diff --git a/Makefile b/Makefile
index 3d3306e..9af0a89 100644
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@ export CONTIV_INSTALLER_VERSION ?= $(BUILD_VERSION)
 # downloaded and built assets intended to go in installer by build.sh
 export CONTIV_ARTIFACT_STAGING := $(PWD)/artifact_staging
 # some assets are retrieved from GitHub, this is the default version to fetch
-export DEFAULT_DOWNLOAD_CONTIV_VERSION := 1.1.5
+export DEFAULT_DOWNLOAD_CONTIV_VERSION := 1.1.7
 export CONTIV_ACI_GW_VERSION ?= latest
 export NETPLUGIN_OWNER ?= contiv
 # setting NETPLUGIN_BRANCH compiles that commit on demand,
@@ -19,6 +19,7 @@ export CONTIV_V2PLUGIN_VERSION ?= $(DEFAULT_DOWNLOAD_CONTIV_VERSION)
 export CONTIV_NETPLUGIN_TARBALL_NAME := netplugin-$(CONTIV_NETPLUGIN_VERSION).tar.bz2
 export CONTIV_ANSIBLE_COMMIT ?= 8e20f56d541af8bc7a3ecbde0d9c64fa943812ed
 export CONTIV_ANSIBLE_OWNER ?= contiv
+export CONTIV_ANSIBLE_IMAGE ?= plockc/contiv-install:1.1.7.1
 
 # this is the classic first makefile target, and it's also the default target
 # run when `make` is invoked with no specific target.
diff --git a/install/ansible/Dockerfile b/install/ansible/Dockerfile
index 93748bf..7c70d35 100644
--- a/install/ansible/Dockerfile
+++ b/install/ansible/Dockerfile
@@ -1,7 +1,7 @@
 FROM alpine:3.6
 
 RUN DEV_PACKAGES="python-dev gcc make musl-dev openssl-dev libffi-dev" \
- && apk add --no-cache python openssl libffi nmap-ncat py-pip $DEV_PACKAGES \
+ && apk add --no-cache bash python openssl libffi nmap-ncat py-pip $DEV_PACKAGES \
  && pip install --upgrade pip \
  && pip install cffi \
  && pip install ansible==2.3.1.0 \
diff --git a/install/ansible/install.sh b/install/ansible/install.sh
index 546d0b6..112d2ac 100644
--- a/install/ansible/install.sh
+++ b/install/ansible/install.sh
@@ -43,7 +43,7 @@ while getopts ":n:a:im:d:v:ps:" opt; do
 		netmaster=$OPTARG
 		;;
 	a)
-		ans_opts=$OPTARG
+		declare -a 'ans_opts=('"$OPTARG"')'
 		;;
 	i)
 		install_scheduler=true
@@ -103,7 +103,7 @@ env_file=install/ansible/env.json
 # Verify ansible can reach all hosts
 
 echo "Verifying ansible reachability"
-ansible all -vvv $ans_opts -i $host_inventory -m setup -a 'filter=ansible_distribution*' | tee $inventory_log
+ansible all "${ans_opts[@]}" -i $host_inventory -m setup -a 'filter=ansible_distribution*' | tee $inventory_log
 if egrep -q 'FAIL|UNREACHABLE' $inventory_log; then
 	echo "WARNING Some of the hosts are not accessible via passwordless SSH"
 	echo " "
@@ -118,7 +118,7 @@ netmaster_control_if=$(grep -A10 $netmaster $contiv_config | grep -m 1 control |
 # Get the ansible node
 node_name=$(grep $netmaster $host_inventory | awk '{print $1}' | xargs)
 # Get the service VIP for netmaster for the control interface
-service_vip=$(ansible $node_name -m setup $ans_opts -i $host_inventory | grep -A 100 ansible_$netmaster_control_if | grep -A 4 ipv4 | grep address | awk -F \" '{print $4}' | xargs)
+service_vip=$(ansible $node_name -m setup "${ans_opts[@]}" -i $host_inventory | grep -A 100 ansible_$netmaster_control_if | grep -A 4 ipv4 | grep address | awk -F \" '{print $4}' | xargs)
 
 if [ "$service_vip" == "" ]; then
 	service_vip=$netmaster
@@ -179,7 +179,7 @@ log_file="/var/contiv/$log_file_name"
 echo "Ansible extra vars from env.json:"
 cat "$env_file"
 # run playbook
-ansible-playbook $ans_opts -i "$host_inventory" -e@"$env_file" $ansible_path/install_plays.yml | tee $log_file
+ansible-playbook "${ans_opts[@]}" -i "$host_inventory" -e@"$env_file" $ansible_path/install_plays.yml | tee $log_file
 rm -rf "$env_file.bak"
 
 unreachable=$(grep "PLAY RECAP" -A 9999 $log_file | awk -F "unreachable=" '{print $2}' | awk '{print $1}' | grep -v "0" | xargs)
diff --git a/install/ansible/install_swarm.sh b/install/ansible/install_swarm.sh
index 3d739ff..92ce1f2 100755
--- a/install/ansible/install_swarm.sh
+++ b/install/ansible/install_swarm.sh
@@ -42,6 +42,7 @@ Additional Options:
 -d   string     Forwarding mode (“routing” or “bridge”). Default mode is “bridge”
 -c   string
 -k   string
+-a   string     Additonal ansible arguments such as "--ssh-common-args=-o ProxyCommand='ncat --proxy-type socks4 --proxy 1.3.2.10:1234 %h %p'"
 
