diff --git a/ansible/playbooks/init-rocky-bugzilla.yml b/ansible/playbooks/init-rocky-bugzilla.yml
index f5cc2bb..081d8c1 100644
--- a/ansible/playbooks/init-rocky-bugzilla.yml
+++ b/ansible/playbooks/init-rocky-bugzilla.yml
@@ -1,13 +1,13 @@
 ---
-# Installs the mantis bug tracker
-- name: Configure MantisBT
+# Installs Bugzilla
+- name: Configure Bugzilla
   hosts: "bugtracker"
   become: true
   vars_files:
   - vars/common.yml
   - vars/vaults/encpass.yml
   - vars/vaults/mantis.yml
-  - vars/mantis.yml
+  - vars/bugzilla.yml
 
   handlers:
     - import_tasks: handlers/main.yml
@@ -31,7 +31,7 @@
 
   tasks:
     - name: Deploy Mantis
-      import_tasks: tasks/mantis.yml
+      import_tasks: tasks/bugzilla.yml
 
   post_tasks:
     - name: Open firewalld ports
diff --git a/ansible/playbooks/init-rocky-mantisbt.yml b/ansible/playbooks/init-rocky-mantisbt.yml
new file mode 100644
index 0000000..f5cc2bb
--- /dev/null
+++ b/ansible/playbooks/init-rocky-mantisbt.yml
@@ -0,0 +1,59 @@
+---
+# Installs the mantis bug tracker
+- name: Configure MantisBT
+  hosts: "bugtracker"
+  become: true
+  vars_files:
+  - vars/common.yml
+  - vars/vaults/encpass.yml
+  - vars/vaults/mantis.yml
+  - vars/mantis.yml
+
+  handlers:
+    - import_tasks: handlers/main.yml
+
+  pre_tasks:
+    - name: Check if ansible cannot be run here
+      stat:
+        path: /etc/no-ansible
+      register: no_ansible
+
+    - name: Verify if we can run ansible
+      assert:
+        that:
+          - "not no_ansible.stat.exists"
+        success_msg: "We are not able to run on this node"
+        fail_msg: "/etc/no-ansible exists - skipping run on this node"
+
+  roles:
+    - role: rockylinux.ipagetcert
+      state: present
+
+  tasks:
+    - name: Deploy Mantis
+      import_tasks: tasks/mantis.yml
+
+  post_tasks:
+    - name: Open firewalld ports
+      ansible.posix.firewalld:
+        service: "{{ item }}"
+        permanent: true
+        immediate: true
+        state: enabled
+      with_items:
+        - http
+        - https
+
+    - name: Ensure httpd is enabled and running
+      service:
+        name: httpd
+        enabled: true
+        state: started
+
+    - name: Touching run file that ansible has ran here
+      file:
+        path: /var/log/ansible.run
+        state: touch
+        mode: '0644'
+        owner: root
+        group: root
diff --git a/ansible/playbooks/tasks/bugzilla.yml b/ansible/playbooks/tasks/bugzilla.yml
new file mode 100644
index 0000000..93dd8a4
--- /dev/null
+++ b/ansible/playbooks/tasks/bugzilla.yml
@@ -0,0 +1,54 @@
+---
+# Configure Bugzilla
+- name: Configure SELinux booleans
+  ansible.posix.seboolean:
+    name: "{{ item }}"
+    persistent: true
+    state: true
+  with_items:
+    - httpd_can_network_connect_db
+    - httpd_can_network_connect
+    - httpd_can_sendmail
+
+- name: Install necessary packages
+  yum:
+    name: "{{ bugzilla_pkg }}"
+    state: present
+  tags:
+    - packages
+
+- name: Download the bugtracker
+  get_url:
+    url: "https://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-{{ bugzilla_version }}.tar.gz"
+    dest: "/tmp/bugzilla-{{ bugzilla_version }}.tar.gz"
+    checksum: "{{ bugzilla_checksum }}"
+
+- name: Create initial directory
+  file:
+    path: "/var/www/bugzilla"
+    state: directory
+    mode: '0750'
+    owner: root
