diff --git a/defaults/main.yml b/defaults/main.yml
index bba41eff..efd91b3c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -127,6 +127,13 @@ lxc_cache_prep_dns:
 lxc_cache_prep_pre_commands: '## pre command skipped ##'
 lxc_cache_prep_post_commands: '## post command skipped ##'
 
+# Full path to the base image prep script. By default this will use the
+# named script for a given OS within the "templates/prep-scripts" directory.
+# If a deployer wishes to override this script with something else they can
+# do so by defining a user variable with the full path to the local script
+# which will be templated onto the deployment targets.
+lxc_cache_prep_template: "{{ _lxc_cache_prep_template }}"
+
 # List of packages to be installed into the base container cache
 lxc_cache_distro_packages: "{{ _lxc_cache_distro_packages }}"
 
diff --git a/releasenotes/notes/template-setup-70a3daadc2a9d93b.yaml b/releasenotes/notes/template-setup-70a3daadc2a9d93b.yaml
new file mode 100644
index 00000000..58319356
--- /dev/null
+++ b/releasenotes/notes/template-setup-70a3daadc2a9d93b.yaml
@@ -0,0 +1,10 @@
+---
+deprecations:
+  - The option ``cache_prep_commands`` from ``lxc_cache_map`` has been
+    removed. This option has been converted to a template file within
+    the **lxc_hosts** role. In order to set specific cache commands within
+    the template it is recommended that deployers set
+    ``lxc_cache_prep_pre_commands`` or ``lxc_cache_prep_post_commands``. If the
+    entire prep script needs to be overridden deployers can set
+    ``lxc_cache_prep_template`` to the full local path of the prep template and
+    the role will use this script irrespective of the base container type.
diff --git a/tasks/lxc_cache_preparation.yml b/tasks/lxc_cache_preparation.yml
index a2e63c69..c1a968be 100644
--- a/tasks/lxc_cache_preparation.yml
+++ b/tasks/lxc_cache_preparation.yml
@@ -98,18 +98,15 @@
   with_items: "{{ lxc_container_cache_files }}"
 
 - name: Cached image preparation script
-  copy:
-    content: |
-      #!/usr/bin/env bash
-      set -e -x
-      {{ lxc_cache_map.cache_prep_commands }}
-    dest: "{{ lxc_image_cache_path }}/usr/local/bin/cache-prep-commands.sh"
+  template:
+    src: "{{ lxc_cache_prep_template }}"
+    dest: "{{ lxc_image_cache_path }}/opt/cache-prep-commands.sh"
     mode: "0755"
 
