diff --git a/roles/cephadm/README.md b/roles/cephadm/README.md
index 51e4a71..14af8f8 100644
--- a/roles/cephadm/README.md
+++ b/roles/cephadm/README.md
@@ -41,6 +41,8 @@ All Ceph hosts must be in the `ceph` group.
     * `cephadm_ssh_public_key`: Location where ssh public key used by cephadm will be saved (default: /etc/ceph/cephadm.pub)
     * `cephadm_ssh_private_key`: Location where ssh private key used by cephadm will be saved (default: /etc/ceph/cephadm.id)
     * `cephadm_ssh_user`: Pre-existing user name that should be used for bootstrapping the cluster. User must have passwordless sudo enabled. Since 1.4.0 (default: `ansible_user`)
+    * `cephadm_bootstrap_additional_parameters`: additional arguments to pass to `cephadm bootstrap`
+    * `cephadm_apt_repo_dist`: overide (default) `ansible_distribution_release` for debian package repository
   * MONs and MGRs
     * `cephadm_mon_count`: Number of MONs to deploy (default: equals to number of hosts in `mons` Ansible group)
     * `cephadm_mgr_count`: Number of MGRs to deploy (default: equals to number of hosts in `mgrs` Ansible group)
diff --git a/roles/cephadm/defaults/main.yml b/roles/cephadm/defaults/main.yml
index 85b19fa..34b2f15 100644
--- a/roles/cephadm/defaults/main.yml
+++ b/roles/cephadm/defaults/main.yml
@@ -22,6 +22,8 @@ cephadm_install_ceph_cli: False
 cephadm_ssh_public_key: "/etc/ceph/cephadm.pub"
 cephadm_ssh_private_key: "/etc/ceph/cephadm.id"
 cephadm_ssh_user: "{{ ansible_user }}"
+cephadm_bootstrap_additional_parameters: ""
+cephadm_apt_repo_dist: "{{ ansible_facts.distribution_release }}"
 # MONs and MGRs
 cephadm_mon_count: "{{ groups.get('mons', []) | length }}"
 cephadm_mgr_count: "{{ groups.get('mgrs', []) | length }}"
diff --git a/roles/cephadm/tasks/bootstrap.yml b/roles/cephadm/tasks/bootstrap.yml
index 43a7bd2..e1b1982 100644
--- a/roles/cephadm/tasks/bootstrap.yml
+++ b/roles/cephadm/tasks/bootstrap.yml
@@ -19,7 +19,9 @@
            {{ firewalld }}
            --ssh-private-key={{ cephadm_ssh_private_key }}
            --ssh-public-key={{ cephadm_ssh_public_key }}
+           {% if cephadm_ssh_user | length > 0 %}
            --ssh-user "{{ cephadm_ssh_user }}"
+           {% endif %}
            {% if cephadm_registry_url | length > 0 %}
            --registry-url={{ cephadm_registry_url }}
            --registry-username={{ cephadm_registry_username }}
@@ -30,6 +32,7 @@
            --fsid={{ cephadm_fsid }}
            {% endif %}
            --mon-ip={{ mon_ip }}
+           {{ cephadm_bootstrap_additional_parameters }}
     become: true
     when: not cephadm_check_ceph_conf.stat.exists
 
diff --git a/roles/cephadm/tasks/pkg_debian.yml b/roles/cephadm/tasks/pkg_debian.yml
index 949f541..88c4cde 100644
--- a/roles/cephadm/tasks/pkg_debian.yml
+++ b/roles/cephadm/tasks/pkg_debian.yml
@@ -7,7 +7,7 @@
 
 - name: Ensure Ceph repositories are defined
   apt_repository:
-    repo: "deb https://download.ceph.com/debian-{{ item }}/ {{ ansible_facts.distribution_release }} main"
+    repo: "deb https://download.ceph.com/debian-{{ item }}/ {{ cephadm_apt_repo_dist }} main"
     state: "{{ 'present' if item == cephadm_ceph_release else 'absent' }}"
   when: not cephadm_custom_repos | bool
   become: true
diff --git a/roles/cephadm/tasks/prereqs.yml b/roles/cephadm/tasks/prereqs.yml
index 4202a1a..93357b1 100644
--- a/roles/cephadm/tasks/prereqs.yml
+++ b/roles/cephadm/tasks/prereqs.yml
@@ -55,6 +55,7 @@
     user: "{{ cephadm_ssh_user }}"
     state: present
     key: "{{ content }}"
+  when: "cephadm_ssh_user | length > 0"
   become: true
 
 - name: Ensure the Logrotate package is installed
diff --git a/roles/commands/README.md b/roles/commands/README.md
new file mode 100644
index 0000000..e805d8f
--- /dev/null
+++ b/roles/commands/README.md
@@ -0,0 +1,28 @@
+# commands
+
+This role executes arbitrary commands against a Ceph cluster using `cephadm`.
+
+## Prerequisites
+
+### Host prerequisites
+
+* The role assumes target hosts connection over SSH with user that has passwordless sudo configured.
+* Either direct Internet access or private registry with desired Ceph image accessible to all hosts is required.
+
+### Inventory
+
+This role assumes the existence of the following groups:
+
+* `mons`
+
+with at least one host in it - see the `cephadm` role for more details.
+
+## Role variables
+
+* `cephadm_commands`: A list of commands to pass to `cephadm shell -- ceph`
+   Example:
+   ```
+          cephadm_commands:
+            - "fs new cephfs cephfs_metadata cephfs_data"
+            - "orch apply mds cephfs --placement 3"
+   ```
diff --git a/roles/commands/defaults/main.yml b/roles/commands/defaults/main.yml
new file mode 100644
index 0000000..3c6a661
--- /dev/null
+++ b/roles/commands/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+cephadm_commands: []
diff --git a/roles/commands/tasks/main.yml b/roles/commands/tasks/main.yml
new file mode 100644
index 0000000..4a4b867
--- /dev/null
+++ b/roles/commands/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: Execute custom commands
+  command:
+    cmd: "cephadm shell -- ceph {{ item }}"
+  register: cephadm_commands_result
+  with_items: "{{ cephadm_commands }}"
+  become: true
+  when: cephadm_commands | length > 0
+
+  delegate_to: "{{ groups['mons'][0] }}"
+  run_once: True