diff --git a/tripleo_ansible/roles/tripleo-podman/defaults/main.yml b/tripleo_ansible/roles/tripleo-podman/defaults/main.yml
index 4e49573c6..a93eec532 100644
--- a/tripleo_ansible/roles/tripleo-podman/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo-podman/defaults/main.yml
@@ -24,3 +24,4 @@ tripleo_podman_packages: "{{ _tripleo_podman_packages | default([]) }}"
 tripleo_podman_purge_packages: "{{ _tripleo_podman_purge_packages | default([]) }}"
 tripleo_podman_tls_verify: true
 tripleo_podman_debug: false
+tripleo_podman_buildah_login: false
diff --git a/tripleo_ansible/roles/tripleo-podman/molecule/login/playbook.yml b/tripleo_ansible/roles/tripleo-podman/molecule/login/playbook.yml
index 7191fe04d..b98b48464 100644
--- a/tripleo_ansible/roles/tripleo-podman/molecule/login/playbook.yml
+++ b/tripleo_ansible/roles/tripleo-podman/molecule/login/playbook.yml
@@ -18,6 +18,7 @@
 - name: Converge
   hosts: all
   vars:
+    tripleo_podman_buildah_login: true
     tripleo_podman_tls_verify: false
     tripleo_container_registry_logins:
       localhost:5000:
@@ -26,3 +27,6 @@
     - include_role:
         name: tripleo-podman
         tasks_from: tripleo_podman_login.yml
+    - include_role:
+        name: tripleo-podman
+        tasks_from: tripleo_podman_buildah_login.yml
diff --git a/tripleo_ansible/roles/tripleo-podman/tasks/main.yml b/tripleo_ansible/roles/tripleo-podman/tasks/main.yml
index a5e5c1ae1..541a083c4 100644
--- a/tripleo_ansible/roles/tripleo-podman/tasks/main.yml
+++ b/tripleo_ansible/roles/tripleo-podman/tasks/main.yml
@@ -52,3 +52,10 @@
   when:
     - tripleo_container_registry_login | bool
     - tripleo_container_registry_logins
+
+- name: Buildah setup
+  import_tasks: tripleo_podman_buildah_login.yml
+  when:
+    - tripleo_podman_buildah_login | bool
+    - tripleo_container_registry_login | bool
+    - tripleo_container_registry_logins
diff --git a/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_buildah_login.yml b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_buildah_login.yml
new file mode 100644
index 000000000..aad06ac1d
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_buildah_login.yml
@@ -0,0 +1,37 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: ensure buildah is installed
+  become: true
+  package:
+    name: "buildah"
+    state: latest
+
+- name: Perform container registry login(s) with buildah
+  become: true
+  shell: |-
+    buildah login --username=$REGISTRY_USERNAME \
+                  --password=$REGISTRY_PASSWORD \
+                  --tls-verify={{ tripleo_podman_tls_verify }} \
+                  $REGISTRY
+  environment:
+    REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}"
+    REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}"
+    REGISTRY: "{{ item.key }}"
+  no_log: "{{ not tripleo_podman_debug|bool }}"
+  loop: "{{ query('dict', tripleo_container_registry_logins) }}"
+  register: registry_login_buildah
diff --git a/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_login.yml b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_login.yml
index b68326650..c2a020e18 100644
--- a/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_login.yml
+++ b/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_login.yml
@@ -29,18 +29,3 @@
   no_log: "{{ not tripleo_podman_debug|bool }}"
   loop: "{{ query('dict', tripleo_container_registry_logins) }}"
   register: registry_login_podman
-
-- name: Perform container registry login(s) with buildah
-  become: true
-  shell: |-
-    buildah login --username=$REGISTRY_USERNAME \
-                  --password=$REGISTRY_PASSWORD \
-                  --tls-verify={{ tripleo_podman_tls_verify }} \
-                  $REGISTRY
-  environment:
-    REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}"
-    REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}"
-    REGISTRY: "{{ item.key }}"
-  no_log: "{{ not tripleo_podman_debug|bool }}"
-  loop: "{{ query('dict', tripleo_container_registry_logins) }}"
-  register: registry_login_buildah
diff --git a/tripleo_ansible/roles/tripleo-podman/vars/redhat.yml b/tripleo_ansible/roles/tripleo-podman/vars/redhat.yml
index 69f9d8525..e6aa4de8a 100644
--- a/tripleo_ansible/roles/tripleo-podman/vars/redhat.yml
+++ b/tripleo_ansible/roles/tripleo-podman/vars/redhat.yml
@@ -17,7 +17,6 @@
 
 _tripleo_podman_packages:
   - podman
-  - buildah
 
 _tripleo_podman_purge_packages:
   - docker