 # This task runs several commands against the cached image to speed up the
 # lxc_container_create playbook.
 - name: Prepare cached image setup commands
-  shell: "chroot {{ lxc_image_cache_path }} /usr/local/bin/cache-prep-commands.sh > /var/log/lxc-cache-prep-commands.log 2>&1"
+  shell: "chroot {{ lxc_image_cache_path }} /opt/cache-prep-commands.sh > /var/log/lxc-cache-prep-commands.log 2>&1"
   changed_when: false
   async: "{{ lxc_cache_prep_timeout }}"
   poll: 0
diff --git a/templates/prep-scripts/centos_7_prep.sh.j2 b/templates/prep-scripts/centos_7_prep.sh.j2
new file mode 100644
index 00000000..429844f1
--- /dev/null
+++ b/templates/prep-scripts/centos_7_prep.sh.j2
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+set -e -x
+
+{{ lxc_cache_prep_pre_commands }}
+
+mkdir -p /etc/ansible/facts.d/
+rm /etc/resolv.conf || true
+
+{% for resolver in lxc_cache_prep_dns %}
+echo "nameserver {{ resolver }}" >> /etc/resolv.conf
+{% endfor %}
+
+rpm --import /etc/pki/rpm-gpg/*
+
+# The containers do not need the LXC repository (only hosts need it).
+rm -f /etc/yum.repos.d/thm-lxc2.0*
+
+# Prefer dnf over yum for CentOS.
+which dnf &>/dev/null && RHT_PKG_MGR='dnf' || RHT_PKG_MGR='yum'
+
+# Create yum/dnf transaction file and run it all at once
+echo "update" > /tmp/package-transaction.txt
+echo "install {{ lxc_cache_distro_packages | join(' ') }}" >> /tmp/package-transaction.txt
+echo "run" >> /tmp/package-transaction.txt
+$RHT_PKG_MGR -y shell /tmp/package-transaction.txt
+yum-complete-transaction --cleanup-only
+rm -f /tmp/package-transaction.txt
+rm -f /usr/bin/python
+ln -s /usr/bin/python2.7 /usr/bin/python
+rm /etc/machine-id || true
+rm /var/lib/dbus/machine-id || true
+rm /etc/sysctl.d/* || true
+echo '' > /etc/sysctl.conf
+touch /etc/machine-id
+yum clean all
+mkdir -p /var/backup
+chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
+
+# Set the IP of the lxcbr0 interface as the DNS server
+echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
+systemctl enable systemd-networkd
+
+{{ lxc_cache_prep_post_commands }}
diff --git a/templates/prep-scripts/opensuse_leap_42_prep.sh.j2 b/templates/prep-scripts/opensuse_leap_42_prep.sh.j2
new file mode 100644
index 00000000..3e2a7ab4
--- /dev/null
+++ b/templates/prep-scripts/opensuse_leap_42_prep.sh.j2
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+set -e -x
+
+{{ lxc_cache_prep_pre_commands }}
+
+mkdir -p /etc/ansible/facts.d/
+rm /etc/resolv.conf || true
+
+{% for resolver in lxc_cache_prep_dns %}
+echo "nameserver {{ resolver }}" >> /etc/resolv.conf
+{% endfor %}
+
+# We have (tried to!) copied repo-oss and repo-update from the host so wipe everything else.
+find /etc/zypp/repos.d/ -type f ! -name "repo-oss.repo" -a ! -name "repo-update.repo" -delete
+zypper lr | grep -q 'repo-oss' || zypper --quiet ar {{ lxc_hosts_opensuse_mirror_url }}/distribution/leap/{{ ansible_distribution_version }}/repo/oss repo-oss
+zypper lr | grep -q 'repo-update' || zypper --quiet ar {{ lxc_hosts_opensuse_mirror_url }}/update/leap/{{ ansible_distribution_version }}/oss repo-update
+
+# Disable recommended packages. Only update what's really needed
+if ! fgrep -qx "solver.onlyRequires = true" /etc/zypp/zypp.conf; then
+    echo -e "\n\n## Disable recommended packages\nsolver.onlyRequires = true" >> /etc/zypp/zypp.conf
+fi
+
+# Update base distribution
+zypper --gpg-auto-import-keys -n dup --force-resolution -l
+zypper --gpg-auto-import-keys -n in --force-resolution -l {{ lxc_cache_distro_packages | join(' ') }}
+mkdir -p /var/backup
+chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
+
+# NOTE(hwoarang): Enable sshd which has been explicitely disabled in
+# https://github.com/lxc/lxc-ci/commit/8dc7105399350a59698538a12b6d5a1a880ef2ba
+systemctl -q unmask sshd
+systemctl -q enable sshd
+rm /etc/machine-id || true
+rm /var/lib/dbus/machine-id || true
+touch /etc/machine-id
+rm /etc/sysctl.d/* || true
+echo '' > /etc/sysctl.conf
+for action in disable mask; do
+  systemctl ${action} wicked.service || true
+  systemctl ${action} wickedd.service || true
+  systemctl ${action} wickedd-auto4.service || true
+  systemctl ${action} wickedd-dhcp4.service || true
+  systemctl ${action} wickedd-dhcp6.service || true
+  systemctl ${action} wickedd-nanny.service || true
+done
+
+# Set the IP of the lxcbr0 interface as the DNS server
+echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
+systemctl enable systemd-networkd
+{{ lxc_cache_prep_post_commands }}
diff --git a/templates/prep-scripts/ubuntu_16_prep.sh.j2 b/templates/prep-scripts/ubuntu_16_prep.sh.j2
new file mode 100644
index 00000000..cc444e0a
--- /dev/null
+++ b/templates/prep-scripts/ubuntu_16_prep.sh.j2
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+set -e -x
+
+{{ lxc_cache_prep_pre_commands }}
+
+mkdir -p /etc/ansible/facts.d/
+rm /etc/resolv.conf || true
+
+{% for resolver in lxc_cache_prep_dns %}
+echo "nameserver {{ resolver }}" >> /etc/resolv.conf
+{% endfor %}
+
+apt-key add /root/repo.keys
+rm /root/repo.keys
+export DEBIAN_FRONTEND=noninteractive
+apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true
+
+# Update base distribution
+apt-get update
+apt-get upgrade -y
+apt-get install -y {{ lxc_cache_install_debconf }} {{ lxc_cache_distro_packages | join(' ') }}
+apt-get upgrade -y {{ lxc_cache_install_debconf }}
+rm -f /usr/bin/python
+rm /etc/machine-id || true
+rm /var/lib/dbus/machine-id || true
+touch /etc/machine-id
+rm /etc/sysctl.d/* || true
+echo '' > /etc/sysctl.conf
+ln -s /usr/bin/python2.7 /usr/bin/python
+mkdir -p /root/.ssh
+chmod 700 /root/.ssh
+userdel --force --remove ubuntu || true
+apt-get clean
+mkdir -p /var/backup
+mkdir -p /etc/network/interfaces.d
+chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
+for action in disable mask; do
+  systemctl ${action} resolvconf.service || true
+  systemctl ${action} systemd-networkd-resolvconf-update.path || true
+  systemctl ${action} systemd-networkd-resolvconf-update.service || true
+done
+
+# Set the IP of the lxcbr0 interface as the DNS server
+echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
+systemctl enable systemd-networkd
+{{ lxc_cache_prep_post_commands }}
diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml
index 5cf450c4..926f1a38 100644
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@@ -55,45 +55,8 @@ lxc_cache_map:
     - /etc/pki/rpm-gpg/
     - /etc/yum/pluginconf.d/fastestmirror.conf
     - /etc/yum.repos.d/
-  cache_prep_commands: |
-    {{ lxc_cache_prep_pre_commands }}
-    mkdir -p /etc/ansible/facts.d/
-    if [ -a /etc/resolv.conf ]; then
-      mv /etc/resolv.conf /etc/resolv.conf.org
-    fi
-    {% for resolver in lxc_cache_prep_dns %}
-    echo "nameserver {{ resolver }}" >> /etc/resolv.conf
-    {% endfor %}
-    rpm --import /etc/pki/rpm-gpg/*
-    # The containers do not need the LXC repository (only hosts need it).
-    rm -f /etc/yum.repos.d/thm-lxc2.0*
-    # Prefer dnf over yum for CentOS.
-    which dnf &>/dev/null && RHT_PKG_MGR='dnf' || RHT_PKG_MGR='yum'
-    # Create yum/dnf transaction file and run it all at once
-    echo "update" > /tmp/package-transaction.txt
-    echo "install {{ lxc_cache_distro_packages | join(' ') }}" >> /tmp/package-transaction.txt
-    echo "run" >> /tmp/package-transaction.txt
-    $RHT_PKG_MGR -y shell /tmp/package-transaction.txt
-    yum-complete-transaction --cleanup-only
-    rm -f /tmp/package-transaction.txt
-    rm -f /usr/bin/python
-    ln -s /usr/bin/python2.7 /usr/bin/python
-    rm /etc/machine-id || true
-    rm /var/lib/dbus/machine-id || true
-    rm /etc/sysctl.d/*
-    echo '' > /etc/sysctl.conf
-    touch /etc/machine-id
-    yum clean all
-    mkdir -p /var/backup
-    chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
-    if [ -a /etc/resolv.conf.org ]; then
-      mv /etc/resolv.conf.org /etc/resolv.conf
-    else
-      rm -f /etc/resolv.conf
-    fi
-    rm /etc/sysconfig/network-scripts/ifcfg-eth0
-    systemctl enable systemd-networkd
-    {{ lxc_cache_prep_post_commands }}
+
+_lxc_cache_prep_template: "prep-scripts/centos_7_prep.sh.j2"
 
