manifests/function/baremetal-operator/config-file/configure-mysql.sql b/manifests/function/baremetal-operator/config-file/configure-mysql.sql
new file mode 100644
index 000000000..e931f8f1f
--- /dev/null
+++ b/manifests/function/baremetal-operator/config-file/configure-mysql.sql
@@ -0,0 +1,7 @@
+DELETE FROM mysql.user ;
+CREATE USER 'ironic'@'localhost' identified by '$(MARIADB_PASSWORD)' ;
+GRANT ALL on *.* TO 'ironic'@'localhost' WITH GRANT OPTION ;
+DROP DATABASE IF EXISTS test ;
+CREATE DATABASE IF NOT EXISTS ironic ;
+FLUSH PRIVILEGES ;
+
diff --git a/manifests/function/baremetal-operator/config-file/dnsmasq.conf b/manifests/function/baremetal-operator/config-file/dnsmasq.conf
new file mode 100644
index 000000000..7be245153
--- /dev/null
+++ b/manifests/function/baremetal-operator/config-file/dnsmasq.conf
@@ -0,0 +1,29 @@
+interface=$(PROVISIONING_INTERFACE)
+bind-dynamic
+log-dhcp
+enable-tftp
+tftp-root=/shared/tftpboot
+
+# Disable listening for DNS
+port=0
+
+dhcp-range=$(DHCP_RANGE)
+
+# Disable default router(s) and DNS over provisioning network
+dhcp-option=3
+dhcp-option=6
+
+# IPv4 Configuration:
+dhcp-match=ipxe,175
+# Client is already running iPXE; move to next stage of chainloading
+dhcp-boot=tag:ipxe,http://$(PROVISIONING_IP):80/dualboot.ipxe
+
+# Note: Need to test EFI booting
+dhcp-match=set:efi,option:client-arch,7
+dhcp-match=set:efi,option:client-arch,9
+dhcp-match=set:efi,option:client-arch,11
+# Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader
+dhcp-boot=tag:efi,tag:!ipxe,ipxe.efi
+
+# Client is running PXE over BIOS; send BIOS version of iPXE chainloader
+dhcp-boot=/undionly.kpxe,$(PROVISIONING_IP)
diff --git a/manifests/function/baremetal-operator/config-file/dualboot.ipxe b/manifests/function/baremetal-operator/config-file/dualboot.ipxe
new file mode 100644
index 000000000..4ed14ab75
--- /dev/null
+++ b/manifests/function/baremetal-operator/config-file/dualboot.ipxe
@@ -0,0 +1,22 @@
+#!ipxe
+
+# NOTE(lucasagomes): Loop over all network devices and boot from
+# the first one capable of booting. For more information see:
+# https://bugs.launchpad.net/ironic/+bug/1504482
+set netid:int32 -1
+:loop
+inc netid
+isset ${net${netid}/mac} || chain pxelinux.cfg/${mac:hexhyp} || goto inspector
+echo Attempting to boot from MAC ${net${netid}/mac:hexhyp}
+chain pxelinux.cfg/${net${netid}/mac:hexhyp} || goto loop
+
+# If no networks configured to boot then introspect first valid one
+:inspector
+chain inspector.ipxe || goto loop_done
+
+:loop_done
+echo PXE boot failed! No configuration found for any of the present NICs
+echo and could not find inspector.ipxe to use as fallback.
+echo Press any key to reboot...
