diff --git a/roles/rke2/tasks/fix_selinux.yml b/roles/rke2/tasks/fix_selinux.yml
index 8923c4e228594a159033514a62c957e817e49dad..7602e61bdd0a7ff259b456778b286ae0696026c7 100644
--- a/roles/rke2/tasks/fix_selinux.yml
+++ b/roles/rke2/tasks/fix_selinux.yml
@@ -3,9 +3,13 @@
 #    timeout: 30
 #  delegate_to: localhost
 
-#- name: kill the openstack ccm pods to make sure they boot in permissive mode
-#  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml rollout restart -n kube-system ds openstack-cloud-controller-manager "
-#  register: openstack_ccm_ready
+- name: make sure we re in permissive mode
+  shell: "setenforce 0 "
+  register: selinux_off
+
+- name: kill the openstack ccm pods to make sure they boot in permissive mode
+  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml rollout restart -n kube-system ds openstack-cloud-controller-manager "
+  register: openstack_ccm_ready
 #  until: openstack_ccm_ready.stdout
 #  retries: 2
 #  delay: 30
@@ -33,7 +37,7 @@
 #     - kube-scheduler
 
 - name: Wait for openstack-cloud-controller deamon set to be ready
-  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml wait --namespace=kube-system --for=condition=Ready pods --selector app=openstack-cloud-controller-manager --timeout=360s"
+  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml wait --namespace=kube-system --for=condition=Ready ds --selector app=openstack-cloud-controller-manager --timeout=360s"
   register: openstack_ccm_ready
   #until: openstack_ccm_ready.stdout
   #retries: 2