diff --git a/docs/source/prod-node-setup-mgmt/start-one-m-node.md b/docs/source/prod-node-setup-mgmt/start-one-m-node.md
index 94b445aa..fab89289 100644
--- a/docs/source/prod-node-setup-mgmt/start-one-m-node.md
+++ b/docs/source/prod-node-setup-mgmt/start-one-m-node.md
@@ -20,7 +20,7 @@ but replace `192.0.2.128` with the IP address of the host.
 
 ## Run the Ansible Playbook
 
-The next step is to run the Ansible playbook `one-m-node.yml`. It installs all the software necessary in a one-machine BigchainDB node, configures it, and starts it. Here's how to run that playbook:
+The next step is to run the Ansible playbook `one-m-node.yml`:
 ```text
 # cd to the directory .../bigchaindb/ntools/one-m/ansible
 ansible-playbook -i hosts --private-key ~/.ssh/<key-name> one-m-node.yml
@@ -28,7 +28,9 @@ ansible-playbook -i hosts --private-key ~/.ssh/<key-name> one-m-node.yml
 
 where `<key-name>` should be replaced by the name of the SSH private key you created earlier (for SSHing to the host machine at your cloud hosting provider).
 
-Note: At the time of writing, the playbook only installs and runs an NTP daemon, but more is coming soon.
+What did you just do? Running that playbook ensures all the software necessary for a one-machine BigchainDB node is installed, configured, and running properly. You can run that playbook on a regular schedule to ensure that the system stays properly configured. If something is okay, it does nothing; it only takes action when something is not as-desired.
+
+Note: At the time of writing, the playbook only installs, configures and runs an NTP daemon, but more is coming soon.
 
 
 ## Optional: Create an Ansible Config File
diff --git a/ntools/one-m/ansible/one-m-node.yml b/ntools/one-m/ansible/one-m-node.yml
index e6691184..8f76fdfa 100644
--- a/ntools/one-m/ansible/one-m-node.yml
+++ b/ntools/one-m/ansible/one-m-node.yml
@@ -1,9 +1,11 @@
 ---
 # This playbook deploys a BigchainDB node in one machine (one-m).
 
-- name: install + configure + start all software
+- name: Ensure a one-machine BigchainDB node is configured properly
   hosts: all
   remote_user: ubuntu
 
   roles:
-    - common
\ No newline at end of file
+    - bcdb_base
+    - ntp
+    # TODO: upgrade pip and setuptools, see https://github.com/bobbyrenwick/ansible-pip 
diff --git a/ntools/one-m/ansible/roles/bcdb_base/tasks/main.yml b/ntools/one-m/ansible/roles/bcdb_base/tasks/main.yml
new file mode 100644
index 00000000..d281c7d8
--- /dev/null
+++ b/ntools/one-m/ansible/roles/bcdb_base/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+# ansible/roles/bcdb_base/tasks/main.yml
+
+# Note: "become: true" basically means "become root user for this task" i.e. sudo <cmd>
+# See https://docs.ansible.com/ansible/become.html
+
+- name: Do the equivalent of "sudo apt-get update"
+  apt: update_cache=yes
+  become: true
+
+- name: Configure all unpacked but unconfigured packages
+  shell: /usr/bin/dpkg --configure -a
+  become: true
+
+- name: Attempt to correct a system with broken dependencies in place
+  shell: /usr/bin/apt-get -y -f install
+  become: true
+
+- name: Ensure the LATEST git g++ python3-dev are installed
+  apt: name={{item}} state=latest
+  become: true
+  with_items:
+    - git
+    - g++
+    - python3-dev
diff --git a/ntools/one-m/ansible/roles/common/handlers/main.yml b/ntools/one-m/ansible/roles/common/handlers/main.yml
deleted file mode 100644
index a7ccf7ff..00000000
--- a/ntools/one-m/ansible/roles/common/handlers/main.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# ansible/roles/common/handlers/main.yml
-# See http://docs.ansible.com/playbooks_intro.html for more information about handlers.
-
-- name: restart ntp
-  service: name=ntpd state=restarted
-
-#- name: restart iptables
-#  service: name=iptables state=restarted
\ No newline at end of file
diff --git a/ntools/one-m/ansible/roles/common/tasks/main.yml b/ntools/one-m/ansible/roles/common/tasks/main.yml
deleted file mode 100644
index 1b543e75..00000000
--- a/ntools/one-m/ansible/roles/common/tasks/main.yml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-# ansible/roles/common/tasks/main.yml
-# Note: "become: true" basically means "become root user for this task" i.e. sudo <cmd>
-# See https://docs.ansible.com/ansible/become.html
-
-- name: Do the equivalent of "sudo apt-get update"
-  apt: update_cache=yes
-  become: true
-
-- name: Uninstall ntpdate (deprecated)
-  apt: name=ntpdate state=absent
-  become: true
-  tags: ntp
-
-- name: Update all installed packages to their latest versions
-  apt: upgrade=dist
-  become: true
-
-- name: Install ntp
-  apt: name=ntp state=latest update_cache=yes
-  become: true
-  tags: ntp
-
-#- name: Configure ntp file
-#  template: src=ntp.conf.j2 dest=/etc/ntp.conf
-#  tags: ntp
-  # "restart ntp" is the name of a handler (in common/handlers/main.yml)
-#  notify: restart ntp
-
-- name: Start the ntp service
-  service: name=ntp state=started enabled=yes
-  become: true
-  tags: ntp
-
-#- name: test to see if selinux is running
-#  command: getenforce
-#  register: sestatus
-#  changed_when: false
diff --git a/ntools/one-m/ansible/roles/ntp/handlers/main.yml b/ntools/one-m/ansible/roles/ntp/handlers/main.yml
new file mode 100644
index 00000000..503a25c3
--- /dev/null
+++ b/ntools/one-m/ansible/roles/ntp/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+# ansible/roles/common/handlers/main.yml
+
+- name: restart ntp
+  service: name=ntpd state=restarted
diff --git a/ntools/one-m/ansible/roles/ntp/tasks/main.yml b/ntools/one-m/ansible/roles/ntp/tasks/main.yml
new file mode 100644
index 00000000..001681ce
--- /dev/null
+++ b/ntools/one-m/ansible/roles/ntp/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+# ansible/roles/ntp/tasks/main.yml
+
+- name: Ensure ntpdate is not installed (and uninstall it if necessary)
+  apt: name=ntpdate state=absent
+  become: true
+
+- name: Ensure the LATEST ntp is installed and do "sudo apt-get update" 
+  apt: name=ntp state=latest update_cache=yes
+  become: true
+
+- name: Retrieve facts about the file /etc/ntp.conf
+  stat: path=/etc/ntp.conf
+  register: ntp_conf_file
+
+- name: Fail when /etc/ntp.conf doesn't exist
+  fail: msg="The NTP config file /etc/ntp.conf doesn't exist'"
+  when: ntp_conf_file.stat.exists == False
+
+# For now, we assume the default /etc/ntp.conf file is okay
+
+- name: Ensure the ntp service is now started and should start on boot (enabled=yes)
+  service: name=ntp state=started enabled=yes
+  become: true