diff --git a/common/container_startup_configs_tasks.yaml b/common/container_startup_configs_tasks.yaml
index 6f04c36ca9..a7a90fcb55 100644
--- a/common/container_startup_configs_tasks.yaml
+++ b/common/container_startup_configs_tasks.yaml
@@ -3,6 +3,7 @@
 # TODO(emilien) convert this whole task in a module
 # https://bugs.launchpad.net/tripleo/+bug/1884577
 - name: "Remove old {{ item.0 }} container startup configs"
+  become: true
   file:
     path: "/var/lib/tripleo-config/container-startup-config/{{ item.0 }}"
     state: absent
@@ -15,6 +16,7 @@
     setype: container_file_t
 
 - name: "Creating container startup configs for {{ item.0 }}"
+  become: true
   copy:
     content: "{{ startup_data.value | to_nice_json }}"
     dest: "/var/lib/tripleo-config/container-startup-config/{{ item.0 }}/{{ startup_data.key }}.json"
diff --git a/common/deploy-steps-playbooks-common.yaml b/common/deploy-steps-playbooks-common.yaml
index 93bbcbb4e9..60e74acc8f 100644
--- a/common/deploy-steps-playbooks-common.yaml
+++ b/common/deploy-steps-playbooks-common.yaml
@@ -28,6 +28,7 @@
 
 - hosts: "{{ deploy_target_host }}"
   name: Ensure /var/lib/config-data context
+  become: true
   gather_facts: false
   any_errors_fatal: yes
   tasks:
diff --git a/common/deploy-steps-tasks-step-0.j2.yaml b/common/deploy-steps-tasks-step-0.j2.yaml
index 71ce7848fa..3634eb4626 100644
--- a/common/deploy-steps-tasks-step-0.j2.yaml
+++ b/common/deploy-steps-tasks-step-0.j2.yaml
@@ -5,11 +5,14 @@
     msg: Use --start-at-task 'Deploy step tasks for step 0' to resume from this task
   when: "tripleo_minor_update is not defined or tripleo_minor_update != 'true'"
 - name: Ensure /var/log/journal exists
+  become: true
   file: path=/var/log/journal state=directory mode=0750 owner=root group=root setype=var_log_t
 - name: Create /var/lib/container-puppet
+  become: true
   no_log: True
   file: path=/var/lib/container-puppet state=directory setype=container_file_t selevel=s0 recurse=true
 - name: Write container-puppet.sh
+  become: true
   no_log: True
   copy: src=container_puppet_script.yaml dest=/var/lib/container-puppet/container-puppet.sh force=yes mode=0755 setype=container_file_t
 
diff --git a/common/deploy-steps-tasks-step-1.yaml b/common/deploy-steps-tasks-step-1.yaml
index f167f2f488..0a1895c382 100644
--- a/common/deploy-steps-tasks-step-1.yaml
+++ b/common/deploy-steps-tasks-step-1.yaml
@@ -1,4 +1,5 @@
 - name: Create and ensure setype for /var/log/containers directory
+  become: true
   file:
     path: /var/log/containers
     state: directory
@@ -9,6 +10,7 @@
     - host_config
 
 - name: Create ContainerLogStdoutPath directory
+  become: true
   file:
     path: "{{ container_log_stdout_path }}"
     state: directory
@@ -17,6 +19,7 @@
     - host_config
 
 - name: Create /var/lib/tripleo-config directory
+  become: true
   file:
     path: /var/lib/tripleo-config
     state: directory
@@ -31,6 +34,7 @@
     - container_startup_configs
 
 - name: Delete existing /var/lib/tripleo-config/check-mode directory for check mode
+  become: true
   file:
     path: /var/lib/tripleo-config/check-mode
     state: absent
@@ -45,6 +49,7 @@
   check_mode: no
 
 - name: Create /var/lib/tripleo-config/check-mode directory for check mode
+  become: true
   file:
     path: /var/lib/tripleo-config/check-mode
     state: directory
@@ -63,6 +68,7 @@
 
 # Puppet manifest for baremetal host configuration
 - name: Write the puppet step_config manifest
+  become: true
   no_log: True
   copy:
     content: "{{ lookup('file', tripleo_role_name + '/step_config.pp', errors='ignore') | default('', True) }}"
@@ -99,6 +105,7 @@
 
 # Puppet Containers Config directory used to generate container configs
 - name: Create /var/lib/container-puppet
+  become: true
   file:
     path: /var/lib/container-puppet
     state: directory
@@ -109,6 +116,7 @@
     - container_config_tasks
 
 - name: Delete existing /var/lib/container-puppet/check-mode for check mode
+  become: true
   file:
     path: /var/lib/container-puppet/check-mode
     state: absent
@@ -119,6 +127,7 @@
     - ansible_check_mode|bool
 
 - name: Create /var/lib/container-puppet/check-mode for check mode
+  become: true
   file:
     path: /var/lib/container-puppet/check-mode
     state: directory
@@ -131,6 +140,7 @@
     - ansible_check_mode|bool
 
 - name: Write container-puppet.json file
+  become: true
   no_log: True
   copy:
     content: "{{ lookup('file', tripleo_role_name + '/puppet_config.yaml', errors='ignore') | default([], True) | from_yaml | to_nice_json }}"
@@ -166,6 +176,7 @@
     - container_config
 
 - name: Create /var/lib/container-config-scripts
+  become: true
   file:
     path: /var/lib/container-config-scripts
     state: directory
@@ -177,6 +188,7 @@
 # /var/lib/container-startup-configs.json is removed as we now write
 # per-step files instead
 - name: Clean old /var/lib/container-startup-configs.json file
+  become: true
   file:
     path: /var/lib/container-startup-configs.json
     state: absent
@@ -185,6 +197,7 @@
 
 # For legacy, can be removed in Train cycle
 - name: Clean old /var/lib/docker-container-startup-configs.json file
+  become: true
   file:
     path: /var/lib/docker-container-startup-configs.json
     state: absent
@@ -193,6 +206,7 @@
 
 
 - name: Write container config scripts
+  become: true
   no_log: True
   copy:
     content: "{{ item[1].content }}"
@@ -232,6 +246,7 @@
 # /var/lib/tripleo-config/container-startup-config/step_X/<container_name>.json
 # Can be removed in V cycle
 - name: Write /var/lib/tripleo-config/container-startup-config-readme.txt
+  become: true
   no_log: True
   copy:
     content: "Container startup configs moved to /var/lib/tripleo-config/container-startup-config"
@@ -255,6 +270,7 @@
     - container_startup_configs
 
 - name: Create /var/lib/kolla/config_files directory
+  become: true
   file:
     path: /var/lib/kolla/config_files
     state: directory
@@ -265,6 +281,7 @@
     - container_startup_configs
 
 - name: Create /var/lib/config-data directory
+  become: true
   file:
     path: /var/lib/config-data
     state: directory
@@ -272,6 +289,7 @@
     selevel: s0
 
 - name: Write kolla config json files
+  become: true
   no_log: True
   copy:
     content: "{{ item[1] | to_nice_json }}"
@@ -319,6 +337,7 @@
     - container_config
 
 - name: Create /etc/puppet/check-mode/hieradata directory for check mode
+  become: true
   file:
     path: /etc/puppet/check-mode/hieradata
     state: directory
@@ -334,6 +353,7 @@
     - container_config
 
 - name: Create puppet check-mode files if they don't exist for check mode
+  become: true
   shell: |
     cp -a /etc/puppet/hiera.yaml /etc/puppet/check-mode/hiera.yaml
     cp -a /etc/puppet/hieradata/* /etc/puppet/check-mode/hieradata/
diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml
index 0ba005141e..2e4612e3bb 100644
--- a/common/deploy-steps-tasks.yaml
+++ b/common/deploy-steps-tasks.yaml
@@ -3,6 +3,7 @@
 #####################################################
 
 - name: Write the config_step hieradata
+  become: true
   no_log: True
   copy:
     content: "{{ dict(step=step|int) | to_json }}"
@@ -14,6 +15,7 @@
     - host_config
 
 - name: Run puppet host configuration for step {{ step }}
+  become: true
   async: 3600
   poll: 0
   when: enable_puppet|bool
@@ -86,6 +88,7 @@
 #####################################
 
 - name: Per step starting of the containers using tripleo-ansible
+  become: true
   environment:
     TRIPLEO_MINOR_UPDATE: '{{ tripleo_minor_update | default(false) }}'
   block:
@@ -112,6 +115,7 @@
 ########################################################
 
