diff --git a/README.md b/README.md
index 7498e378..4bc4bd99 100644
--- a/README.md
+++ b/README.md
@@ -76,7 +76,7 @@ Here is an example of how to execute the `dataverse-ansible` role with more adju
 | -e     | Extra variables file                  | no       |
 | -v     | run with Verbosity (up to three Vs)   | no       |
 
-The role currently supports RHEL/CentOS 7, RHEL/Rocky 8 and Debian 11 with all services running on the same machine, but intends to become OS-agnostic and support multiple nodes for scalability.
+The role currently supports RHEL/CentOS 7, RHEL/Rocky 8/9 and Debian 11 with all services running on the same machine, but intends to become OS-agnostic and support multiple nodes for scalability.
 
 If you're interested in testing Dataverse locally using [Vagrant][vagrant], you'll want to clone this repository and edit the local port redirects if the http/https ports on your local machine are already in use. Note that the current Vagrant VM template requires [VirtualBox][virtualbox] 5.0+ and will automatically launch the above command within your Vagrant VM.
 
diff --git a/Vagrantfile b/Vagrantfile
index 06121ca5..e7ea6530 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -4,7 +4,7 @@
 VAGRANTFILE_API_VERSION = "2"
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  config.vm.box = "bento/rockylinux-8"
+  config.vm.box = "bento/rockylinux-9"
 
   config.vm.synced_folder ".", "/vagrant"
   config.vm.synced_folder ".", "/etc/ansible/roles/dataverse"
@@ -36,6 +36,6 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
   config.vm.provider "virtualbox" do |vbox|
     vbox.cpus = 4
-    vbox.memory = 4096
+    vbox.memory = 8192
   end
 end
diff --git a/tasks/dataverse-apache.yml b/tasks/dataverse-apache.yml
index 0f8a2f6a..7af8dc29 100644
--- a/tasks/dataverse-apache.yml
+++ b/tasks/dataverse-apache.yml
@@ -103,13 +103,14 @@
     mode: 0644
   notify: enable and restart apache
 
-- name: this package provides semanage on RHEL / Rocky 8
-  package:
+- name: this package provides semanage on RHEL / Rocky 8 and 9
+  ansible.builtin.package:
     name: policycoreutils-python-utils
     state: latest
   when:
     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version == "8"
+      or ansible_distribution_major_version == "9"
 
 - name: remove unnecessary mod_cgi
   ansible.builtin.file:
diff --git a/tasks/dataverse-counter.yml b/tasks/dataverse-counter.yml
index 36ad0185..8c112fbd 100644
--- a/tasks/dataverse-counter.yml
+++ b/tasks/dataverse-counter.yml
@@ -4,10 +4,21 @@
   debug:
     msg: '##### MAKE DATA COUNT #####'
 
-- name: ensure python3-pip. Ansible on RHEL/Rocky now requires 3.8
-  yum:
+- name: ensure python3-pip. Ansible on RHEL/Rocky 8 now requires 3.8
+  ansible.builtin.package:
     name: python38-pip
     state: latest
+  when:
+  - ansible_os_family == "RedHat"
+  - ansible_distribution_major_version == "8"
+
+- name: ensure python39-pip on RHEL/Rocky 9
+  ansible.builtin.package:
+    name: python3-pip
+    state: latest
+  when:
+  - ansible_os_family == "RedHat"
+  - ansible_distribution_major_version == "9"
 
 - name: ensure counter user exists
   user:
diff --git a/tasks/dataverse-install.yml b/tasks/dataverse-install.yml
index 034fb2a4..9a19feaf 100644
--- a/tasks/dataverse-install.yml
+++ b/tasks/dataverse-install.yml
@@ -129,8 +129,8 @@
   set_fact:
     python_bin: '/usr/bin/python3'
   when:
-  - ansible_os_family == "RedHat"
-  - ansible_distribution_major_version == "8"
+  - ansible_os_family == "RedHat" and
+    (ansible_distribution_major_version == "8") or (ansible_distribution_major_version == "9")
 
 - name: Debian only offers Python3 nowadays
   set_fact:
diff --git a/tasks/dataverse-prereqs.yml b/tasks/dataverse-prereqs.yml
index a2cd4f8b..f41ff44c 100644
--- a/tasks/dataverse-prereqs.yml
+++ b/tasks/dataverse-prereqs.yml
@@ -46,16 +46,23 @@
     name: ['bash-completion', 'git', 'jq', 'mlocate', 'net-tools', 'sudo', 'unzip', 'python3-psycopg2', 'zip', 'tar']
     state: latest
 