+prompt --timeout 180
+reboot
diff --git a/manifests/function/baremetal-operator/config-file/httpd.conf b/manifests/function/baremetal-operator/config-file/httpd.conf
new file mode 100644
index 000000000..abac06316
--- /dev/null
+++ b/manifests/function/baremetal-operator/config-file/httpd.conf
@@ -0,0 +1,58 @@
+ServerRoot "/etc/httpd"
+Listen [::]:80
+Include conf.modules.d/*.conf
+User apache
+Group apache
+ServerAdmin root@localhost
+
+ AllowOverride none
+ Require all denied
+
+DocumentRoot "/shared/html"
+
+ AllowOverride None
+ Require all granted
+
+
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+ DirectoryIndex index.html
+
+
+ Require all denied
+
+ErrorLog /dev/stderr
+LogLevel warn
+
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+ # You need to enable mod_logio.c to use %I and %O
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+
+ CustomLog /dev/stderr combined
+
+
+ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
+
+
+ AllowOverride None
+ Options None
+ Require all granted
+
+
+ TypesConfig /etc/mime.types
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+ AddType text/html .shtml
+ AddOutputFilter INCLUDES .shtml
+
+AddDefaultCharset UTF-8
+
+ MIMEMagicFile conf/magic
+
+EnableSendfile on
+IncludeOptional conf.d/*.conf
diff --git a/manifests/function/baremetal-operator/config-file/inspector.conf b/manifests/function/baremetal-operator/config-file/inspector.conf
new file mode 100644
index 000000000..16981a35f
--- /dev/null
+++ b/manifests/function/baremetal-operator/config-file/inspector.conf
@@ -0,0 +1,26 @@
+[DEFAULT]
+auth_strategy = noauth
+debug = true
+transport_url = fake://
+use_stderr = true
+listen_address = ::
+[database]
+connection = sqlite:///var/lib/ironic-inspector/ironic-inspector.db
+[discovery]
+enroll_node_driver = ipmi
+[ironic]
+auth_type = none
+endpoint_override = http://$(PROVISIONING_IP):6385
+[processing]
+always_store_ramdisk_logs = true
+node_not_found_hook = enroll
+permit_active_introspection = true
+power_off = false
+processing_hooks = $default_processing_hooks,extra_hardware,lldp_basic
+ramdisk_logs_dir = /shared/log/ironic-inspector/ramdisk
+store_data = database
+[pxe_filter]
+driver = noop
+[service_catalog]
+auth_type = none
+endpoint_override = http://$(PROVISIONING_IP):5050
diff --git a/manifests/function/baremetal-operator/config-file/inspector.ipxe b/manifests/function/baremetal-operator/config-file/inspector.ipxe
new file mode 100644
index 000000000..ac534a07c
--- /dev/null
+++ b/manifests/function/baremetal-operator/config-file/inspector.ipxe
@@ -0,0 +1,9 @@
+#!ipxe
+
+:retry_boot
+echo In inspector.ipxe
+imgfree
+# NOTE(dtantsur): keep inspection kernel params in [mdns]params in ironic-inspector-image
+kernel --timeout 60000 http://$(PROVISIONING_IP):80/images/ironic-python-agent.kernel ipa-inspection-callback-url=http://$(PROVISIONING_IP):5050/v1/continue ipa-inspection-collectors=default,extra-hardware,logs systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 initrd=ironic-python-agent.initramfs || goto retry_boot
+initrd --timeout 60000 http://$(PROVISIONING_IP):80/images/ironic-python-agent.initramfs || goto retry_boot
+boot
diff --git a/manifests/function/baremetal-operator/config-file/ironic.conf b/manifests/function/baremetal-operator/config-file/ironic.conf
new file mode 100644
index 000000000..4c6680950
--- /dev/null
+++ b/manifests/function/baremetal-operator/config-file/ironic.conf
@@ -0,0 +1,57 @@
+[DEFAULT]
+auth_strategy = noauth
