diff --git a/ansible/group_vars/environment_name_oasys_national_reporting_development.yml b/ansible/group_vars/environment_name_oasys_national_reporting_development.yml
index 42e569393..1b22d2488 100644
--- a/ansible/group_vars/environment_name_oasys_national_reporting_development.yml
+++ b/ansible/group_vars/environment_name_oasys_national_reporting_development.yml
@@ -1,2 +1,3 @@
 ---
 ansible_aws_ssm_bucket_name: s3-bucket20240321142315369800000001
+dns_zone_internal: oasys-national-reporting.hmpps-development.modernisation-platform.internal
diff --git a/ansible/group_vars/environment_name_oasys_national_reporting_preproduction.yml b/ansible/group_vars/environment_name_oasys_national_reporting_preproduction.yml
index d60d88987..299172d9d 100644
--- a/ansible/group_vars/environment_name_oasys_national_reporting_preproduction.yml
+++ b/ansible/group_vars/environment_name_oasys_national_reporting_preproduction.yml
@@ -1,2 +1,3 @@
 ---
 ansible_aws_ssm_bucket_name: s3-bucket20240321144721125500000001
+dns_zone_internal: oasys-national-reporting.hmpps-preproduction.modernisation-platform.internal
diff --git a/ansible/group_vars/environment_name_oasys_national_reporting_production.yml b/ansible/group_vars/environment_name_oasys_national_reporting_production.yml
index 359a53329..f9b8e69e8 100644
--- a/ansible/group_vars/environment_name_oasys_national_reporting_production.yml
+++ b/ansible/group_vars/environment_name_oasys_national_reporting_production.yml
@@ -1,2 +1,3 @@
 ---
 ansible_aws_ssm_bucket_name: s3-bucket20240321144737986100000001
+dns_zone_internal: oasys-national-reporting.hmpps-production.modernisation-platform.internal
diff --git a/ansible/group_vars/environment_name_oasys_national_reporting_test.yml b/ansible/group_vars/environment_name_oasys_national_reporting_test.yml
index 16766eee4..72a4211a8 100644
--- a/ansible/group_vars/environment_name_oasys_national_reporting_test.yml
+++ b/ansible/group_vars/environment_name_oasys_national_reporting_test.yml
@@ -1,2 +1,3 @@
 ---
 ansible_aws_ssm_bucket_name: s3-bucket20240321144723303200000002
+dns_zone_internal: oasys-national-reporting.hmpps-test.modernisation-platform.internal
diff --git a/ansible/group_vars/server_type_onr_boe.yml b/ansible/group_vars/server_type_onr_boe.yml
index e4ff39c0e..ba39d1f20 100644
--- a/ansible/group_vars/server_type_onr_boe.yml
+++ b/ansible/group_vars/server_type_onr_boe.yml
@@ -1,3 +1,77 @@
 ---
 ansible_python_interpreter: /usr/local/bin/python3.6
-# FIXME: this is a rhel 6.9 instance so 'packages' role may not work the same way
+
+users_and_groups_system:
+  - name: bobj
+    group: binstall
+    groups:
+      - dba
+      - sapsys
+
+server_type_roles_list:
+  - users-and-groups
+  - sudoers
+  - get-ec2-facts
+  - set-ec2-hostname
+  - domain-search
+  - disable-ipv6
+  - disable-firewall
+  - time
+  - packages
+  - message-of-the-day
+  - amazon-ssm-agent
+  - amazon-cli
+  - ansible-script
+  - epel
+  - disks
+  # - oracle-19c-client
+  # - oracle-tns-entries
+  # - ncr-bip
+  - onr-boe
+  - collectd
+  - amazon-cloudwatch-agent
+  - amazon-cloudwatch-agent-collectd
+  # - collectd-service-metrics TODO: not defined yet
+
+roles_list: "{{ (ami_roles_list | default([]) | difference(server_type_roles_list | default([]))) + (server_type_roles_list | default([])) }}"
+
+packages_yum_install:
+  - nano
+  - vim
+  - make
+  - libstdc++.i686
+  - libstdc++.x86_64
+  - glibc.i686
+  - glibc.x86_64
+  - libX11.i686
+  - libX11.x86_64
+  - libXext.i686
+  - libXext.x86_64
+  - expat.i686
+  - expat.x86_64
+  # - libxcrypt.i686 removed from list as package is not available in RHEL 6
+  - libgcc.i686
+  - libgcc.x86_64
+  # - libnsl.i686 removed from list as package is not available in RHEL 6