-- name: "RHEL/Rocky 8.6 provides Ansible 5.4 which wants Python-3.8"
+- name: "RHEL/Rocky 8.6 packaged Ansible wants Python-3.8"
   ansible.builtin.package:
     name: ['python38-psycopg2']
     state: latest
   when: ansible_os_family == "RedHat" and
         ansible_distribution_major_version == "8"
 
+- name: "RHEL/Rocky 9 provides 3.9"
+  ansible.builtin.package:
+    name: python3-psycopg2
+    state: latest
+  when: ansible_os_family == "RedHat" and
+        ansible_distribution_major_version == "9"
+
 - name: install java-nnn-openjdk and other packages for RedHat/Rocky
   yum:
-    name: ['java-{{ java.version }}-openjdk-devel', 'python38', 'vim-enhanced']
+    name: ['java-{{ java.version }}-openjdk-devel', 'vim-enhanced']
     state: latest
   when: ansible_os_family == "RedHat"
 
@@ -70,7 +77,7 @@
     name: GraphicsMagick
   when:
     - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version == "8"
+    - ansible_distribution_major_version == "8" or ansible_distribution_major_version == "9"
     - dataverse.thumbnails
 
 - name: install GraphicsMagic on Debian/Ubuntu for thumbnail generation
diff --git a/tasks/payara.yml b/tasks/payara.yml
index 1bd02e61..68a0e149 100644
--- a/tasks/payara.yml
+++ b/tasks/payara.yml
@@ -153,5 +153,5 @@
     mode: '0750'
     state: directory
 
-- name: flush hadlers to start payara and possibly reload systemd
+- name: flush handlers to start payara and possibly reload systemd
   meta: flush_handlers
diff --git a/tasks/postgres.yml b/tasks/postgres.yml
index 19080d9b..0e8533bb 100644
--- a/tasks/postgres.yml
+++ b/tasks/postgres.yml
@@ -35,7 +35,7 @@
     state: present
   when: ansible_os_family == "RedHat"
 
-- name: "RHEL/Rocky8: disable PostgreSQL proper in the OS"
+- name: "RHEL/Rocky 8: disable PostgreSQL OS module"
   shell: 'dnf -qy module disable postgresql'
   when: ansible_os_family == "RedHat" and
         ansible_distribution_major_version == "8"
diff --git a/tasks/rserve.yml b/tasks/rserve.yml
index a5108254..bb80387f 100644
--- a/tasks/rserve.yml
+++ b/tasks/rserve.yml
@@ -10,17 +10,22 @@
     state: latest
   when: ansible_os_family == "RedHat"
 
-- name: RHEL8 needs codeready-builder
+- name: RHEL8/9 need codeready-builder
   rhsm_repository:
     name: codeready-builder-for-rhel-8-x86_64-rpms
-  when: ansible_distribution == "RedHat" and
-        ansible_distribution_major_version == "8"
+  when: (ansible_distribution == "RedHat" and ansible_distribution_major_version == "8") or
+        (ansible_distribution == "RedHat" and ansible_distribution_major_version == "9")
 
-- name: Rocky needs powertools
+- name: Rocky 8 needs powertools
   shell: "dnf config-manager --enable powertools"
   when: ansible_distribution == "Rocky" and
         ansible_distribution_major_version == "8"
 
+- name: Rocky 9 calls it codeready-builder
+  shell: "dnf config-manager --enable crb"
+  when: ansible_distribution == "Rocky" and
+        ansible_distribution_major_version == "9"
+
 - name: install base packages
   yum:
     name: "{{ packages }}"
diff --git a/tasks/sampledata.yml b/tasks/sampledata.yml
index fa632818..0c5e6430 100644
--- a/tasks/sampledata.yml
+++ b/tasks/sampledata.yml
@@ -14,6 +14,17 @@
   ansible.builtin.package:
     name: python38-pip
     state: latest
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version == "8"
+
+- name: "RHEL/Rocky 9 package Python-3.9"
+  ansible.builtin.package:
+    name: python3-pip
+    state: latest
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version == "9"
 