+my_ip = $(PROVISIONING_IP)
+debug = true
+default_boot_interface = ipxe
+default_deploy_interface = direct
+default_inspect_interface = inspector
+default_network_interface = noop
+enabled_boot_interfaces = pxe,ipxe,fake,redfish-virtual-media
+enabled_deploy_interfaces = direct,fake
+enabled_hardware_types = ipmi,idrac,irmc,fake-hardware,redfish
+enabled_inspect_interfaces = inspector,idrac,irmc,fake,redfish
+enabled_management_interfaces = ipmitool,idrac,irmc,fake,redfish,idrac-redfish
+enabled_power_interfaces = ipmitool,idrac,irmc,fake,redfish,idrac-redfish
+enabled_raid_interfaces = no-raid,irmc,agent,fake
+enabled_vendor_interfaces = ipmitool,no-vendor,idrac,fake
+rpc_transport = json-rpc
+use_stderr = true
+[agent]
+deploy_logs_collect = always
+deploy_logs_local_path = /shared/log/ironic/deploy
+[api]
+host_ip = ::
+api_workers = $(API_WORKERS)
+[conductor]
+automated_clean = $(AUTOMATED_CLEAN)
+send_sensor_data = true
+send_sensor_data_interval = 160
+api_url = http://$(PROVISIONING_IP):6385
+bootloader = http://$(PROVISIONING_IP):80/uefi_esp.img
+[database]
+connection = mysql+pymysql://ironic:$(MARIADB_PASSWORD)@localhost/ironic?charset=utf8
+[deploy]
+default_boot_option = local
+erase_devices_metadata_priority = 10
+erase_devices_priority = 0
+http_root = /shared/html/
+http_url = http://$(PROVISIONING_IP):80
+fast_track = $(FAST_TRACK)
+[dhcp]
+dhcp_provider = none
+[inspector]
+endpoint_override = http://$(PROVISIONING_IP):5050
+[oslo_messaging_notifications]
+driver = prometheus_exporter
+location = /shared/ironic_prometheus_exporter
+transport_url = fake://
+[pxe]
+images_path = /shared/html/tmp
+instance_master_path = /shared/html/master_images
+ipxe_enabled = true
+pxe_config_template = $pybasedir/drivers/modules/ipxe_config.template
+tftp_master_path = /shared/tftpboot
+tftp_root = /shared/tftpboot
+uefi_pxe_config_template = $pybasedir/drivers/modules/ipxe_config.template
+[redfish]
+use_swift = false
diff --git a/manifests/function/baremetal-operator/config-file/kustomization.yaml b/manifests/function/baremetal-operator/config-file/kustomization.yaml
new file mode 100644
index 000000000..007da90cd
--- /dev/null
+++ b/manifests/function/baremetal-operator/config-file/kustomization.yaml
@@ -0,0 +1,14 @@
+generatorOptions:
+ disableNameSuffixHash: true
+
+configMapGenerator:
+- name: ironic-config-files
+ files:
+ - dnsmasq.conf
+ - dualboot.ipxe
+ - httpd.conf
+ - inspector.conf
+ - inspector.ipxe
+ - ironic.conf
+ - my.cnf
+ - configure-mysql.sql
diff --git a/manifests/function/baremetal-operator/config-file/my.cnf b/manifests/function/baremetal-operator/config-file/my.cnf
new file mode 100644
index 000000000..ad6064900
--- /dev/null
+++ b/manifests/function/baremetal-operator/config-file/my.cnf
@@ -0,0 +1,19 @@
+[server]
+
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+log-error=/var/log/mariadb/mariadb.log
+pid-file=/run/mariadb/mariadb.pid
+max_connections = 64
+max_heap_table_size = 1M
+innodb_buffer_pool_size = 5M
+innodb_log_buffer_size = 512K
+
+[galera]
+
+[embedded]
+
+[mariadb]
+
+[mariadb-10.3]
diff --git a/manifests/function/baremetal-operator/kustomization.yaml b/manifests/function/baremetal-operator/kustomization.yaml
index df09aa4fa..7e2a7b5e0 100644
--- a/manifests/function/baremetal-operator/kustomization.yaml
+++ b/manifests/function/baremetal-operator/kustomization.yaml
@@ -1,5 +1,6 @@
resources:
- ../../global/crd/baremetal-operator
+ - config-file
- rbac
- operator.yaml
- namespace.yaml