diff --git a/manifests/corosync.pp b/manifests/corosync.pp
index e1c1c326..dac817ac 100644
--- a/manifests/corosync.pp
+++ b/manifests/corosync.pp
@@ -92,6 +92,10 @@
 #   node via pcs if we detect a new node compared to the existing cluster)
 #   Defaults to true
 #
+# [*force_authkey*]
+#   (optional) Forces the use of the autkey parameter even when we're using pcs 0.10
+#   Default to false
+#
 # === Dependencies
 #
 #  None
@@ -128,6 +132,7 @@ class pacemaker::corosync(
   $cluster_start_try_sleep = '20',
   $manage_fw               = true,
   $remote_authkey          = undef,
+  $force_authkey           = undef,
   $settle_timeout          = '3600',
   $settle_tries            = '360',
   $settle_try_sleep        = '10',
@@ -371,7 +376,8 @@ class pacemaker::corosync(
   }
 
   # pcs 0.10/pcmk 2.0 take care of the authkey internally by themselves
-  if $remote_authkey and !$::pacemaker::pcs_010 {
+  # unless force_authkey is true in which case we forcefully use remote_authkey
+  if $remote_authkey and (!$::pacemaker::pcs_010 or $force_authkey) {
     file { 'etc-pacemaker':
       ensure => directory,
       path   => '/etc/pacemaker',
@@ -386,7 +392,16 @@ class pacemaker::corosync(
       mode    => '0640',
       content => $remote_authkey,
     }
-    File['etc-pacemaker-authkey'] -> Service['pcsd']
+    # On the bootstrap node we want to make sure that authkey is imposed
+    # after we create the cluster (because cluster create destroys it and regenerates a new one
+    # but before we start. On non bootstrap nodes we just let it before pcsd
+    if $setup_cluster {
+      Exec<| title == "Create Cluster ${cluster_name}" |> -> File<| title == 'etc-pacemaker-authkey' |>
+      File<| title == 'etc-pacemaker-authkey' |> -> Exec<| title == "Start Cluster ${cluster_name}" |>
+    } else {
+      File['etc-pacemaker-authkey'] -> Service['pcsd']
+    }
+
   }
 
   exec {'wait-for-settle':
diff --git a/manifests/remote.pp b/manifests/remote.pp
index 159f5d52..7e465a72 100644
--- a/manifests/remote.pp
+++ b/manifests/remote.pp
@@ -44,6 +44,10 @@
 #   (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
 #   Defaults to undef
 #
+# [*force_authkey*]
+#   (optional) Forces the use of the autkey parameter even when we're using pcs 0.10
+#   Default to false
+#
 class pacemaker::remote (
   $remote_authkey,
   $use_pcsd        = false,
@@ -52,6 +56,7 @@ class pacemaker::remote (
   $manage_fw       = true,
   $pcsd_debug      = false,
   $pcsd_bind_addr  = undef,
+  $force_authkey   = undef,
   $tls_priorities  = undef,
 ) {
   include ::pacemaker::params
@@ -133,9 +138,19 @@ class pacemaker::remote (
       enable     => true,
       require    => Class['::pacemaker::install'],
     }
-  } else {
-  # This gets managed by pcsd directly when pcs is < 0.10
+    Service<| title == 'pcsd' |> -> Pcmk_constraint<||>
+    Service<| title == 'pcsd' |> -> Pcmk_resource<||>
+    Service<| title == 'pcsd' |> -> Pcmk_property<||>
+    Service<| title == 'pcsd' |> -> Pcmk_bundle<||>
+    Service<| title == 'pcsd' |> -> Pcmk_remote<||>
+  }
+  # We manage our own authkey in two cases
+  # 1) normally when use pcsd is set to false, aka we are using the old method pre 0.10
+  #    to manage remotes
+  # 2) When we explicitly passe force_authkey
+  if !$use_pcsd or $force_authkey {
     Package<| title == 'pacemaker-remote' |> -> File <| title == 'etc-pacemaker' |>
+    File <| title == 'etc-pacemaker-authkey' |> -> Service<| title == 'pacemaker_remote' |>
     file { 'etc-pacemaker':
       ensure => directory,
       path   => '/etc/pacemaker',
@@ -154,5 +169,10 @@ class pacemaker::remote (
       ensure => running,
       enable => true,
     }
+    Service<| title == 'pacemaker_remote' |> -> Pcmk_constraint<||>
+    Service<| title == 'pacemaker_remote' |> -> Pcmk_resource<||>
+    Service<| title == 'pacemaker_remote' |> -> Pcmk_property<||>
+    Service<| title == 'pacemaker_remote' |> -> Pcmk_bundle<||>
+    Service<| title == 'pacemaker_remote' |> -> Pcmk_remote<||>
   }
 }
diff --git a/manifests/resource/remote.pp b/manifests/resource/remote.pp
index 53b775a4..f57720d8 100644
--- a/manifests/resource/remote.pp
+++ b/manifests/resource/remote.pp
@@ -111,13 +111,16 @@ define pacemaker::resource::remote(
   $try_sleep          = 0,
   $verify_on_create   = false,
   $force              = false,
+  $force_oldstyle     = false,
   $pcs_user           = 'hacluster',
   $pcs_password       = undef,
   $location_rule      = undef,
   $deep_compare       = hiera('pacemaker::resource::remote::deep_compare', false),
   $update_settle_secs = hiera('pacemaker::resource::remote::update_settle_secs', 600),
 ) {
-  if $::pacemaker::params::pcs_010 {
+  # If we use pcs 0.10 we use the new pcs node remote-add way of adding
+  # remotes *except* if force_oldstyle is set to true
+  if $::pacemaker::params::pcs_010 and !$force_oldstyle {
     pcmk_remote { $name:
       ensure             => $ensure,
       remote_address     => $remote_address,