 Advanced Options:
 -v   string     ACI Image (default is contiv/aci-gw:latest). Use this to specify a specific version of the ACI Image.
@@ -79,7 +80,10 @@ while getopts ":f:n:a:e:ipm:d:v:u:c:k:s:" opt; do
 			netmaster=$OPTARG
 			;;
 		a)
-			ans_opts=$OPTARG
+			# make a bash array from the ansible argument
+			# it interprets single and double quotes as you might expect
+			# creating single "words" when quoting
+			declare -a ans_opts=("$OPTARG")
 			;;
 		e)
 			ans_key=$OPTARG
@@ -147,7 +151,9 @@ fi
 if [ "$ans_opts" == "" ]; then
 	ans_opts=" --private-key $def_ans_key -u $ans_user"
 else
-	ans_opts=$(printf '%q', $ans_opts)" --private-key $def_ans_key -u $ans_user"
+	# escape each word in the array and put spaces between the words
+	ans_opts="$(printf "%q " "${ans_opts[@]}") --private-key $def_ans_key -u $ans_user"
+	# ans_opts is now a string
 fi
 
 # Generate SSL certs for auth proxy
@@ -161,7 +167,7 @@ if [[ ! -f "$host_tls_cert" || ! -f "$host_tls_key" ]]; then
 fi
 
 echo "Starting the installer container"
-image_name="contiv/install:__CONTIV_INSTALL_VERSION__"
+image_name="__CONTIV_INSTALL_VERSION__"
 mounts[0]="-v"
 mounts[1]="$(pwd)/install:/install:Z"
 mounts[2]="-v"
@@ -170,4 +176,6 @@ mounts[4]="-v"
 mounts[5]="$src_conf_path:$container_conf_path:Z"
 mounts[6]="-v"
 mounts[7]="$(pwd)/contiv_cache:/var/contiv_cache:Z"
-docker run --rm --net=host "${mounts[@]}" $image_name sh -c "./install/ansible/install.sh $netmaster_param -a \"$ans_opts\" $install_scheduler -m $contiv_network_mode -d $fwd_mode $aci_param $cluster_param $v2plugin_param"
+# we quote $ans_opts here again when printig out the docker command to make it a single word
+# install.sh can interpret all the words properly using an array just like above
+docker run --rm --net=host "${mounts[@]}" $image_name sh -c "./install/ansible/install.sh $netmaster_param -a $(printf "%q" "$ans_opts") $install_scheduler -m $contiv_network_mode -d $fwd_mode $aci_param $cluster_param $v2plugin_param"
diff --git a/install/ansible/uninstall_swarm.sh b/install/ansible/uninstall_swarm.sh
index 7631f06..1bd528e 100755
--- a/install/ansible/uninstall_swarm.sh
+++ b/install/ansible/uninstall_swarm.sh
@@ -146,7 +146,7 @@ else
 	ans_opts=$(printf '%q', $ans_opts)" --private-key $def_ans_key -u $ans_user"
 fi
 echo "Starting the uninstaller container"
-image_name="contiv/install:__CONTIV_INSTALL_VERSION__"
+image_name="__CONTIV_INSTALL_VERSION__"
 install_mount="-v $(pwd)/install:/install:Z"
 ansible_mount="-v $(pwd)/ansible:/ansible:Z"
 config_mount="-v $src_conf_path:$container_conf_path:Z"
diff --git a/scripts/build.sh b/scripts/build.sh
index fc2592f..4431afc 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -18,7 +18,7 @@ fi
 
 pull_images=${CONTIV_CI_HOST:-"false"}
 aci_gw_version=${CONTIV_ACI_GW_VERSION:-"latest"}
-ansible_image_version=${CONTIV_ANSIBLE_IMAGE_VERSION:-$DEFAULT_DOWNLOAD_CONTIV_VERSION}
+ansible_image_version=${CONTIV_ANSIBLE_IMAGE:-contiv/install:$DEFAULT_DOWNLOAD_CONTIV_VERSION}
 auth_proxy_version=${CONTIV_API_PROXY_VERSION:-$DEFAULT_DOWNLOAD_CONTIV_VERSION}
 docker_version=${CONTIV_DOCKER_VERSION:-1.12.6}
 etcd_version=${CONTIV_ETCD_VERSION:-v2.3.8}
@@ -52,7 +52,7 @@ cp -a "${CONTIV_ARTIFACT_STAGING}/ansible" ${output_dir}/
 files=$(find $output_dir -type f -name "*.yaml" -or -name "*.sh" -or -name "*.json")
 sed -i.bak 's/__ACI_GW_VERSION__/'"$aci_gw_version"'/g' $files
 sed -i.bak 's/__API_PROXY_VERSION__/'"$auth_proxy_version"'/g' $files
-sed -i.bak 's/__CONTIV_INSTALL_VERSION__/'"$ansible_image_version"'/g' $files
+sed -i.bak 's#__CONTIV_INSTALL_VERSION__#'"$ansible_image_version"'#g' $files
 sed -i.bak 's/__CONTIV_VERSION__/'"$CONTIV_NETPLUGIN_VERSION"'/g' $files
 sed -i.bak 's/__DOCKER_VERSION__/'"$docker_version"'/g' $files
 sed -i.bak 's/__ETCD_VERSION__/'"$etcd_version"'/g' $files