+    group: apache
+
+- name: Extract bugzilla
+  unarchive:
+    src: "/tmp/bugzilla-{{ bugzilla_version }}.tar.gz"
+    dest: "/var/www/bugzilla"
+    owner: root
+    group: apache
+    mode: '0640'
+    remote_src: true
+    extra_opts:
+      - '--strip-components=1'
+
+- name: Configure httpd
+  template:
+    src: "etc/httpd/conf.d/bugzilla.conf.j2"
+    dest: "/etc/httpd/conf.d/bugzilla.conf"
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Install necessary pieces
+  import_tasks: bugzilla_install.yml
diff --git a/ansible/playbooks/tasks/bugzilla_install.yml b/ansible/playbooks/tasks/bugzilla_install.yml
new file mode 100644
index 0000000..31b8210
--- /dev/null
+++ b/ansible/playbooks/tasks/bugzilla_install.yml
@@ -0,0 +1,54 @@
+---
+# Install bugzilla properly, including modules and stuff
+
+- name: Check for a localconfig file
+  stat:
+    path: "/var/www/bugzilla/localconfig"
+  register: conf_result
+
+- name: Deploy answer file
+  template:
+    src: "var/www/bugzilla/answer"
+    dest: "/var/www/bugzilla/answer"
+    owner: root
+    group: apache
+    mode: "0640"
+  when: not conf_result.stat.exists
+
+- name: Run checksetup.pl
+  shell: "set -o pipefail && /usr/bin/perl checksetup.pl /var/www/bugzilla/answer"
+  chdir: "/var/www/bugzilla"
+  changed_when: "1 != 1"
+  when: not conf_result.stat.exists
+
+- name: Deploy proper configuration
+  template:
+    src: "var/www/bugzilla/localconfig.j2"
+    dest: "/var/www/bugzilla/localconfig"
+    owner: root
+    group: apache
+    mode: '0640'
+
+- name: Install the proper modules
+  shell: "set -o pipefail && /usr/bin/perl install-module.pl {{ item }}"
+  chdir: "/var/www/bugzilla"
+  changed_when: "1 != 1"
+  with_items:
+    - 'Net::SAML2'
+    - 'HTML::FormatText::WithLinks'
+    - 'PatchReader'
+    - 'Crypt::OpenSSL::Verify'
+    - 'Crypt::OpenSSL::RSA'
+    - 'JSON::RPC'
+    - 'XML::Twig'
+    - 'Template::Plugin::GD::Image'
+
+- name: Re-run checksetup.pl
+  shell: "set -o pipefail && /usr/bin/perl checksetup.pl"
+  chdir: "/var/www/bugzilla"
+  changed_when: "1 != 1"
+
+- name: Remove answer file
+  file:
+    path: "/var/www/bugzilla/answer"
+    state: absent
diff --git a/ansible/playbooks/templates/etc/httpd/conf.d/bugzilla.conf.j2 b/ansible/playbooks/templates/etc/httpd/conf.d/bugzilla.conf.j2
new file mode 100644
index 0000000..b994fbf
--- /dev/null
+++ b/ansible/playbooks/templates/etc/httpd/conf.d/bugzilla.conf.j2
@@ -0,0 +1,37 @@
+<VirtualHost *:80>
+  ServerAdmin infrastructure@rockylinux.org
+  DocumentRoot "{{ bugzilla_dir }}"
+  ServerName bugs.rockylinux.org
+  TransferLog /var/log/httpd/bugzilla_access.log
+  ErrorLog /var/log/httpd/bugzilla_error.log
+  <Directory "{{ bugzilla_dir }}/">
+    AddHandler cgi-script .cgi
+    DirectoryIndex index.cgi
+    Options MultiViews FollowSymlinks ExecCGI FollowSymLinks
+    AllowOverride All
+    Order allow,deny
+    Allow from all
+  </Directory>
+</VirtualHost>
+
+<VirtualHost *:443>
+  SSLEngine on
+  SSLHonorCipherOrder on
+  SSLCipherSuite PROFILE=SYSTEM
+  SSLProxyCipherSuite PROFILE=SYSTEM
+  SSLCertificateFile /etc/pki/tls/certs/bugs.rockylinux.org.crt
+  SSLCertificateKeyFile /etc/pki/tls/private/bugs.rockylinux.org.key
+  ServerAdmin infrastructure@rockylinux.org
+  DocumentRoot "{{ bugzilla_dir }}"
+  ServerName bugs.rockylinux.org
