diff --git a/cmd/hepto/root.go b/cmd/hepto/root.go
index e8c6bb5c81ddc05d5ea94bebb49f07c0e9fab430..b50e8b09bb09f44814509331447babb83edb4e3a 100644
--- a/cmd/hepto/root.go
+++ b/cmd/hepto/root.go
@@ -32,14 +32,9 @@ var rootCmd = &cobra.Command{
 func run() {
 	config.Node.IP = waitForIP()
 	logrus.Debug("current IP is ", config.Node.IP.String())
-	c, err := cluster.New(&config.Cluster, &config.Node)
-	if err != nil {
-		logrus.Fatal(err)
-	}
-	err = c.Run()
-	if err != nil {
-		logrus.Fatal(err)
-	}
+	c := cluster.New(&config.Cluster, &config.Node)
+	c.Init()
+	c.Run()
 }
 
 // Run ourselves inside a container
diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go
index e7b83d426f035aa5f7f7c921b64305bb305a9db0..4e4902cfc5924e82cc23ec4ef354c4f8f1fd89fc 100644
--- a/pkg/cluster/cluster.go
+++ b/pkg/cluster/cluster.go
@@ -22,59 +22,58 @@ type Cluster struct {
 	services    *ClusterServices
 }
 
-func New(settings *ClusterSettings, node *NodeSettings) (*Cluster, error) {
-	c := &Cluster{
+func New(settings *ClusterSettings, node *NodeSettings) *Cluster {
+	return &Cluster{
 		settings:   settings,
 		node:       node,
 		networking: NewClusterNetworking(settings.Name, node.Name),
+		ml:         sml.New[HeptoMeta, HeptoState](node.Name, node.IP, node.Port, node.Anchors, settings.Key),
+		pki:        &ClusterPKI{},
+		services:   NewClusterServices(),
 	}
-	// Prepare memberlist
-	c.ml = sml.New[HeptoMeta, HeptoState](node.Name, node.IP, node.Port, node.Anchors, settings.Key)
+}
+
+func (c *Cluster) Init() {
 	// Prepare wireguard
 	vpn, err := wg.New("wg0", 7124, c.networking.NodeAddress.IPNet())
 	if err != nil {
-		return nil, err
+		logrus.Fatal("could not initialize wireguard: ", err)
 	}
 	c.vpn = vpn
-	// Initialize cluster PKI and local keys
-	if node.Role == Master {
+	c.ml.Meta.VpnKey = vpn.PubKey.String()
+	// Prepare the cluster PKI
+	if c.node.Role == Master {
 		pki, err := NewClusterPKI("pki")
 		if err != nil {
-			return nil, err
+			logrus.Fatal("could not initialize pki: ", err)
 		}
 		masterCerts, err := NewMasterCerts("master", c.networking.NodeAddress.IP)
 		if err != nil {
-			return nil, err
+			logrus.Fatal("could not initialize master certs: ", err)
 		}
 		c.pki = pki
 		c.masterCerts = masterCerts
-	} else {
-		c.pki = &ClusterPKI{}
 	}
-	certs, err := NewNodeCerts("certs", node.Name)
+	c.ml.State.PKI = c.pki
+	// Initialize node certificates
+	certs, err := NewNodeCerts("certs", c.node.Name)
 	if err != nil {
-		return nil, err
+		logrus.Fatal("could not initialize node certificates: ", err)
 	}
 	c.certs = certs
-	// Initialize node meta
-	c.ml.Meta.VpnKey = vpn.PubKey.String()
-	c.ml.Meta.Role = string(node.Role)
-	// Initialize cluster state
-	c.ml.State.PKI = c.pki
 	c.ml.State.Certificates = make(map[string]*NodeCerts)
-	c.ml.State.Certificates[node.Name] = certs
-	// Initialize cluster services
-	c.services = NewClusterServices()
-	return c, nil
+	c.ml.State.Certificates[c.node.Name] = certs
+	// Additional meta
+	c.ml.Meta.Role = string(c.node.Role)
 }
 
-func (c *Cluster) Run() error {
+func (c *Cluster) Run() {
 	events := c.ml.Events()
 	err := c.ml.Start()
 	instr := c.ml.Instr()
 	instrUpdates := instr.Updates()
 	if err != nil {
-		return err
+		logrus.Fatal("could not start memberlist: ", err)
 	}
 	go c.ml.Run()
 	for {
@@ -112,8 +111,7 @@ func (c *Cluster) updateVPN() {
 		peerAddr := c.networking.NodeNet.DeriveAddress(node.Name).IP
 		peer, err := c.vpn.MakePeer(node.Addr, meta.VpnKey, peerAddr, []net.IPNet{})
 		if err != nil {
-			logrus.Debug("cannot setup VPN with node ", node.Name)
-			logrus.Debug(err)
+			logrus.Warn("cannot setup VPN with node ", node.Name, ": ", err)
 			continue
 		}
 		peers = append(peers, peer)