 - name: "Clean container_puppet_tasks for {{ansible_hostname | lower}} step {{step}}"
+  become: true
   file:
     path: /var/lib/container-puppet/container-puppet-tasks{{step}}.json
     state: absent
diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2
index 6e0eeccd53..b868741d67 100644
--- a/common/deploy-steps.j2
+++ b/common/deploy-steps.j2
@@ -458,6 +458,7 @@ outputs:
               any_errors_fatal: yes
               tasks:
                 - name: Set selinux state
+                  become: true
                   selinux:
                     policy: targeted
                     state: SELINUX_MODE
@@ -497,6 +498,7 @@ outputs:
 
             - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST
               name: Deploy step tasks for step 0
+              become: true
               gather_facts: "{% raw %}{{ gather_facts | default(false) }}{% endraw %}"
               any_errors_fatal: yes
               vars:
@@ -567,6 +569,7 @@ outputs:
                         - "{{ tripleo_role_name ~ '/NetworkConfig' }}"
 
                 - name: NetworkConfig
+                  become: true
                   block:
                     - name: Create /var/lib/tripleo-config/scripts directory
                       file:
@@ -655,6 +658,7 @@ outputs:
 
             - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST
               name: Host prep steps
+              become: true
               gather_facts: "{% raw %}{{ gather_facts | default(false) }}{% endraw %}"
               any_errors_fatal: yes
               vars:
@@ -718,6 +722,7 @@ outputs:
 
             - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST
               name: Deploy step tasks for {{step}}
+              become: true
               gather_facts: "{% raw %}{{ gather_facts | default(false) }}{% endraw %}"
               any_errors_fatal: yes
               # FIXME(shardy) - it would be nice to use strategy: free to
@@ -797,6 +802,7 @@ outputs:
 {%- endfor %}
             - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST
               name: Server Post Deployments
+              become: true
               gather_facts: "{% raw %}{{ gather_facts | default(false) }}{% endraw %}"
               any_errors_fatal: yes
               tasks:
@@ -1004,6 +1010,7 @@ outputs:
 {%- for step in range(0,upgrade_steps_max) %}
             - hosts: DEPLOY_TARGET_HOST
               name: Upgrade tasks for step {{step}}
+              become: true
               gather_facts: "{% raw %}{{ gather_facts | default(false) }}{% endraw %}"
               any_errors_fatal: yes
               vars:
diff --git a/common/generate-config-tasks.yaml b/common/generate-config-tasks.yaml
index 04739caf40..4c189f6bb2 100644
--- a/common/generate-config-tasks.yaml
+++ b/common/generate-config-tasks.yaml
@@ -1,4 +1,5 @@
 - name: Block for container-puppet tasks (generate config) during step {{ step }} with tripleo-ansible
+  become: true
   tags:
     - container_config
   block:
@@ -37,6 +38,7 @@
         tripleo_container_manage_valid_exit_code: [0, 2]
 
 - name: Diff puppet-generated changes for check mode
+  become: true
   shell: |
     diff -ruN --no-dereference -q /var/lib/config-data/puppet-generated /var/lib/config-data/check-mode/puppet-generated
     diff -ruN --no-dereference /var/lib/config-data/puppet-generated /var/lib/config-data/check-mode/puppet-generated
diff --git a/common/hiera-steps-tasks.yaml b/common/hiera-steps-tasks.yaml
index dbfc19c40f..ea410308d1 100644
--- a/common/hiera-steps-tasks.yaml
+++ b/common/hiera-steps-tasks.yaml
@@ -2,6 +2,7 @@
   include_role:
     name: tripleo_hieradata
 - name: Hiera symlink
+  become: true
   file:
     src: /etc/puppet/hiera.yaml
     dest: /etc/hiera.yaml
diff --git a/deployment/logrotate/tmpwatch-install.yaml b/deployment/logrotate/tmpwatch-install.yaml
index 12716606c8..45a220de3c 100644
--- a/deployment/logrotate/tmpwatch-install.yaml
+++ b/deployment/logrotate/tmpwatch-install.yaml
@@ -36,9 +36,8 @@ outputs:
     description: Role data for tmpwatch install
     value:
       service_name: logrotate_tmpwatch
-      deploy_steps_tasks:
+      host_prep_tasks:
         - name: install tmpwatch on the host
-          when: step|int == 1
           package:
             name: tmpwatch
             state: installed