 - name: clone sampledata repo
   git:
diff --git a/tasks/sanity-checks.yml b/tasks/sanity-checks.yml
index 794e684d..be088ade 100644
--- a/tasks/sanity-checks.yml
+++ b/tasks/sanity-checks.yml
@@ -7,6 +7,13 @@
         ansible_distribution_major_version == "8" and
         db.postgres.version < 10
 
+- name: RHEL9 and RockyLinux likely require PG13
+  set_fact:
+    die: "RHEL/Rocky 9 packages PostgresQL 13 and likely won't work with earlier versions."
+  when: ansible_os_family == "RedHat" and
+        ansible_distribution_major_version == "9" and
+        db.postgres.version < 13
+
 - name: Shibboleth requires AJP
   set_fact:
     die: "Shibboleth requires AJP"
diff --git a/tasks/selinux.yml b/tasks/selinux.yml
index 2f99fe06..357d9525 100644
--- a/tasks/selinux.yml
+++ b/tasks/selinux.yml
@@ -10,29 +10,32 @@
     - policycoreutils
   when: ansible_os_family == 'RedHat'
 
-# Ansible seboolean module is broken on RHEL/Rocky 8.6. dls 20220602
-#- name: set httpd_can_network_connect on and keep it persistent across reboots
-#  seboolean:
-#    name: httpd_can_network_connect
-#    state: yes
-#    persistent: yes
-#  when: ansible_os_family == 'RedHat'
+- name: set httpd_can_network_connect on and keep it persistent across reboots
+  seboolean:
+    name: httpd_can_network_connect
+    state: yes
+    persistent: yes
+  when:
+  - ansible_os_family == 'RedHat'
+  - ansible_distribution_major_version == "9"
 
+# Ansible seboolean module is broken on RHEL/Rocky 8.6, use shell cmd instead.
 - name: allow apache to make outbound connections
   shell: '/usr/sbin/setsebool -P httpd_can_network_connect 1'
   when:
   - ansible_os_family == "RedHat"
   - ansible_distribution_major_version == "8"
 
-# Ansible seboolean module is broken on RHEL/Rocky 8.6. dls 20220602
-#- name: allow apache to read user content by default
-#  seboolean:
-#    name: httpd_read_user_content
-#    state: yes
-#    persistent: yes
-#  when:
-#  - ansible_os_family == "RedHat"
+- name: allow apache to read user content by default
+  seboolean:
+    name: httpd_read_user_content
+    state: yes
+    persistent: yes
+  when:
+  - ansible_os_family == "RedHat"
+  - ansible_distribution_major_version == "9"
 
+# Ansible seboolean module is broken on RHEL/Rocky 8.6. dls 20220602
 - name: allow apache to read user content by default
   shell: 'setsebool -P httpd_read_user_content 1'
   when:
diff --git a/tasks/shibboleth.yml b/tasks/shibboleth.yml
index c09f305d..e4aaa492 100644
--- a/tasks/shibboleth.yml
+++ b/tasks/shibboleth.yml
@@ -28,6 +28,8 @@
   when: (ansible_distribution == "RedHat" and ansible_distribution_major_version == "8")
      or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
 
+# there is no Shibboleth repo for RHEL/Rocky 9 just yet. dls 20220721
+
 - name: install Shibboleth RPMs for RHEL and derivatives
   ansible.builtin.package:
     name: shibboleth
diff --git a/tests/group_vars/vagrant.yml b/tests/group_vars/vagrant.yml
index 48dae2f8..5b85c967 100644
--- a/tests/group_vars/vagrant.yml
+++ b/tests/group_vars/vagrant.yml
@@ -2,7 +2,7 @@
 # dataverse/tests/group_vars/vagrant.yml
 
 # un-nested so we can pass them at the CLI
-dataverse_branch: develop
+dataverse_branch: release
 dataverse_repo: https://github.com/IQSS/dataverse.git
 any_errors_fatal: true
 
@@ -45,7 +45,7 @@ dataverse:
     blocked_endpoints: "admin,test"
     blocked_policy: "localhost-only"
     location: "http://localhost:8080/api"
-    test_suite: false
+    test_suite: true
     # possible test values from https://github.com/IQSS/dataverse/blob/develop/conf/docker-aio/run-test-suite.sh#L11
     # beware DataversesIT and DatasetsIT at minimum must be run for any other tests to succeed. have fun.
     #tests: "DataversesIT,DatasetsIT,AdminIT"