+  TransferLog /var/log/httpd/bugzilla_access.log
+  ErrorLog /var/log/httpd/bugzilla_error.log
+  <Directory "{{ bugzilla_dir }}/">
+    AddHandler cgi-script .cgi
+    DirectoryIndex index.cgi
+    Options MultiViews FollowSymlinks ExecCGI FollowSymLinks
+    AllowOverride All
+    Order allow,deny
+    Allow from all
+  </Directory>
+</VirtualHost>
diff --git a/ansible/playbooks/templates/var/www/bugzilla/answer b/ansible/playbooks/templates/var/www/bugzilla/answer
new file mode 100644
index 0000000..4fb4ccc
--- /dev/null
+++ b/ansible/playbooks/templates/var/www/bugzilla/answer
@@ -0,0 +1,11 @@
+$answer{'db_host'}   = '{{ bugzilla_db_host }}';
+$answer{'db_driver'} = 'pg';
+$answer{'db_port'}   = 0;
+$answer{'db_name'}   = '{{ bugzilla_db_name }}';
+$answer{'db_user'}   = '{{ bugzilla_db_user }}';
+$answer{'db_pass'}   = '{{ bugzilla_db_pass }}';
+$answer{'urlbase'} = 'https://bugs.rockylinux.org/';
+$answer{'ADMIN_EMAIL'} = 'infrastructure@rockylinux.org';
+$answer{'ADMIN_PASSWORD'} = '{{ bugzilla_admin_password }}';
+$answer{'ADMIN_REALNAME'} = 'Infrastructure';
+$answer{'NO_PAUSE'} = 1
diff --git a/ansible/playbooks/templates/var/www/bugzilla/localconfig.j2 b/ansible/playbooks/templates/var/www/bugzilla/localconfig.j2
new file mode 100644
index 0000000..f053ef6
--- /dev/null
+++ b/ansible/playbooks/templates/var/www/bugzilla/localconfig.j2
@@ -0,0 +1,19 @@
+$create_htaccess = 1;
+$webservergroup = 'apache';
+$use_suexec = 0;
+$db_driver = 'pg';
+$db_host = '{{ bugzilla_db_host }}';
+$db_name = '{{ bugzilla_db_name }}';
+$db_user = '{{ bugzilla_db_user }}';
+$db_pass = '{{ bugzilla_db_pass }}';
+$db_port = 0;
+$db_sock = '';
+$db_check = 1;
+$db_mysql_ssl_ca_file = '';
+$db_mysql_ssl_ca_path = '';
+$db_mysql_ssl_client_cert = '';
+$db_mysql_ssl_client_key = '';
+$index_html = 0;
+$interdiffbin = '/usr/bin/interdiff';
+$diffpath = '/usr/bin';
+$site_wide_secret = '{{ lookup('password', '/dev/null length=54 chars=ascii_letters') }}';
diff --git a/ansible/playbooks/vars/bugzilla.yml b/ansible/playbooks/vars/bugzilla.yml
new file mode 100644
index 0000000..0293b5b
--- /dev/null
+++ b/ansible/playbooks/vars/bugzilla.yml
@@ -0,0 +1,52 @@
+---
+# bugzilla vars
+bugzilla_version: 5.0.6
+bugzilla_checksum: "sha256:dd41a4b0a3a1df0d193bc056f2e3711d7b5605718a00bf6e5d4177bf1be86f77"
+bugzilla_dir: "/var/www/bugzilla"
+bugzilla_pkg:
+  - perl
+  - perl-CPAN
+  - perl-DBD-Pg
+  - perl-LDAP
+  - perl-JSON-RPC-CGI
+  - perl-JSON-RPC-Daemon
+  - perl-JSON-RPC-Apache2
+  - perl-JSON-XS
+  - perl-XMLRPC-Lite
+  - perl-CGI
+  - perl-DateTime
+  - perl-DateTime-TimeZone
+  - perl-Template-Toolkit
+  - perl-Email-Sender
+  - perl-Email-MIME
+  - perl-List-MoreUtils
+  - perl-Math-Random-ISAAC
+  - perl-GD
+  - patchutils
+  - httpd
+  - mod_ssl
+  - mod_perl
+  - mod_perl-devel
+  - httpd-devel
+  - gd-devel
+  - graphviz
+  - patchutils
+  - gcc
+  - openssl-devel
+  - wget
+  - curl
+bugzilla_db_host: db.rockylinux.org
+bugzilla_db_name: bugzilla_db
+bugzilla_db_user: bugzilla
+
+# Vault
+# bugzilla_db_pass: ThisIsNotThePassword!
+
+ipa_getcert_requested_hostnames:
+  - name: "{{ ansible_fqdn }}"
+    owner: apache
+    key_location: "/etc/pki/tls/private/bugs.rockylinux.org.key"
+    cert_location: "/etc/pki/tls/certs/bugs.rockylinux.org.crt"
+    postcmd: "/bin/systemctl reload httpd"
+    cnames:
+      - "bugs.rockylinux.org"