diff --git a/deployment.sh b/deployment.sh
index d21ee5a..53e48ac 100755
--- a/deployment.sh
+++ b/deployment.sh
@@ -1222,21 +1222,6 @@ ff02::1         ip6-allnodes
 ff02::2         ip6-allrouters
 EOF
 
-# needed for carrier
-if "$RETRIEVE_MGMT_CONFIG" ; then
-  echo "Retrieving /etc/hosts configuration from management server"
-  wget --timeout=30 -O "${TARGET}/etc/hosts" "${MANAGEMENT_IP}:3000/hostconfig/$(cat ${TARGET}/etc/hostname)"
-  # required for bootstrapping remote origin in ngcpcfg carrier setup
-  echo "Retrieving /etc/ngcp_mgmt_node file from management server"
-  wget --timeout=30 -O "${TARGET}/etc/ngcp_mgmt_node" "${MANAGEMENT_IP}:3000/mgmt"
-  echo "mgmt_node=$(cat ${TARGET}/etc/ngcp_mgmt_node)"
-fi
-
-if "$CARRIER_EDITION" ; then
-  echo "Writing $CROLE to /etc/ngcp_ha_role"
-  echo $CROLE > $TARGET/etc/ngcp_ha_role
-fi
-
 if "$PRO_EDITION" && [[ $(imvirt) != "Physical" ]] ; then
   echo "Generating udev persistent net rules."
   INT_MAC=$(udevadm info -a -p /sys/class/net/${INTERNAL_DEV} | awk -F== '/ATTR{address}/ {print $2}')
@@ -1253,13 +1238,17 @@ SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}==$EXT_MAC, ATTR{de
 EOF
 fi
 
-# needs to be executed *after* udev rules have been set up,
-# otherwise we get duplicated MAC address<->device name mappings
 if "$RETRIEVE_MGMT_CONFIG" ; then
+  # needs to be executed *after* udev rules have been set up,
+  # otherwise we get duplicated MAC address<->device name mappings
   echo "Retrieving network configuration from management server"
   wget --timeout=30 -O /etc/network/interfaces "${MANAGEMENT_IP}:3000/nwconfig/$(cat ${TARGET}/etc/hostname)"
-
   cp /etc/network/interfaces "${TARGET}/etc/network/interfaces"
+  # can't be moved to ngcp-installer, otherwise Grml can't execute:
+  # > wget --timeout=30 -O Packages.gz "${repos_base_path}Packages.gz"
+  # because host 'web01' is unknown
+  echo "Retrieving /etc/hosts configuration from management server"
+  wget --timeout=30 -O "${TARGET}/etc/hosts" "${MANAGEMENT_IP}:3000/hostconfig/$(cat ${TARGET}/etc/hostname)"
 fi
 
 if "$RETRIEVE_MGMT_CONFIG" && "$RESTART_NETWORK" ; then
@@ -1390,6 +1379,19 @@ EOF
   fi
 }
 
+get_network_devices () {
+  # get list of available network devices (excl. some known-to-be-irrelevant ones, also see MT#8297)
+  net_devices=$(tail -n +3 /proc/net/dev | awk -F: '{print $1}'| sed "s/\s*//" | grep -ve '^vmnet' -ve '^vboxnet' -ve '^docker' -ve '^usb' | sort -u)
+
+  NETWORK_DEVICES=""
+  for network_device in $net_devices $DEFAULT_INSTALL_DEV $INTERNAL_DEV $EXTERNAL_DEV ; do
+    # avoid duplicates
+    echo "$NETWORK_DEVICES" | grep -wq "$network_device" || NETWORK_DEVICES="$NETWORK_DEVICES $network_device"
+  done
+  export NETWORK_DEVICES
+  unset net_devices
+}
+
 gen_installer_config () {
   mkdir -p "${TARGET}/etc/ngcp-installer/"
 
@@ -1397,10 +1399,12 @@ gen_installer_config () {
     cat > ${TARGET}/etc/ngcp-installer/config_deploy.inc << EOF
 CROLE="${CROLE}"
 PXE_IMAGES_PATH="${PXE_IMAGES_PATH}"
+MANAGEMENT_IP="${MANAGEMENT_IP}"
 EOF
   fi
 
