diff --git a/roles/ipaserver/library/ipaserver_setup_ca.py b/roles/ipaserver/library/ipaserver_setup_ca.py
index ffe214c6995b40e1cdbd1b925e31784f03b76f50..bb80a4c75acf879b77012a1fbc5b4e9845871875 100644
--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -189,8 +189,11 @@ def main():
 
     with redirect_stdout(ansible_log):
         if hasattr(custodiainstance, "get_custodia_instance"):
-            custodia = custodiainstance.get_custodia_instance(
-                options, custodiainstance.CustodiaModes.MASTER_PEER)
+            if hasattr(custodiainstance.CustodiaModes, "FIRST_MASTER"):
+                mode = custodiainstance.CustodiaModes.FIRST_MASTER
+            else:
+                mode = custodiainstance.CustodiaModes.MASTER_PEER
+            custodia = custodiainstance.get_custodia_instance(options, mode)
             custodia.create_instance()
 
         if options.setup_ca:
diff --git a/roles/ipaserver/library/ipaserver_setup_custodia.py b/roles/ipaserver/library/ipaserver_setup_custodia.py
index 2ab04a26dd28a35ec1760e61c8c58f81ccdafb65..1dc34e8e42aa51010be910a14245b4e2efb7e46d 100644
--- a/roles/ipaserver/library/ipaserver_setup_custodia.py
+++ b/roles/ipaserver/library/ipaserver_setup_custodia.py
@@ -79,8 +79,15 @@ def main():
 
     # setup custodia ########################################################
 
-    custodia = custodiainstance.CustodiaInstance(options.host_name,
-                                                 options.realm_name)
+    if hasattr(custodiainstance, "get_custodia_instance"):
+        if hasattr(custodiainstance.CustodiaModes, "FIRST_MASTER"):
+            mode = custodiainstance.CustodiaModes.FIRST_MASTER
+        else:
+            mode = custodiainstance.CustodiaModes.MASTER_PEER
+        custodia = custodiainstance.get_custodia_instance(options, mode)
+    else:
+        custodia = custodiainstance.CustodiaInstance(options.host_name,
+                                                     options.realm_name)
     custodia.set_output(ansible_log)
     with redirect_stdout(ansible_log):
         custodia.create_instance()
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index 0b6f519a3985cd7ee220859c18e763f2df87a071..bc6999a03d7ea65289670e848b81d59eecce9103 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -206,6 +206,12 @@
       idmax: "{{ result_ipaserver_test.idmax }}"
       _pkinit_pkcs12_info: "{{ result_ipaserver_test._pkinit_pkcs12_info }}"
 
+  - name: Install - Setup custodia
+    ipaserver_setup_custodia:
+      realm: "{{ result_ipaserver_test.realm }}"
+      hostname: "{{ result_ipaserver_test.hostname }}"
+      setup_ca: "{{ result_ipaserver_test.setup_ca }}"
+
   - name: Install - Setup CA
     ipaserver_setup_ca:
       dm_password: "{{ ipadm_password }}"
@@ -245,12 +251,6 @@
       hostname: "{{ result_ipaserver_test.hostname }}"
       setup_ca: "{{ result_ipaserver_test.setup_ca }}"
 
-  - name: Install - Setup custodia
-    ipaserver_setup_custodia:
-      realm: "{{ result_ipaserver_test.realm }}"
-      hostname: "{{ result_ipaserver_test.hostname }}"
-      setup_ca: "{{ result_ipaserver_test.setup_ca }}"
-
   - name: Install - Setup HTTP
     ipaserver_setup_http:
       dm_password: "{{ ipadm_password }}"