diff --git a/.ansible-lint b/.ansible-lint
index 34c42ecf..957b94ee 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,5 +1,6 @@
 ---
 exclude_paths:
+  - .ansible
   - .github
   - molecule
   - roles/cluster_api/files/providers
diff --git a/.github/workflows/ansible-test.yml b/.github/workflows/ansible-test.yml
index 68abcb26..dda3d9be 100644
--- a/.github/workflows/ansible-test.yml
+++ b/.github/workflows/ansible-test.yml
@@ -28,7 +28,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Setup Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: "3.10"
           cache: pip
@@ -40,7 +40,7 @@ jobs:
         run: ansible-galaxy collection install .
 
       - name: Run "ansible-test"
-        run: ansible-test units
+        run: ansible-test units --python 3.10
         working-directory: /home/runner/.ansible/collections/ansible_collections/vexxhost/kubernetes
 
       - name: Publish Test Report
diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index 666af721..642c3823 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -44,7 +44,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Setup Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: "3.10"
           cache: pip
@@ -83,7 +83,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Setup Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: "3.10"
           cache: pip
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 87406151..4c0e79d3 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,4 +1,4 @@
-exclude: '^(roles/cluster_api/files/providers|roles/(cilium|cert_manager)/files/chart)'
+exclude: '^(roles/cluster_api/files/providers|roles/(cilium|cert_manager)/files/chart|.ansible)'
 
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
diff --git a/molecule/kubernetes/prepare.yml b/molecule/kubernetes/prepare.yml
index 7bf6cb2b..d7480b16 100644
--- a/molecule/kubernetes/prepare.yml
+++ b/molecule/kubernetes/prepare.yml
@@ -14,7 +14,6 @@
 
 - name: Prepare
   hosts: all
-  become: true
   pre_tasks:
     - name: Wait for systemd to complete initialization
       ansible.builtin.command: systemctl is-system-running
@@ -53,6 +52,12 @@
           - iproute
       when: ansible_facts['os_family'] == "RedHat"
 
+    - name: fix rocky9 sudo issue
+      ansible.builtin.shell:
+        cmd: |
+          chmod 0400 /etc/shadow
+      when: ansible_facts['distribution'] == "Rocky"
+
     - name: Uninstall RHEL packages
       ansible.builtin.package:
         name:
diff --git a/roles/kube_vip/tasks/main.yml b/roles/kube_vip/tasks/main.yml
index 0be0c6e3..f361054b 100644
--- a/roles/kube_vip/tasks/main.yml
+++ b/roles/kube_vip/tasks/main.yml
@@ -73,13 +73,16 @@
     dest: /etc/kubernetes/manifests/kube-vip.yaml
     owner: root
     group: root
-    mode: "0644"
+    mode: "0640"
   changed_when: false
 
 - name: Ensure kube-vip configuration file
   ansible.builtin.file:
     path: /etc/kubernetes/manifests/kube-vip.yaml
     state: "{{ kube_vip_enabled | ternary('file', 'absent') }}"
+    owner: root
+    group: root
+    mode: "0640"
 
 - name: Flush handlers
   ansible.builtin.meta: flush_handlers