 _lxc_cache_distro_packages:
   - ca-certificates
diff --git a/vars/suse-42.yml b/vars/suse-42.yml
index b5e00da3..f2c6c671 100644
--- a/vars/suse-42.yml
+++ b/vars/suse-42.yml
@@ -48,50 +48,8 @@ lxc_cache_map:
     - /etc/localtime
     - /etc/zypp/repos.d/repo-oss.repo
     - /etc/zypp/repos.d/repo-update.repo
-  cache_prep_commands: |
-    {{ lxc_cache_prep_pre_commands }}
-    mkdir -p /etc/ansible/facts.d/
-    if [ -a /etc/resolv.conf ]; then
-      mv /etc/resolv.conf /etc/resolv.conf.org
-    fi
-    {% for resolver in lxc_cache_prep_dns %}
-    echo "nameserver {{ resolver }}" >> /etc/resolv.conf
-    {% endfor %}
-    # We have (tried to!) copied repo-oss and repo-update from the host so wipe everything else.
-    find /etc/zypp/repos.d/ -type f ! -name "repo-oss.repo" -a ! -name "repo-update.repo" -delete
-    zypper lr | grep -q 'repo-oss' || zypper --quiet ar {{ lxc_hosts_opensuse_mirror_url }}/distribution/leap/{{ ansible_distribution_version }}/repo/oss repo-oss
-    zypper lr | grep -q 'repo-update' || zypper --quiet ar {{ lxc_hosts_opensuse_mirror_url }}/update/leap/{{ ansible_distribution_version }}/oss repo-update
-    # Disable recommended packages. Only update what's really needed
-    if ! fgrep -qx "solver.onlyRequires = true" /etc/zypp/zypp.conf; then
-        echo -e "\n\n## Disable recommended packages\nsolver.onlyRequires = true" >> /etc/zypp/zypp.conf
-    fi
-    # Update base distribution
-    zypper --gpg-auto-import-keys -n dup --force-resolution -l
-    zypper --gpg-auto-import-keys -n in --force-resolution -l {{ lxc_cache_distro_packages | join(' ') }}
-    mkdir -p /var/backup
-    chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
-    # Set the IP of the lxcbr0 interface as the DNS server
-    echo "nameserver {{ lxc_net_address }}" > /etc/resolv.conf
-    # NOTE(hwoarang): Enable sshd which has been explicitely disabled in
-    # https://github.com/lxc/lxc-ci/commit/8dc7105399350a59698538a12b6d5a1a880ef2ba
-    systemctl -q unmask sshd
-    systemctl -q enable sshd
-    rm /etc/machine-id || true
-    rm /var/lib/dbus/machine-id || true
-    touch /etc/machine-id
-    rm /etc/sysctl.d/*
-    echo '' > /etc/sysctl.conf
-    for action in disable mask; do
-      systemctl ${action} wicked.service || true
-      systemctl ${action} wickedd.service || true
-      systemctl ${action} wickedd-auto4.service || true
-      systemctl ${action} wickedd-dhcp4.service || true
-      systemctl ${action} wickedd-dhcp6.service || true
-      systemctl ${action} wickedd-nanny.service || true
-    done
-    rm /etc/sysconfig/network/ifcfg-eth0
-    systemctl enable systemd-networkd
-    {{ lxc_cache_prep_post_commands }}
+
+_lxc_cache_prep_template: "prep-scripts/opensuse_leap_42_prep.sh.j2"
 
