diff --git a/roles/rke2/tasks/fix_selinux.yml b/roles/rke2/tasks/fix_selinux.yml
index 0d8c76b23d6fbf6681afcf0a98734f713524ecec..a5217d1fe0a44f4692aeb0235dce6fe495bb0091 100644
--- a/roles/rke2/tasks/fix_selinux.yml
+++ b/roles/rke2/tasks/fix_selinux.yml
@@ -52,4 +52,14 @@
       - setroubleshoot      
       - python3-libselinux
       - policycoreutils-python-utils
-    state: absent
\ No newline at end of file
+    state: absent
+#rancher    40814  0.1  0.3 751524 58892 ?        Ssl  05:02   0:16 /bin/openstack-cloud-controller-manager --v=2 --cloud-config=/etc/config/cloud.conf --cluster-name=kubernetes --cloud-provider=openstack --use-service-account-credentials=true --controllers=cloud-node,cloud-node-lifecycle,route,service --bind-address=127.0.0.1 --cluster-name=rke2-cluster-beta
+
+- name: wait for openstack-cloud-controller to have booted (very indirect and stupid method)
+  wait_for:
+    path:  /var/lib/kubelet/pods/*/containers/rke2-ingress-nginx-controller
+
+- name: Enable SELinux
+  selinux:
+    policy: targeted
+    state: enforcing
\ No newline at end of file
diff --git a/roles/rke2/tasks/setup_host.yml b/roles/rke2/tasks/setup_host.yml
index e1e7e15a2e49145d5e590fa82b0a7388bc0151c5..db99315d6305027b09021c8e4f62459d2b8d2810 100644
--- a/roles/rke2/tasks/setup_host.yml
+++ b/roles/rke2/tasks/setup_host.yml
@@ -69,44 +69,20 @@
 - name: Enable SELinux
   selinux:
     policy: targeted
-    #state: permissive
-    state: enforcing
+    state: permissive
+    #state: enforcing
 
 
 #Download the mozilla root CA into the right directory, and update the trust chain
-- name: Download root CA
-  get_url:
-    url: https://curl.se/ca/cacert.pem
-    dest: /etc/ssl/certs
+#- name: Download root CA
+#  get_url:
+#    url: https://curl.se/ca/cacert.pem
+#    dest: /etc/ssl/certs
 
-- name: Update CA trust
-  shell: update-ca-trust
+#- name: Update CA trust
+#  shell: update-ca-trust
 
 
-
-#yes, I know....
-#- name: Copy SELinux Policies- Master
-#  template:
-#    src: ../selinux/my-openstackcloud-mgmt.pp
-#    dest: /etc/selinux/targeted/policy/my-openstackcloud.pp
-#  when: "'master' in group_names"
-
-#- name: Copy SELinux Policies - Server 1
-#  template:
-#    src: ../selinux/my-openstackcloud-server1.pp
-#    dest: /etc/selinux/targeted/policy/my-openstackcloud.pp
-#  when: inventory_hostname=="k8s-server-001"  
-
-#- name: Copy SELinux Policies - Server 2
-#  template:
-#    src: ../selinux/my-openstackcloud-server2.pp
-#    dest: /etc/selinux/targeted/policy/my-openstackcloud.pp
-#  when: inventory_hostname=="k8s-server-002" 
-
-#- name: Activate SELinux Policies Exceptions on ControlPlane
-#  shell: semodule -i /etc/selinux/targeted/policy/my-openstackcloud.pp 
-#  when: "'control-plane' in group_names"
-
 - name: Ensure /var/lib/rancher/rke2/server/manifests
   file:
     path: /var/lib/rancher/rke2/server/manifests
@@ -118,12 +94,6 @@
     path: /etc/rancher/rke2
     state: directory
     recurse: yes
-#TODO needs to be rewritten for dnf
-#- name: update package cache
-#  apt:
-#    update_cache: yes
-#  when: dist_upgrade
-
 
 #- name: upgrade packages
 #  apt: