diff --git a/roles/bootstrap_os/tasks/centos.yml b/roles/bootstrap_os/tasks/centos.yml
index a113c573d..02cc429f0 100644
--- a/roles/bootstrap_os/tasks/centos.yml
+++ b/roles/bootstrap_os/tasks/centos.yml
@@ -17,32 +17,6 @@
   when: not skip_http_proxy_on_os_packages
 
 # For Oracle Linux install public repo
-- name: Download Oracle Linux public yum repo
-  get_url:
-    url: https://yum.oracle.com/public-yum-ol7.repo
-    dest: /etc/yum.repos.d/public-yum-ol7.repo
-    mode: "0644"
-  when:
-    - use_oracle_public_repo | default(true)
-    - '''ID="ol"'' in os_release.stdout_lines'
-    - (ansible_distribution_version | float) < 7.6
-  environment: "{{ proxy_env }}"
-
-- name: Enable Oracle Linux repo
-  community.general.ini_file:
-    dest: /etc/yum.repos.d/public-yum-ol7.repo
-    section: "{{ item }}"
-    option: enabled
-    value: "1"
-    mode: "0644"
-  with_items:
-    - ol7_latest
-    - ol7_addons
-    - ol7_developer_EPEL
-  when:
-    - use_oracle_public_repo | default(true)
-    - '''ID="ol"'' in os_release.stdout_lines'
-    - (ansible_distribution_version | float) < 7.6
 
 - name: Install EPEL for Oracle Linux repo package
   package:
diff --git a/roles/bootstrap_os/tasks/clear-linux-os.yml b/roles/bootstrap_os/tasks/clear-linux-os.yml
deleted file mode 100644
index 2e41eaa01..000000000
--- a/roles/bootstrap_os/tasks/clear-linux-os.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-# ClearLinux ships with Python installed
-
-- name: Install basic package to run containers
-  package:
-    name: containers-basic
-    state: present
-
-- name: Make sure docker service is enabled
-  systemd_service:
-    name: docker
-    masked: false
-    enabled: true
-    daemon_reload: true
-    state: started
-  become: true
diff --git a/roles/bootstrap_os/tasks/debian.yml b/roles/bootstrap_os/tasks/debian.yml
index 9b18baa06..acfc0483b 100644
--- a/roles/bootstrap_os/tasks/debian.yml
+++ b/roles/bootstrap_os/tasks/debian.yml
@@ -50,15 +50,3 @@
   become: true
   when:
     - need_bootstrap.rc != 0
-
-- name: Update Apt cache
-  raw: apt-get update --allow-releaseinfo-change
-  become: true
-  when:
-    - os_release_dict['ID'] == 'debian'
-    - os_release_dict['VERSION_ID'] in ["10", "11"]
-  register: bootstrap_update_apt_result
-  changed_when:
-    - '"changed its" in bootstrap_update_apt_result.stdout'
-    - '"value from" in bootstrap_update_apt_result.stdout'
-  ignore_errors: true
diff --git a/roles/bootstrap_os/tasks/opensuse.yml b/roles/bootstrap_os/tasks/opensuse.yml
index 5a4f9dead..796801958 100644
--- a/roles/bootstrap_os/tasks/opensuse.yml
+++ b/roles/bootstrap_os/tasks/opensuse.yml
@@ -55,31 +55,3 @@
   become: true
   tags:
     - facts
-
-# Without this package, the get_url module fails when trying to handle https
-- name: Install python-cryptography
-  community.general.zypper:
-    name: python-cryptography
-    state: present
-    update_cache: true
-  become: true
-  when:
-    - ansible_distribution_version is version('15.4', '<')
-
-- name: Install python3-cryptography
-  community.general.zypper:
-    name: python3-cryptography
-    state: present
-    update_cache: true
-  become: true
-  when:
-    - ansible_distribution_version is version('15.4', '>=')
-
-# Nerdctl needs some basic packages to get an environment up
-- name: Install basic dependencies
-  community.general.zypper:
-    name:
-      - iptables
-      - apparmor-parser
-    state: present
-  become: true
diff --git a/roles/system_packages/tasks/main.yml b/roles/system_packages/tasks/main.yml
index 97d0cbb72..d9cffada6 100644
--- a/roles/system_packages/tasks/main.yml
+++ b/roles/system_packages/tasks/main.yml
@@ -15,37 +15,6 @@
     - ansible_pkg_mgr == 'zypper'
   tags: bootstrap_os
 
-- name: Add debian 10 required repos
-  when:
-    - ansible_distribution == "Debian"
-    - ansible_distribution_version == "10"
-  tags:
-    - bootstrap_os
-  block:
-    - name: Add Debian Backports apt repo
-      apt_repository:
-        repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main"
-        state: present
-        filename: debian-backports
-
-    - name: Set libseccomp2 pin priority to apt_preferences on Debian buster
-      copy:
-        content: |
-          Package: libseccomp2
-          Pin: release a={{ ansible_distribution_release }}-backports
-          Pin-Priority: 1001
-        dest: "/etc/apt/preferences.d/libseccomp2"
-        owner: "root"
-        mode: "0644"
-
-- name: Update package management cache (APT)
-  apt:
-    update_cache: true
-    cache_valid_time: 3600
-  when: ansible_os_family == "Debian"
-  tags:
-    - bootstrap_os
-
 - name: Remove legacy docker repo file
   file:
     path: "{{ yum_repo_dir }}/docker.repo"
@@ -69,6 +38,8 @@
   package:
     name: "{{ item.packages | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}"
     state: "{{ item.state }}"
+    update_cache: "{{ true if ansible_pkg_mgr in ['zypper', 'apt', 'dnf'] else omit }}"
+    cache_valid_time: "{{ 86400 if ansible_pkg_mgr == 'apt' else omit }}" # 24h
   register: pkgs_task_result
   until: pkgs_task_result is succeeded
   retries: "{{ pkg_install_retries }}"
diff --git a/roles/system_packages/vars/main.yml b/roles/system_packages/vars/main.yml
index b26924047..90cf120cb 100644
--- a/roles/system_packages/vars/main.yml
+++ b/roles/system_packages/vars/main.yml
@@ -7,6 +7,8 @@ pkgs_to_remove:
 pkgs:
   apparmor:
     - "{{ ansible_os_family == 'Debian' }}"
+  apparmor-parser:
+    - "{{ ansible_os_family == 'Suse' }}"
   apt-transport-https:
     - "{{ ansible_os_family == 'Debian' }}"
   aufs-tools:
@@ -27,6 +29,9 @@ pkgs:
   container-selinux:
     - "{{ ansible_os_family == 'RedHat' }}"
     - "{{ 'k8s_cluster' in group_names }}"
+  containers-basic:
+    - "{{ ansible_os_family == 'ClearLinux' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
   curl: []
   device-mapper:
     - "{{ ansible_os_family == 'Suse' or ansible_distribution == 'openEuler' }}"
@@ -48,7 +53,7 @@ pkgs:
     - "{{ kube_proxy_mode != 'ipvs' }}"
     - "{{ 'k8s_cluster' in group_names }}"
   iptables:
-    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
+    - "{{ ansible_os_family in ['Debian', 'RedHat', 'Suse'] }}"
   iputils:
     - "{{ not ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk', 'Debian'] }}"
     - "{{ main_access_ip is defined }}"
@@ -88,9 +93,15 @@ pkgs:
   python-apt:
     - "{{ ansible_os_family == 'Debian' }}"
     - "{{ ansible_distribution_major_version == '10' }}"
+  python-cryptography:
+    - "{{ ansible_os_family == 'Suse' }}"
+    - "{{ ansible_distribution_version is version('15.4', '<') }}"
   python3-apt:
     - "{{ ansible_os_family == 'Debian' }}"
     - "{{ ansible_distribution_major_version != '10' }}"
+  python3-cryptography:
+    - "{{ ansible_os_family == 'Suse' }}"
+    - "{{ ansible_distribution_version is version('15.4', '>=') }}"
   python3-libselinux:
     - "{{ ansible_distribution in ['RedHat', 'CentOS'] }}"
   rsync: []
diff --git a/scripts/assert-sorted-checksums.yml b/scripts/assert-sorted-checksums.yml
index d7e2e86db..904abdf10 100755
--- a/scripts/assert-sorted-checksums.yml
+++ b/scripts/assert-sorted-checksums.yml
@@ -48,6 +48,7 @@
       ansible_distribution: irrelevant
       ansible_distribution_major_version: irrelevant
       ansible_distribution_minor_version: irrelevant
+      ansible_distribution_version: 1.0
       ansible_os_family: irrelevant
     assert:
       that: "pkgs_lists | sort == pkgs_lists"