diff --git a/share/hooks/raft/vip.sh b/share/hooks/raft/vip.sh
index fef00838c5c..cb73724272c 100755
--- a/share/hooks/raft/vip.sh
+++ b/share/hooks/raft/vip.sh
@@ -5,6 +5,42 @@ INTERFACE="$2"
 IFADDR="$3"
 IP="${IFADDR%%/*}"
 
+#
+# functions
+#
+
+# test if a systemd unit from the argument can be started
+# arg: <unit name>
+# return:
+#   0: when unit can be started (even if the unit is disabled)
+#   1: in all other cases (e.g.: explicitly masked or invalid unit syntax)
+is_systemd_unit_startable()
+{
+    _systemctl_output=$(LANG=C systemctl is-enabled "${1}" 2>&1)
+
+    if [ $? -eq 0 ]; then
+        return 0
+    else
+        case "$_systemctl_output" in
+            linked*|disabled)
+                # unit still can be started: systemctl start <unit name>
+                return 0
+                ;;
+            *)
+                # unit is invalid or explicitly masked: we will not start it
+                return 1
+                ;;
+        esac
+    fi
+
+    # just to be safe
+    return 1
+}
+
+#
+# main
+#
+
 if [ -z "$INTERFACE" ]; then
     echo "Missing interface." >&2
     exit 1
@@ -43,9 +79,17 @@ leader)
             sudo -n systemctl start opennebula-gate
         fi
 
-        if systemctl is-enabled opennebula-hem >/dev/null 2>&1; then
+        # opennebula.service wants opennebula-hem.service
+        if is_systemd_unit_startable opennebula-hem ; then
+            # this is implicit dependency of the opennebula.service...
             sudo -n systemctl start opennebula-hem
         fi
+
+        # opennebula.service wants opennebula-showback.timer
+        if is_systemd_unit_startable opennebula-showback.timer ; then
+            # this is implicit dependency of the opennebula.service...
+            sudo -n systemctl start opennebula-showback.timer
+        fi
     else
         if [ -e /usr/lib/one/oneflow/oneflow-server.rb ]; then
             sudo -n service opennebula-flow start
@@ -58,6 +102,7 @@ leader)
         if [ -e /usr/lib/one/onehem/onehem-server.rb ]; then
             sudo -n service opennebula-hem start
         fi
+        # TODO: showback timer will not work on non-systemd system - crontab?
     fi
     ;;
 
@@ -79,11 +124,17 @@ follower)
             sudo -n systemctl stop opennebula-gate
         fi
 
-         if systemctl is-enabled opennebula-hem >/dev/null 2>&1 ||
+        if systemctl is-enabled opennebula-hem >/dev/null 2>&1 ||
            systemctl is-active  opennebula-hem >/dev/null 2>&1;
         then
             sudo -n systemctl stop opennebula-hem
         fi
+
+        if systemctl is-enabled opennebula-showback.timer >/dev/null 2>&1 ||
+           systemctl is-active  opennebula-showback.timer >/dev/null 2>&1;
+        then
+            sudo -n systemctl stop opennebula-showback.timer
+        fi
     else
         if [ -e /usr/lib/one/oneflow/oneflow-server.rb ]; then
             sudo -n service opennebula-flow stop
@@ -96,6 +147,7 @@ follower)
         if [ -e /usr/lib/one/onehem/onehem-server.rb ]; then
             sudo -n service opennebula-hem stop
         fi
+        # TODO: showback timer will not work on non-systemd system - crontab?
     fi
     ;;
 
diff --git a/share/pkgs/services/systemd/opennebula-showback.service b/share/pkgs/services/systemd/opennebula-showback.service
new file mode 100644
index 00000000000..2a6268f56e7
--- /dev/null
+++ b/share/pkgs/services/systemd/opennebula-showback.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=OpenNebula's periodic showback calculation
+
+[Service]
+Group=oneadmin
+User=oneadmin
+Type=oneshot
+ExecStart=/usr/bin/oneshowback calculate
diff --git a/share/pkgs/services/systemd/opennebula-showback.timer b/share/pkgs/services/systemd/opennebula-showback.timer
new file mode 100644
index 00000000000..92cffb42137
--- /dev/null
+++ b/share/pkgs/services/systemd/opennebula-showback.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenNebula's periodic showback calculation
+After=remote-fs.target
+
+[Timer]
+OnCalendar=daily
+AccuracySec=1h
+Persistent=true
+
+[Install]
+WantedBy=default.target
diff --git a/share/pkgs/services/systemd/opennebula.service b/share/pkgs/services/systemd/opennebula.service
index 1be77139405..ecabd86bd17 100644
--- a/share/pkgs/services/systemd/opennebula.service
+++ b/share/pkgs/services/systemd/opennebula.service
@@ -6,6 +6,7 @@ After=opennebula-ssh-agent.service
 Wants=opennebula-scheduler.service opennebula-hem.service
 Wants=opennebula-ssh-agent.service
 Wants=opennebula-ssh-socks-cleaner.timer
+Wants=opennebula-showback.timer
 