   if "$PRO_EDITION" ; then
+    get_network_devices
     cat >> ${TARGET}/etc/ngcp-installer/config_deploy.inc << EOF
 HNAME="${ROLE}"
 IP1="${IP1}"
@@ -1409,6 +1413,14 @@ EIFACE="${EIFACE}"
 EADDR="${EADDR}"
 MCASTADDR="${MCASTADDR}"
 DPL_MYSQL_REPLICATION="${DPL_MYSQL_REPLICATION}"
+TARGET_HOSTNAME="${TARGET_HOSTNAME}"
+DEFAULT_INSTALL_DEV="${DEFAULT_INSTALL_DEV}"
+INTERNAL_DEV="${INTERNAL_DEV}"
+GW="$(ip route show dev $DEFAULT_INSTALL_DEV | awk '/^default via/ {print $3}')"
+EXTERNAL_DEV="${EXTERNAL_DEV}"
+NETWORK_DEVICES="${NETWORK_DEVICES}"
+DEFAULT_INTERNAL_NETMASK="${DEFAULT_INTERNAL_NETMASK}"
+RETRIEVE_MGMT_CONFIG="${RETRIEVE_MGMT_CONFIG}"
 EOF
   fi
 
@@ -1419,40 +1431,13 @@ ADJUST_FOR_LOW_PERFORMANCE="${ADJUST_FOR_LOW_PERFORMANCE}"
 ENABLE_VM_SERVICES="${ENABLE_VM_SERVICES}"
 SIPWISE_REPO_HOST="${SIPWISE_REPO_HOST}"
 SIPWISE_REPO_TRANSPORT="${SIPWISE_REPO_TRANSPORT}"
+NAMESERVER="$(awk '/^nameserver/ {print $2}' /etc/resolv.conf)"
 EOF
 
   cat "${TARGET}/etc/ngcp-installer/config_deploy.inc" > /tmp/ngcp-installer-cmdline.log
 }
 
 if "$NGCP_INSTALLER" ; then
-
-  if "$RETRIEVE_MGMT_CONFIG" ; then
-    password=sipwise
-    echo "Retrieving SSH keys from management server (using password ${password})"
-
-    mkdir -p "${TARGET}"/root/.ssh
-
-    wget --timeout=30 -O "${TARGET}"/root/.ssh/authorized_keys "${MANAGEMENT_IP}:3000/ssh/authorized_keys"
-    wget --timeout=30 -O "${TARGET}"/root/.ssh/id_rsa          "${MANAGEMENT_IP}:3000/ssh/id_rsa?password=${password}"
-    wget --timeout=30 -O "${TARGET}"/root/.ssh/id_rsa.pub      "${MANAGEMENT_IP}:3000/ssh/id_rsa_pub"
-    wget --timeout=30 -O "${TARGET}"/root/.ssh/known_hosts     "${MANAGEMENT_IP}:3000/ssh/known_hosts"
-
-    chmod 600 "${TARGET}"/root/.ssh/authorized_keys
-    chmod 600 "${TARGET}"/root/.ssh/id_rsa
-    chmod 644 "${TARGET}"/root/.ssh/id_rsa.pub
-    chmod 600 "${TARGET}"/root/.ssh/known_hosts
-
-    wget --timeout=30 -O "${TARGET}"/etc/ssh/ssh_host_dsa_key     "${MANAGEMENT_IP}:3000/ssh/host_dsa_key?password=${password}"
-    wget --timeout=30 -O "${TARGET}"/etc/ssh/ssh_host_dsa_key.pub "${MANAGEMENT_IP}:3000/ssh/host_dsa_key_pub"
-    wget --timeout=30 -O "${TARGET}"/etc/ssh/ssh_host_rsa_key     "${MANAGEMENT_IP}:3000/ssh/host_rsa_key?password=${password}"
-    wget --timeout=30 -O "${TARGET}"/etc/ssh/ssh_host_rsa_key.pub "${MANAGEMENT_IP}:3000/ssh/host_rsa_key_pub"
-
-    chmod 600 "${TARGET}"/etc/ssh/ssh_host_dsa_key
-    chmod 644 "${TARGET}"/etc/ssh/ssh_host_dsa_key.pub
-    chmod 600 "${TARGET}"/etc/ssh/ssh_host_rsa_key
-    chmod 644 "${TARGET}"/etc/ssh/ssh_host_rsa_key.pub
-  fi
-
   # add sipwise user
   adduser_sipwise
 
@@ -1499,38 +1484,6 @@ EOT
     die "Error during installation of ngcp. Find details at: $TARGET/tmp/ngcp-installer.log $TARGET/tmp/ngcp-installer-debug.log"
   fi
 
