diff --git a/roles/ipaclient/vars/CentOS-7.yml b/roles/ipaclient/vars/CentOS-7.yml
new file mode 100644
index 0000000000000000000000000000000000000000..51ab7bfce86b6e0e81cfca4fb9d616936e18cd83
--- /dev/null
+++ b/roles/ipaclient/vars/CentOS-7.yml
@@ -0,0 +1,4 @@
+# defaults file for ipaclient
+# vars/rhel.yml
+ipaclient_packages: [ "ipa-client", "libselinux-python" ]
+#ansible_python_interpreter: '/usr/bin/python2'
diff --git a/roles/ipareplica/vars/CentOS-7.yml b/roles/ipareplica/vars/CentOS-7.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2baa874fc8f1f759ddf2e462aa0341356b15be86
--- /dev/null
+++ b/roles/ipareplica/vars/CentOS-7.yml
@@ -0,0 +1,5 @@
+# defaults file for ipareplica
+# vars/RedHat-7.yml
+ipareplica_packages: [ "ipa-server", "libselinux-python" ]
+ipareplica_packages_dns: [ "ipa-server-dns" ]
+ipareplica_packages_adtrust: [ "ipa-server-trust-ad" ]
\ No newline at end of file
diff --git a/roles/ipaserver/library/ipaserver_setup_ca.py b/roles/ipaserver/library/ipaserver_setup_ca.py
index c1615471bc987b65d4d3053125ad775f710987f9..ed1bd41f9f6c29b78cca687dc343d9faa7c5fe5b 100644
--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -188,7 +188,7 @@ def main():
     # setup CA ##############################################################
 
     with redirect_stdout(ansible_log):
-        if NUM_VERSION >= 40604:
+        if NUM_VERSION >= 40504:
             custodia = custodiainstance.get_custodia_instance(
                 options, custodiainstance.CustodiaModes.MASTER_PEER)
             custodia.create_instance()
@@ -200,7 +200,7 @@ def main():
                               if n in options.__dict__}
                 write_cache(cache_vars)
 
-            if NUM_VERSION >= 40604:
+            if NUM_VERSION >= 40504:
                 ca.install_step_0(False, None, options, custodia=custodia)
             else:
                 ca.install_step_0(False, None, options)
@@ -225,7 +225,7 @@ def main():
 
         if options.setup_ca:
             with redirect_stdout(ansible_log):
-                if NUM_VERSION >= 40604:
+                if NUM_VERSION >= 40504:
                     ca.install_step_1(False, None, options, custodia=custodia)
                 else:
                     ca.install_step_1(False, None, options)
diff --git a/roles/ipaserver/library/ipaserver_setup_kra.py b/roles/ipaserver/library/ipaserver_setup_kra.py
index 2982a73c09356d9bd2a0a50240eef5c32b7946b9..2ae0544d7bf9e65133384d2f6e142432e3b67014 100644
--- a/roles/ipaserver/library/ipaserver_setup_kra.py
+++ b/roles/ipaserver/library/ipaserver_setup_kra.py
@@ -57,6 +57,7 @@ def main():
             hostname=dict(required=True),
             setup_ca=dict(required=True, type='bool'),
             setup_kra=dict(required=True, type='bool'),
+            realm=dict(required=True),
         ),
     )
 
@@ -69,6 +70,8 @@ def main():
     options.host_name = ansible_module.params.get('hostname')
     options.setup_ca = ansible_module.params.get('setup_ca')
     options.setup_kra = ansible_module.params.get('setup_kra')
+    options.realm_name = ansible_module.params.get('realm')
+    options.promote = False  # first master, no promotion
 
     # init ##########################################################
 
@@ -80,7 +83,7 @@ def main():
     # setup kra #####################################################
 
     with redirect_stdout(ansible_log):
-        if NUM_VERSION >= 40604:
+        if NUM_VERSION >= 40504:
             custodia = custodiainstance.get_custodia_instance(
                 options, custodiainstance.CustodiaModes.MASTER_PEER)
             custodia.create_instance()
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index d88f7994b6768a3b288b1ec90cd129b1c5284147..0b6f519a3985cd7ee220859c18e763f2df87a071 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -287,6 +287,7 @@
       setup_ca: "{{ result_ipaserver_test.setup_ca }}"
       dm_password: "{{ ipadm_password }}"
       setup_kra: "{{ result_ipaserver_test.setup_kra }}"
+      realm: "{{ result_ipaserver_test.realm }}"
     when: result_ipaserver_test.setup_kra | bool
 
   - name: Install - Setup DNS
diff --git a/roles/ipaserver/vars/CentOS-7.yml b/roles/ipaserver/vars/CentOS-7.yml
new file mode 100644
index 0000000000000000000000000000000000000000..079b719c0b95d50a1d844cd2ef5db058299004a9
--- /dev/null
+++ b/roles/ipaserver/vars/CentOS-7.yml
@@ -0,0 +1,5 @@
+# defaults file for ipaserver
+# vars/rhel.yml
+ipaserver_packages: [ "ipa-server", "libselinux-python" ]
+ipaserver_packages_dns: [ "ipa-server-dns" ]
+ipaserver_packages_adtrust: [ "ipa-server-trust-ad" ]
\ No newline at end of file