diff --git a/roles/rke2/tasks/config_rke2.yml b/roles/rke2/tasks/config_rke2.yml
index 9861b0eb9728f4ed8110bec8a1cd0f9b5917dcf2..3deb552faa39272b140f796fd1969fc79998d2c3 100644
--- a/roles/rke2/tasks/config_rke2.yml
+++ b/roles/rke2/tasks/config_rke2.yml
@@ -1,34 +1,28 @@
+- name: slurp token
+  when: ('master' in group_names)
+  block:
+  - name: Load token
+    slurp:
+      src: "/var/lib/rancher/rke2/server/node-token"
+    register: slurped_token
+    ignore_errors: true
+  - name: Decode token and store as fact at dummy master_host with host variable
+    add_host:
+      name: "MASTER_HOST"
+      token: "{{ slurped_token.content | b64decode | trim }}"
+    when: slurped_token is defined
+  - name: set token
+    delegate_to: localhost
+    set_fact:
+      token: "{{ hostvars['MASTER_HOST']['token'].split('server:')[1] }}"
+    when: slurped_token is defined
+
 - name: create token
   delegate_to: localhost
   run_once: true
   set_fact:
     token: "{{ lookup('community.general.random_string', length=129, special=False) }}"
-  when: (not upgrade) and (token is not defined) 
-  #when: token is not defined
-
-- name: ensure inventory folders
-  delegate_to: localhost
-  become: true
-  run_once: false
-  file:
-    path: "{{ item }}"
-    state: directory
-  loop:
-    - group_vars
-    - group_vars/all
-
-- name: store token
-  delegate_to: localhost
-  become: false
-  run_once: true
-  copy:
-    dest: group_vars/all/token.yml
-    content: |-
-      token: {{ token }}
-  when: not upgrade  #TODO ask Thomas the magic logic here
-
-- name: read token
-  include_vars: group_vars/all/token.yml
+  when: token is not defined
 
 - name: copy rke2 config
   template: