diff --git a/docs/buildsys/koji-cbs-sigs.md b/docs/buildsys/koji-cbs-sigs.md
index 129bc95..3e20635 100644
--- a/docs/buildsys/koji-cbs-sigs.md
+++ b/docs/buildsys/koji-cbs-sigs.md
@@ -265,7 +265,7 @@ If external repo is already defined, we just need to add it to tags and no need 
 
 ```
 sig_tag="hyperscale8s-packages-main-el8-build"
-externalrepo_name="centos8s-buildroot"
+externalrepo_name="epel8"
 koji add-external-repo --mode bare --tag=${sig_tag} ${externalrepo_name}
 ```
 
diff --git a/docs/operations/deploy/common.md b/docs/operations/deploy/common.md
index e69de29..bc7f495 100644
--- a/docs/operations/deploy/common.md
+++ b/docs/operations/deploy/common.md
@@ -0,0 +1,62 @@
+# Common Operations to initialize a node/service in CentOS infra
+
+Once the server (bare-metal, Virtual Machine - internal or EC2 instance- ) is deployed, we just need to add it to ansible inventory (probably already done already during `deploy` step so complete with the following information)
+
+Requirements:
+
+  * Machine is reachable
+  * You have initial credentials (either already injected ssh key and sudo right or just other equivalent credentials)
+  * Access to required Ansible inventory 
+
+## Adding node
+
+You first need to add the node into DNS (either internally or externally) so please have a look at the dedicated [DNS section](/infra/dns), and that means kicking the `role-bind.yml` or `role-unbound.yml` playbooks based on the need, and after having pushed the change to git.
+
+Once the node is available, we need *once* to initialize the node to confirm access and ssh host key/fingerprint and then sign it with our SSH CA.
+
+Let's start by first ensuring that we can log onto a node (in our example a EC2 instance):
+
+```
+ssh centos@artwork-1.dev.centos.org uptime
+The authenticity of host 'artwork-1.dev.centos.org (<no hostip for proxy command>)' can't be established.
+ECDSA key fingerprint is SHA256:TFnZOT68OAkUQdTm1kCwoPxEN8d/4v/kqinsPcFD/04.
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added 'artwork-1.dev.centos.org' (ECDSA) to the list of known hosts.
+ 09:41:48 up 7 min,  0 users,  load average: 0.00, 0.06, 0.04
+
+```
+
+Now we can proceed with next steps.
+Let's add the node in the correct Ansible inventory (like for example `CentOS-CI` or `CentOS-prod` or `CentOS-staging`, etc.
+
+We first need to ensure that usual `sysadmins` will be granted first the correct rights and we just need to add the node in ansible inventory first.
+If you already know which roles you want to directly apply feel free to add into correct `[group_name]` in the inventory or just add it to `[unclassified]` first.
+When done, we can just play manually (only once) some playbooks and from there machine will be automatically reconfigured when role/inventory is updated (see the Ansible section about this)
+
+```
+fqdn="artwork-1.dev.centos.org"
+ansible-playbook playbooks/adhoc-grant-access.yml -u centos -l ${fqdn} # or add -k to ask for password if needed to inject ssh keys
+``` 
+
+Now that `sysadmins` have their keys injected (including yours), you can initialize the node , but it will create a temporary file that you can then copy into inventory for some gathered facts, so you can use `--extras-vars` just for this specific call
+
+```
+out_dir="/home/arrfab/ansible/out"
+test -d ${out_dir} || mkdir -p ${out_dir}
+ansible-playbook playbooks/adhoc-init-node.yml -l ${fqdn} --extra-vars "out_dir=${out_dir}"
+cat ${out_dir}/${fqdn} >> inventory/host_vars/${fqdn}
+```
+
+The `adhoc-init-node.yml` will do the following : 
+
+  * (optional) retrieve the public IP and allow incoming connections from that new ip for some infra services restricted by iptables
+  * retrieve ssh host keys, sign these and push the signed 
+  * retrieve locally some facts that can be used later for basic host_vars template
+  * play the `baseline` role (common for *all* nodes but with different settings, based on inventory
+  * (optional): play other roles that are tied to ansible inventory group membership (if you added the host already in some specific groups) 
+
+If you configured correctl
+
+Now that machine is in ansible inventory, you can always add new role, based on group memberships, change settings through `group_vars` or `host_vars`, etc, so Ansible BAU
+
+