diff --git a/roles/rke2/tasks/config_ccm.yml b/roles/rke2/tasks/config_ccm.yml
index c92bc4d252bc30581e7b318e8feac5095b49f6d8..cddcecff990cab6eed27decab08cb8e9e3e86d82 100644
--- a/roles/rke2/tasks/config_ccm.yml
+++ b/roles/rke2/tasks/config_ccm.yml
@@ -9,18 +9,22 @@
   retries: 10 # retry X times
   delay: 10 # pause for X sec b/w each call
 
-- name: add cloud.conf template for CCM
+- name: add cloud.conf from template for CCM
   template:
     src: cloud.conf.j2
     dest: /tmp/cloud.conf
 
 - name: create secrets for CCM
-  ansible.builtin.shell:
-    cmd: /var/lib/rancher/rke2/bin/kubectl create secret generic --namespace kube-system cloud-config --from-file=cloud.conf=/tmp/cloud.conf
+  ansible.builtin.command:
+    argv:
+      - /var/lib/rancher/rke2/bin/kubectl 
+      - create secret generic cloud-config
+      - --namespace kube-system
+      - --from-file=cloud.conf=/tmp/cloud.conf
   environment:
     KUBECONFIG: /etc/rancher/rke2/rke2.yaml
 
-- name: remove /tmp/cloud.conf on master
+- name: remove /tmp/cloud.conf
   ansible.builtin.file:
     path: /tmp/cloud.conf
     state: absent
\ No newline at end of file
diff --git a/roles/rke2/tasks/config_rke2.yml b/roles/rke2/tasks/config_rke2.yml
index 9b96930e1797743a991317a8873230370b70ed3e..6510b58bf39dc28ec1e994803f1b792fa3489cf1 100644
--- a/roles/rke2/tasks/config_rke2.yml
+++ b/roles/rke2/tasks/config_rke2.yml
@@ -1,21 +1,21 @@
-- name: slurp token
-  block:
-  - name: Load token
-    slurp:
-      src: "/var/lib/rancher/rke2/server/node-token"
-    register: slurped_token
-    ignore_errors: true
-    when: ('master' in group_names)
-  - name: Decode token and store as fact at dummy master_host with host variable
-    add_host:
-      name: "MASTER_HOST"
-      token: "{{ slurped_token.content | b64decode | trim }}"
-    when: ('master' in group_names)
-  - name: set token
-    delegate_to: localhost
-    set_fact:
-      token: "{{ hostvars['MASTER_HOST']['token'].split('server:')[1] }}"
-    when: slurped_token is defined and 'master' in group_names
+- name: Load token
+  slurp:
+    src: "/var/lib/rancher/rke2/server/node-token"
+  register: slurped_token
+  ignore_errors: true
+  when: ('master' in group_names)
+
+- name: Decode token and store as fact at dummy master_host with host variable
+  add_host:
+    name: "MASTER_HOST"
+    token: "{{ slurped_token.content | b64decode | trim }}"
+  when: ('master' in group_names)
+
+- name: set token
+  delegate_to: localhost
+  set_fact:
+    token: "{{ hostvars['MASTER_HOST']['token'].split('server:')[1] }}"
+  when: slurped_token is defined and 'master' in group_names
 
 - name: create token
   delegate_to: localhost