diff --git a/roles/rke2/tasks/fix_selinux.yml b/roles/rke2/tasks/fix_selinux.yml
deleted file mode 100644
index 84de715de53b0ccf4f0d6e9067b41144839e637a..0000000000000000000000000000000000000000
--- a/roles/rke2/tasks/fix_selinux.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-
-- name: make sure we re in permissive mode
-  shell: "setenforce 0 "
-  register: selinux_off
-
-- name: Update CA trust
-  shell: update-ca-trust
-
-#- name: kill the openstack ccm pods to make sure they boot in permissive mode
-#  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml rollout restart -n kube-system ds openstack-cloud-controller-manager "
-#  register: openstack_ccm_restart
-#  when: ( 'master' in group_names )
-#  ignore_errors: True
-
-- name: Wait for openstack-cloud-controller deamon set to be ready
-  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml wait --namespace=kube-system --for=condition=Ready pods --selector app=openstack-cloud-controller-manager --timeout=60s"
-  register: openstack_ccm_ready
-  when: ('master' in group_names)
-  ignore_errors: True
-
-
-- debug: var=openstack_ccm_ready.stdout_lines
-- name: Wait for 60 sec, desperate measures
-  shell: " sleep 60"
-  
-#- name: Wait for openstack-cloud-controller deamon set to be ready
-#  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml wait --namespace=kube-system --for=condition=Ready ds openstack-cloud-controller-manager --timeout=120s"
-#  register: openstack_ccm_ready
-#  when: not upgrade
-#  ignore_errors: True
-
-# - name: Wait till the Object is created
-#   kubernetes.core.k8s_info:
-#     kind: Pod
-#     wait: yes
-#     name: pod-not-yet-created
-#     namespace: default
-#     wait_sleep: 10
-#     wait_timeout: 360
-
-- name: Enable SELinux
-  selinux:
-    policy: targeted
-    state: enforcing
\ No newline at end of file
diff --git a/roles/rke2/tasks/kubeconfig.yml b/roles/rke2/tasks/kubeconfig.yml
index 72b769bdff81750efef9664870298d919f302f2a..2d19b94d2dd043639c857a74743d5d150f632cb7 100644
--- a/roles/rke2/tasks/kubeconfig.yml
+++ b/roles/rke2/tasks/kubeconfig.yml
@@ -10,24 +10,24 @@
   when:  ( 'master' in group_names )
 #  notify:
 #  - wait for RANCHER to come up
-# - name: start rke2 on the servers
-#   ansible.builtin.systemd:
-#     name: "rke2-{{ node_type }}"
-#     enabled: yes
-#     masked: no
-#     state: started
-#     daemon_reload: yes
-#   ignore_errors: True
-# #  when:  ( 'servers' in group_names )
+- name: start rke2 on the servers
+  ansible.builtin.systemd:
+    name: "rke2-{{ node_type }}"
+    enabled: yes
+    masked: no
+    state: started
+    daemon_reload: yes
+  ignore_errors: True
+#  when:  ( 'servers' in group_names )
 
-# - name: start rke2 everywhere
-#   ansible.builtin.systemd:
-#     name: "rke2-{{ node_type }}"
-#     enabled: yes
-#     masked: no
-#     state: started
-#     daemon_reload: yes
-#   ignore_errors: True
+- name: start rke2 everywhere
+  ansible.builtin.systemd:
+    name: "rke2-{{ node_type }}"
+    enabled: yes
+    masked: no
+    state: started
+    daemon_reload: yes
+  ignore_errors: True
 
 - name: wait for kubeconfig
   wait_for:
diff --git a/roles/rke2/tasks/main.yml b/roles/rke2/tasks/main.yml
index 28c947a4a1278ea82aa809ca7f1776f5f645f399..c287eaeec66642f1f319c86bc7c520b1eb120c3a 100644
--- a/roles/rke2/tasks/main.yml
+++ b/roles/rke2/tasks/main.yml
@@ -19,14 +19,6 @@
 - include_tasks: kubeconfig.yml
   when: state != 'absent' and 'master' in group_names 
 
-# Flush the handlers only for fresh installs
-#- name: Flush handlers
-#  meta: flush_handlers
-
-  
-#This task runs only after the full installer went through and had a bit of time to boot, then starts to enforce SELinux
-#- include_tasks: fix_selinux.yml
-#  when: state != 'absent' and 'control-plane' in group_names
 
 - name: uninstall rke2
   command: rke2-uninstall.sh
diff --git a/roles/rke2/tasks/setup_host.yml b/roles/rke2/tasks/setup_host.yml
index 8bd536bec251422d0ef9a6887c4505524b013add..16d8ca70a6c91fbf810dc39c222ec753d02c49f5 100644
--- a/roles/rke2/tasks/setup_host.yml
+++ b/roles/rke2/tasks/setup_host.yml
@@ -13,13 +13,13 @@
     /usr/sbin/pvresize -y -q /dev/vda2 
     /usr/sbin/lvresize -y -q -r -l +100%FREE /dev/mapper/*root 
 
-# - name: Upgrade to latest kernel
-#   shell: |
-#     dnf upgrade -y 
-#     dnf updateinfo list --security --available
-#     dnf install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm --assumeyes
-#     dnf --enablerepo=elrepo-kernel install kernel-ml --assumeyes
-#     touch /.autorelabel
+- name: Upgrade to latest kernel
+  shell: |
+    dnf upgrade -y 
+    dnf updateinfo list --security --available
+    dnf install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm --assumeyes
+    dnf --enablerepo=elrepo-kernel install kernel-ml --assumeyes
+    touch /.autorelabel
     
 - name: install RHEL packages
   dnf:
@@ -71,10 +71,10 @@
     name: etcd
     group: etcd
 
-# - name: Reboot but not on upgrades, so kernel updates only install at initial runs 
-#   ansible.builtin.reboot:
-#     reboot_timeout: 3600
-#   when: ( not upgrade ) 
+- name: Reboot but not on upgrades, so kernel updates only install at initial runs 
+  ansible.builtin.reboot:
+    reboot_timeout: 3600
+  when: ( not upgrade ) 
 
 
 - name: Disable SELinux