diff --git a/README.md b/README.md
index 9f1bf5777..77eb70150 100644
--- a/README.md
+++ b/README.md
@@ -137,10 +137,29 @@ To add custom MySQL configuration, drop additional files into
 
 ####mysql::server
 
+#####`create_root_user`
+
+Specify whether root user should be created or not. Defaults to 'true'.
+
+This is useful for a cluster setup with Galera. The root user has to
+be created once only. `create_root_user` can be set to 'true' on one node while
+it is set to 'false' on the remaining nodes.
+
+#####`create_root_my_cnf`
+
+If set to 'true' create `/root/.my.cnf`. Defaults to 'true'.
+
+`create_root_my_cnf` allows to create `/root/.my.cnf` independently of `create_root_user`.
+This can be used for a cluster setup with Galera where you want to have `/root/.my.cnf`
+on all nodes.
+
 #####`root_password`
 
 The MySQL root password.  Puppet will attempt to set the root password and update `/root/.my.cnf` with it.
 
+Has to be set if `create_root_user` or `create_root_my_cnf` are true. If `root_password` is 'UNSET' `create_root_user`
+and `create_root_my_cnf` are assumed to be false, i.e. the MySQL root user and `/root/.my.cnf` are not created.
+
 #####`old_root_password`
 
 The previous root password (**REQUIRED** if you wish to change the root password via Puppet.)
diff --git a/manifests/params.pp b/manifests/params.pp
index 68742e643..c0ed3b299 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -10,6 +10,8 @@
   $server_service_manage  = true
   $server_service_enabled = true
   $client_package_ensure  = 'present'
+  $create_root_user       = true
+  $create_root_my_cnf     = true
   # mysql::bindings
   $bindings_enable             = false
   $java_package_ensure         = 'present'
diff --git a/manifests/server.pp b/manifests/server.pp
index 2bd354053..e0b5a11a3 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -16,6 +16,8 @@
   $service_manage          = $mysql::params::server_service_manage,
   $service_name            = $mysql::params::server_service_name,
   $service_provider        = $mysql::params::server_service_provider,
+  $create_root_user        = $mysql::params::create_root_user,
+  $create_root_my_cnf      = $mysql::params::create_root_my_cnf,
   $users                   = {},
   $grants                  = {},
   $databases               = {},
diff --git a/manifests/server/root_password.pp b/manifests/server/root_password.pp
index e75412dab..d7e031442 100644
--- a/manifests/server/root_password.pp
+++ b/manifests/server/root_password.pp
@@ -4,12 +4,14 @@
   $options = $mysql::server::options
 
   # manage root password if it is set
-  if $mysql::server::root_password != 'UNSET' {
+  if $mysql::server::create_root_user == true and $mysql::server::root_password != 'UNSET' {
     mysql_user { 'root@localhost':
       ensure        => present,
       password_hash => mysql_password($mysql::server::root_password),
     }
+  }
 
+  if $mysql::server::create_root_my_cnf == true and $mysql::server::root_password != 'UNSET' {
     file { "${::root_home}/.my.cnf":
       content => template('mysql/my.cnf.pass.erb'),
       owner   => 'root',
diff --git a/spec/classes/mysql_server_spec.rb b/spec/classes/mysql_server_spec.rb
index 21efa1170..2058e5f89 100644
--- a/spec/classes/mysql_server_spec.rb
+++ b/spec/classes/mysql_server_spec.rb
@@ -52,11 +52,26 @@
             it { is_expected.not_to contain_mysql_user('root@localhost') }
             it { is_expected.not_to contain_file('/root/.my.cnf') }
           end
-          describe 'when set' do
+          describe 'when root_password set' do
             let(:params) {{:root_password => 'SET' }}
             it { is_expected.to contain_mysql_user('root@localhost') }
             it { is_expected.to contain_file('/root/.my.cnf') }
           end
+          describe 'when root_password set, create_root_user set to false' do
+            let(:params) {{ :root_password => 'SET', :create_root_user => false }}
+            it { is_expected.not_to contain_mysql_user('root@localhost') }
+            it { is_expected.to contain_file('/root/.my.cnf') }
+          end
+          describe 'when root_password set, create_root_my_cnf set to false' do
+            let(:params) {{ :root_password => 'SET', :create_root_my_cnf => false }}
+            it { is_expected.to contain_mysql_user('root@localhost') }
+            it { is_expected.not_to contain_file('/root/.my.cnf') }
+          end
+          describe 'when root_password set, create_root_user and create_root_my_cnf set to false' do
+            let(:params) {{ :root_password => 'SET', :create_root_user => false, :create_root_my_cnf => false }}
+            it { is_expected.not_to contain_mysql_user('root@localhost') }
+            it { is_expected.not_to contain_file('/root/.my.cnf') }
+          end
         end
 
         context 'mysql::server::providers' do