-  if "$PRO_EDITION" ; then
-    # set variable to have the *other* node from the PRO setup available for ngcp-network
-    case $ROLE in
-      sp1)
-        logit "Role matching sp1"
-        if [ -n "$TARGET_HOSTNAME" ] && [[ "$TARGET_HOSTNAME" == *a ]] ; then # usually carrier env
-          logit "Target hostname is set and ends with 'a'"
-          THIS_HOST="$TARGET_HOSTNAME"
-          PEER="${TARGET_HOSTNAME%a}b"
-        else # usually PRO env
-          logit "Target hostname is not set or does not end with 'a'"
-          THIS_HOST="$ROLE"
-          PEER=sp2
-        fi
-        ;;
-      sp2)
-        logit "Role matching sp2"
-        if [ -n "$TARGET_HOSTNAME" ] && [[ "$TARGET_HOSTNAME" == *b ]] ; then # usually carrier env
-          THIS_HOST="$TARGET_HOSTNAME"
-          PEER="${TARGET_HOSTNAME%b}a"
-        else # usually PRO env
-          logit "Target hostname is not set or does not end with 'b'"
-          THIS_HOST="$ROLE"
-          PEER=sp1
-        fi
-        ;;
-      *)
-        logit "Using unsupported role: $ROLE"
-        ;;
-    esac
-  fi
-
   if "$RETRIEVE_MGMT_CONFIG" ; then
     if [ "$ROLE" = "sp1" ] ; then
       password=sipwise
@@ -1605,134 +1558,6 @@ EOT
 
