requirements.yml

 - src: https://gitlab.cyberbrain.pw/ansible/roles/essential
   scm: git
 
-- src: https://gitlab.cyberbrain.pw/ansible/roles/ucarp_systemd
-  scm: git
-
 - src: https://gitlab.cyberbrain.pw/ansible/roles/freeipa_le_ca
   scm: git
 
 - src: https://gitlab.cyberbrain.pw/ansible/roles/ssl_refresher
   scm: git
+
+- src: https://gitlab.cyberbrain.pw/ansible/roles/ucarp_systemd
+  scm: git
+
+- src: https://gitlab.cyberbrain.pw/ansible/roles/ucarp_systemd_dependency
+  scm: git

run.yml

@@ -19,20 +19,32 @@
   become: yes
   vars:
     - ssl_refresher_success: |
-        ipa-server-certinstall -w -d /opt/ssl/cert.pem /opt/ssl/privkey.pem --pin='' -p "{{ ipadm_password }}"
+        systemctl restart httpd
   roles:
     - ssl_refresher
 
-- name: Update IPA certs
+#- name: Bind ssl-refresher certs
+#  hosts: ipaserver:ipareplicas
+#  become: yes
+#  tasks:
+#    - ssl_refresher
+
+- name: Install ucarp with dependencies
   hosts: ipaserver:ipareplicas
   become: yes
-  tasks:
-    - name: Update IPA certs
-      ansible.builtin.shell: ipa-certupdate
-      changed_when: False
+  roles:
+    - { role: ucarp_systemd_dependency, ucarp_dependency: "httpd" }
+    - { role: ucarp_systemd_dependency, ucarp_dependency: "krb5kdc" }
+    - { role: ucarp_systemd_dependency, ucarp_dependency: "named-pkcs11" }
 
-- name: Install ucarp
-  hosts: ipaserver:ipareplicas
+- name: Add ucarp dependencies on server
+  hosts: ipaserver
+  become: yes
+  roles:
+    - { role: ucarp_systemd_dependency, ucarp_dependency: "dirsrv@{{ ipaserver_realm }}" }
+
+- name: Add ucarp dependencies on replicas
+  hosts: ipareplicas
   become: yes
   roles:
-    - ucarp_systemd
+    - { role: ucarp_systemd_dependency, ucarp_dependency: "dirsrv@{{ ipareplicas_realm }}" }