diff --git a/roles/ipaserver/library/ipaserver_setup_ca.py b/roles/ipaserver/library/ipaserver_setup_ca.py
index c1615471bc987b65d4d3053125ad775f710987f9..ed1bd41f9f6c29b78cca687dc343d9faa7c5fe5b 100644
--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -188,7 +188,7 @@ def main():
     # setup CA ##############################################################
 
     with redirect_stdout(ansible_log):
-        if NUM_VERSION >= 40604:
+        if NUM_VERSION >= 40504:
             custodia = custodiainstance.get_custodia_instance(
                 options, custodiainstance.CustodiaModes.MASTER_PEER)
             custodia.create_instance()
@@ -200,7 +200,7 @@ def main():
                               if n in options.__dict__}
                 write_cache(cache_vars)
 
-            if NUM_VERSION >= 40604:
+            if NUM_VERSION >= 40504:
                 ca.install_step_0(False, None, options, custodia=custodia)
             else:
                 ca.install_step_0(False, None, options)
@@ -225,7 +225,7 @@ def main():
 
         if options.setup_ca:
             with redirect_stdout(ansible_log):
-                if NUM_VERSION >= 40604:
+                if NUM_VERSION >= 40504:
                     ca.install_step_1(False, None, options, custodia=custodia)
                 else:
                     ca.install_step_1(False, None, options)
diff --git a/roles/ipaserver/library/ipaserver_setup_kra.py b/roles/ipaserver/library/ipaserver_setup_kra.py
index 2982a73c09356d9bd2a0a50240eef5c32b7946b9..2ae0544d7bf9e65133384d2f6e142432e3b67014 100644
--- a/roles/ipaserver/library/ipaserver_setup_kra.py
+++ b/roles/ipaserver/library/ipaserver_setup_kra.py
@@ -57,6 +57,7 @@ def main():
             hostname=dict(required=True),
             setup_ca=dict(required=True, type='bool'),
             setup_kra=dict(required=True, type='bool'),
+            realm=dict(required=True),
         ),
     )
 
@@ -69,6 +70,8 @@ def main():
     options.host_name = ansible_module.params.get('hostname')
     options.setup_ca = ansible_module.params.get('setup_ca')
     options.setup_kra = ansible_module.params.get('setup_kra')
+    options.realm_name = ansible_module.params.get('realm')
+    options.promote = False  # first master, no promotion
 
     # init ##########################################################
 
@@ -80,7 +83,7 @@ def main():
     # setup kra #####################################################
 
     with redirect_stdout(ansible_log):
-        if NUM_VERSION >= 40604:
+        if NUM_VERSION >= 40504:
             custodia = custodiainstance.get_custodia_instance(
                 options, custodiainstance.CustodiaModes.MASTER_PEER)
             custodia.create_instance()