+  - libXcursor.i686
+  - libXcursor.x86_64
+  - libXrender.i686
+  - libXrender.x86_64
+  - libXfixes.i686
+  - libXfixes.x86_64
+  - libxcb.i686
+  - libxcb.x86_64
+  - libXau.i686
+  - libXau.x86_64
+  - xz-libs.i686
+
+disks_mount:
+  - ebs_device_name: /dev/sdb
+    dir: /u01
+    fstype: ext4
+  - ebs_device_name: /dev/sdc
+    dir: /u02
+    fstype: ext4
+  # - ebs_device_name: /dev/sds
+  #   dir: swap
+  #   fstype: swap
diff --git a/ansible/roles/onr-boe/defaults/main.yml b/ansible/roles/onr-boe/defaults/main.yml
new file mode 100644
index 000000000..b18d4cf9a
--- /dev/null
+++ b/ansible/roles/onr-boe/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+artefacts_s3_bucket_name: mod-platform-image-artefact-bucket20230203091453221500000001
+artefacts_s3_bucket_path: hmpps/onr
+artefact_dir: /u02 # check this
+app_dir: /u01/app # check this
+
+boe_software: ENTERPRISE07P_4-10007478.TGZ
+boe_install_user: bobj
+boe_install_group: binstall
+
+stage: "{{ artefact_dir }}/stage"
+temp: "{{ artefact_dir }}/temp"
diff --git a/ansible/roles/onr-boe/meta/main.yml b/ansible/roles/onr-boe/meta/main.yml
new file mode 100644
index 000000000..4885d7b7e
--- /dev/null
+++ b/ansible/roles/onr-boe/meta/main.yml
@@ -0,0 +1,6 @@
+---
+dependencies:
+  - role: get-ec2-facts
+  - role: ansible-requirements
+  #  - role: disable-ipv6 TODO: ask Craig what this is for
+  - role: disable-firewall
diff --git a/ansible/roles/onr-boe/tasks/download-software.yml b/ansible/roles/onr-boe/tasks/download-software.yml
new file mode 100644
index 000000000..b405c62bd
--- /dev/null
+++ b/ansible/roles/onr-boe/tasks/download-software.yml
@@ -0,0 +1,39 @@
+---
+- name: Create directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    owner: "{{ boe_install_user }}"
+    group: "{{ boe_install_group }}"
+    state: directory
+    recurse: yes
+  loop:
+    - "{{ temp }}"
+    - "{{ stage }}"
+  tags:
+    - amibuild
+    - oracle_19c_download
+    - oracle_19c_create_dirs
+
+# - name: Download oracle prerequisite rpms from S3 bucket
+#   amazon.aws.aws_s3:
+#     bucket: "{{ artefacts_s3_bucket_name }}"
+#     object: "{{ artefacts_s3_bucket_path }}/{{ item }}"
+#     dest: "{{ stage }}/{{ item }}"
+#     mode: get
+#     overwrite: latest
+#   loop:
+#     - "{{ oracle_prereq_rpm }}"
+#     - "{{ oracle_asmlib_rpm }}"
+#     - "{{ oracleasm_support_rpm }}"
+
+- name: Download Oracle 19c software from S3 bucket
+  amazon.aws.aws_s3:
+    bucket: "{{ artefacts_s3_bucket_name }}"
+    object: "{{ artefacts_s3_bucket_path }}/{{ item }}"
+    dest: "{{ stage }}/{{ item }}"
+    mode: get
+    overwrite: latest
+  loop:
+    - "{{ boe_software }}"
+    # - "{{ grid_software }}"
+    # - "{{ opatch }}"
diff --git a/ansible/roles/onr-boe/tasks/main.yml b/ansible/roles/onr-boe/tasks/main.yml
new file mode 100644
index 000000000..27504c826
--- /dev/null
+++ b/ansible/roles/onr-boe/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+# - import_tasks: prereqs.yml
+#   tags:
+#     - always
+
+# - import_tasks: users.yml
+#   tags:
+#     - amibuild
+#     - ec2provision
+#     - oracle_db_users
+
+# - name: Set selinux to permissive mode
+#   import_role:
+#     name: selinux-config
+#   vars:
+#     selinux_state: permissive
+#   tags:
+#     - amibuild
+#     - ec2provision
+#     - oracle_db_selinux_permissive
+
+# - import_tasks: get-facts.yml
+#   tags:
+#     - ec2provision
+# - oracle_db_get_facts
+# - oracle_db_reconfigure_has
+# - oracle_db_restore_databases
+
+- import_tasks: download-software.yml
+  tags:
+    - amibuild
+    - ec2provision
+    # - oracle_db_get_base_software
+# - import_tasks: install-base-software.yml
+#   tags:
+#     - amibuild
+#     - ec2provision
+#     - oracle_db_install_base_software