 fi
 
-# adjust network.yml
-if "$RETRIEVE_MGMT_CONFIG" ; then
-  echo "Nothing to do (RETRIEVE_MGMT_CONFIG is set), network.yml was already set up."
-elif "$PRO_EDITION" ; then
-  # get list of available network devices (excl. some known-to-be-irrelevant ones, also see MT#8297)
-  net_devices=$(tail -n +3 /proc/net/dev | awk -F: '{print $1}'| sed "s/\s*//" | grep -ve '^vmnet' -ve '^vboxnet' -ve '^docker' -ve '^usb' | sort -u)
-
-  NETWORK_DEVICES=""
-  for network_device in $net_devices $DEFAULT_INSTALL_DEV $INTERNAL_DEV $EXTERNAL_DEV ; do
-    # avoid duplicates
-    echo "$NETWORK_DEVICES" | grep -wq "$network_device" || NETWORK_DEVICES="$NETWORK_DEVICES $network_device"
-  done
-  export NETWORK_DEVICES
-  unset net_devices
-
-  cat << EOT | grml-chroot $TARGET /bin/bash
-  if ! [ -r /etc/ngcp-config/network.yml ] ; then
-    echo '/etc/ngcp-config/network.yml does not exist'
-    exit 0
-  fi
-
-  # we have to start glusterfs-server back to work with shared storage
-  invoke-rc.d glusterfs-server start
-
-  if [ "$ROLE" = "sp1" ] ; then
-    cp /etc/ngcp-config/network.yml /etc/ngcp-config/network.yml.factory_default
-
-    ngcp-network --host=$THIS_HOST --set-interface=lo --ip=auto --netmask=auto --hwaddr=auto --ipv6='::1' --type=web_int
-    ngcp-network --host=$THIS_HOST --set-interface=$DEFAULT_INSTALL_DEV --shared-ip=none --shared-ipv6=none
-    ngcp-network --host=$THIS_HOST --set-interface=$DEFAULT_INSTALL_DEV --ip=auto --netmask=auto --hwaddr=auto
-    ngcp-network --host=$THIS_HOST --set-interface=$INTERNAL_DEV --ip=auto --netmask=auto --hwaddr=auto
-    nameserver="$(awk '/^nameserver/ {print $2}' /etc/resolv.conf)"
-    for entry in \$nameserver ; do
-      ngcp-network --host=$THIS_HOST --set-interface=$DEFAULT_INSTALL_DEV --dns=\$entry
-    done
-
-    GW=$(ip route show dev $DEFAULT_INSTALL_DEV | awk '/^default via/ {print $3}')
-    if [ -n "\$GW" ] ; then
-      ngcp-network --host=$THIS_HOST --set-interface=$DEFAULT_INSTALL_DEV --gateway="\$GW"
-    fi
-
-    ngcp-network --host=$THIS_HOST --peer=$PEER
-    ngcp-network --host=$THIS_HOST --move-from=lo --move-to=$INTERNAL_DEV --type=ha_int
-    # set *_ext types accordingly for PRO setup
-    ngcp-network --host=$THIS_HOST --move-from=lo --move-to=$EXTERNAL_DEV \
-                                   --type=sip_ext --type=rtp_ext --type=mon_ext
-    ngcp-network --host=$THIS_HOST --set-interface=$EXTERNAL_DEV --type=web_ext
-
-    ngcp-network --host=$PEER --peer=$THIS_HOST
-    ngcp-network --host=$PEER --set-interface=$EXTERNAL_DEV --shared-ip=none --shared-ipv6=none
-    ngcp-network --host=$PEER --set-interface=lo --ipv6='::1' --ip=auto --netmask=auto --hwaddr=auto
-
-    # add ssh_ext to all the interfaces of sp1 on sp1
-    for interface in \$NETWORK_DEVICES ; do
-      ngcp-network --host=$THIS_HOST --set-interface=\$interface --type=ssh_ext
-    done
-
-    # add ssh_ext to lo and $INTERNAL_DEV interfaces of sp2 on sp1 so we can reach the ssh server at any time
-    ngcp-network --host=$PEER --set-interface=lo --type=ssh_ext
-    ngcp-network --host=$PEER --set-interface=$INTERNAL_DEV --type=ssh_ext
-
-    # needed to make sure MySQL setup is OK for first node until second node is set up
-    ngcp-network --host=$PEER --set-interface=$INTERNAL_DEV --ip=$IP2 --netmask=$DEFAULT_INTERNAL_NETMASK --type=ha_int
-    ngcp-network --host=$PEER --role=proxy --role=lb --role=mgmt --role=rtp --role=db
-    ngcp-network --host=$PEER --set-interface=lo --type=sip_int --type=web_int --type=web_ext --type=aux_ext
-
-    # version >= mr3.5, previous versions has no dbnode option
-    ngcp-network --host=$PEER --dbnode=2 || true
-
-    cp /etc/ngcp-config/network.yml /mnt/glusterfs/shared_config/network.yml
-
-    # use --no-db-sync only if supported by ngcp[cfg] version
-    if grep -q -- --no-db-sync /usr/sbin/ngcpcfg ; then
-      ngcpcfg --no-db-sync commit "deployed /etc/ngcp-config/network.yml on $ROLE"
-    else
-      ngcpcfg commit "deployed /etc/ngcp-config/network.yml on $ROLE"
-    fi
-
-    ngcpcfg build
-    ngcpcfg push --shared-only
-  else # ROLE = sp2
-    ngcpcfg pull
-    ngcp-network --host=$THIS_HOST --set-interface=$DEFAULT_INSTALL_DEV --ip=auto --netmask=auto --hwaddr=auto
-
-    # finalize the --ip=$IP2 from previous run on first node
-    ngcp-network --host=$THIS_HOST --set-interface=$INTERNAL_DEV --ip=auto --netmask=auto --hwaddr=auto --type=ha_int
-    # set *_ext types accordingly for PRO setup
-    ngcp-network --host=$THIS_HOST --set-interface=$EXTERNAL_DEV --type=web_int --type=web_ext --type=sip_ext \
-                              --type=rtp_ext --type=mon_ext
-
-    # add ssh_ext to all the interfaces of sp2 on sp2
-    for interface in \$NETWORK_DEVICES ; do
-      ngcp-network --host=$THIS_HOST --set-interface=\$interface --type=ssh_ext
-    done
-
-    # use --no-db-sync only if supported by ngcp[cfg] version
-    if grep -q -- --no-db-sync /usr/sbin/ngcpcfg ; then
-      ngcpcfg --no-db-sync commit "deployed /etc/ngcp-config/network.yml on $ROLE"
-    else
-      ngcpcfg commit "deployed /etc/ngcp-config/network.yml on $ROLE"
-    fi
-
-    ngcpcfg push --shared-only
-
-    # make sure login from second node to first node works
-    ssh-keyscan $PEER >> ~/.ssh/known_hosts
-
-    # live system uses a different SSH host key than the finally installed
-    # system, so do NOT use ssh-keyscan here
-    tail -1 ~/.ssh/known_hosts | sed "s/\w* /$THIS_HOST /" >> ~/.ssh/known_hosts
-    tail -1 ~/.ssh/known_hosts | sed "s/\w* /$MANAGEMENT_IP /" >> ~/.ssh/known_hosts
-    scp ~/.ssh/known_hosts $PEER:~/.ssh/known_hosts
-
-    ssh $PEER ngcpcfg pull
-    ngcpcfg build
-
-    if ngcpcfg --help |grep -q init-mgmt ; then
-      ngcpcfg init-mgmt $MANAGEMENT_IP
-    else
-      echo "Skipping ngcpcfg init-mgmt as it is not available"
-    fi
-  fi
-
-  # we have to stop glusterfs-server back
-  invoke-rc.d glusterfs-server stop
-EOT
-fi
-
 if "$RETRIEVE_MGMT_CONFIG" ; then
   echo "Nothing to do (RETRIEVE_MGMT_CONFIG is set), /etc/network/interfaces was already set up."
 elif ! "$NGCP_INSTALLER" ; then