 [Service]
 Type=notify
diff --git a/share/pkgs/sudoers/centos/opennebula b/share/pkgs/sudoers/centos/opennebula
index 1e46546fd8e..f48f284515c 100644
--- a/share/pkgs/sudoers/centos/opennebula
+++ b/share/pkgs/sudoers/centos/opennebula
@@ -3,7 +3,7 @@ Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin
 
 Cmnd_Alias ONE_CEPH = /usr/bin/rbd
 Cmnd_Alias ONE_FIRECRACKER = /usr/bin/jailer, /usr/bin/mount, /usr/sbin/one-clean-firecracker-domain, /usr/sbin/one-prepare-firecracker-domain
-Cmnd_Alias ONE_HA = /usr/bin/systemctl start opennebula-flow, /usr/bin/systemctl stop opennebula-flow, /usr/bin/systemctl start opennebula-gate, /usr/bin/systemctl stop opennebula-gate, /usr/bin/systemctl start opennebula-hem, /usr/bin/systemctl stop opennebula-hem, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/sbin/service opennebula-hem start, /usr/sbin/service opennebula-hem stop, /usr/sbin/arping, /usr/sbin/ip address *
+Cmnd_Alias ONE_HA = /usr/bin/systemctl start opennebula-flow, /usr/bin/systemctl stop opennebula-flow, /usr/bin/systemctl start opennebula-gate, /usr/bin/systemctl stop opennebula-gate, /usr/bin/systemctl start opennebula-hem, /usr/bin/systemctl stop opennebula-hem,, /usr/bin/systemctl start opennebula-showback.timer, /usr/bin/systemctl stop opennebula-showback.timer /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/sbin/service opennebula-hem start, /usr/sbin/service opennebula-hem stop, /usr/sbin/arping, /usr/sbin/ip address *
 Cmnd_Alias ONE_LVM = /usr/sbin/lvcreate, /usr/sbin/lvremove, /usr/sbin/lvs, /usr/sbin/vgdisplay, /usr/sbin/lvchange, /usr/sbin/lvscan, /usr/sbin/lvextend
 Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh
 Cmnd_Alias ONE_NET = /usr/sbin/ebtables, /usr/sbin/iptables, /usr/sbin/ip6tables, /usr/sbin/ipset, /usr/sbin/ip link *, /usr/sbin/ip tuntap *
diff --git a/share/pkgs/sudoers/debian/opennebula b/share/pkgs/sudoers/debian/opennebula
index aa4df211387..6c84d9ae3bb 100644
--- a/share/pkgs/sudoers/debian/opennebula
+++ b/share/pkgs/sudoers/debian/opennebula
@@ -3,7 +3,7 @@ Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin
 
 Cmnd_Alias ONE_CEPH = /usr/bin/rbd
 Cmnd_Alias ONE_FIRECRACKER = /usr/bin/jailer, /bin/mount, /usr/sbin/one-clean-firecracker-domain, /usr/sbin/one-prepare-firecracker-domain
-Cmnd_Alias ONE_HA = /bin/systemctl start opennebula-flow, /bin/systemctl stop opennebula-flow, /bin/systemctl start opennebula-gate, /bin/systemctl stop opennebula-gate, /bin/systemctl start opennebula-hem, /bin/systemctl stop opennebula-hem, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/sbin/service opennebula-hem start, /usr/sbin/service opennebula-hem stop, /usr/bin/arping, /sbin/ip address *
+Cmnd_Alias ONE_HA = /bin/systemctl start opennebula-flow, /bin/systemctl stop opennebula-flow, /bin/systemctl start opennebula-gate, /bin/systemctl stop opennebula-gate, /bin/systemctl start opennebula-hem, /bin/systemctl stop opennebula-hem, /bin/systemctl start opennebula-showback.timer, /bin/systemctl stop opennebula-showback.timer, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/sbin/service opennebula-hem start, /usr/sbin/service opennebula-hem stop, /usr/bin/arping, /sbin/ip address *
 Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvs, /sbin/vgdisplay, /sbin/lvchange, /sbin/lvscan, /sbin/lvextend
 Cmnd_Alias ONE_LXD = /snap/bin/lxc, /usr/bin/catfstab, /bin/mount, /bin/umount, /bin/mkdir, /bin/lsblk, /sbin/losetup, /sbin/kpartx, /usr/bin/qemu-nbd, /sbin/blkid, /sbin/e2fsck, /sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd, /usr/sbin/xfs_admin, /sbin/tune2fs
 Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh
diff --git a/share/sudoers/sudoers.rb b/share/sudoers/sudoers.rb
index 8a4b764ebcb..849ebd83711 100644
--- a/share/sudoers/sudoers.rb
+++ b/share/sudoers/sudoers.rb
@@ -49,6 +49,8 @@ def initialize(lib_location)
                 'systemctl stop opennebula-gate',
                 'systemctl start opennebula-hem',
                 'systemctl stop opennebula-hem',
+                'systemctl start opennebula-showback.timer',
+                'systemctl stop opennebula-showback.timer',
                 'service opennebula-flow start',
                 'service opennebula-flow stop',
                 'service opennebula-gate start',