 _lxc_cache_distro_packages:
   - ca-certificates-mozilla
diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml
index 3c07b5f1..1d7b87d4 100644
--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@@ -61,56 +61,13 @@ lxc_cache_map:
     - /etc/environment
     - /etc/localtime
     - /root/repo.keys
-  cache_prep_commands: |
-    {{ lxc_cache_prep_pre_commands }}
-    mkdir -p /etc/ansible/facts.d/
-    if [ -a /etc/resolv.conf ]; then
-      mv /etc/resolv.conf /etc/resolv.conf.org
-    fi
-    {% for resolver in lxc_cache_prep_dns %}
-    echo "nameserver {{ resolver }}" >> /etc/resolv.conf
-    {% endfor %}
-    apt-key add /root/repo.keys
-    rm /root/repo.keys
-    export DEBIAN_FRONTEND=noninteractive
-    apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true
-    # Update base distribution
-    apt-get update
-    apt-get upgrade -y
-    apt-get install -y {{ lxc_cache_install_debconf }} {{ lxc_cache_distro_packages | join(' ') }}
-    apt-get upgrade -y {{ lxc_cache_install_debconf }}
-    rm -f /usr/bin/python
-    rm /etc/machine-id || true
-    rm /var/lib/dbus/machine-id || true
-    touch /etc/machine-id
-    rm /etc/sysctl.d/*
-    echo '' > /etc/sysctl.conf
-    ln -s /usr/bin/python2.7 /usr/bin/python
-    mkdir -p /root/.ssh
-    chmod 700 /root/.ssh
-    userdel --force --remove ubuntu || true
-    apt-get clean
-    mkdir -p /var/backup
-    mkdir -p /etc/network/interfaces.d
-    chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
-    if [ -a /etc/resolv.conf.org ]; then
-      mv /etc/resolv.conf.org /etc/resolv.conf
-    else
-      rm -f /etc/resolv.conf
-    fi
-    for action in disable mask; do
-      systemctl ${action} resolvconf.service || true
-      systemctl ${action} systemd-networkd-resolvconf-update.path || true
-      systemctl ${action} systemd-networkd-resolvconf-update.service || true
-    done
-    rm /etc/network/interfaces
-    systemctl enable systemd-networkd
-    {{ lxc_cache_prep_post_commands }}
 
 # This forces any modified configurations to remain, and any unmodified configs to be replaced
 # ref: http://serverfault.com/questions/259226/automatically-keep-current-version-of-config-files-when-apt-get-install
 lxc_cache_install_debconf: '-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes'
 
+_lxc_cache_prep_template: "prep-scripts/ubuntu_16_prep.sh.j2"
+
 _lxc_cache_distro_packages:
   - apt-transport-https
   - ca-certificates