diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f2b76bd39472c8dcaec3ec9dbe78e3465d86cec7..7b74bb42af8490d1df7afa3e0040db4764e190be 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,6 +12,13 @@ default:
     - source /opt/molecule/bin/activate
     - ansible --version
     - molecule --version
+    - echo "CURRENT PATH= '$(pwd)'"
+    # make sure that Ansible Vaults are present and can be decrypted
+    - echo "${VAULT_SERVER_HARDENING}" > ${ANSIBLE_VAULT_PASSWORD_FILE}
+    - export ANSIBLE_VAULT_PASSWORD_FILE="../../${ANSIBLE_VAULT_PASSWORD_FILE}"
+    - tree
+    - rm -rf ../ansible_vaults/
+    - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/;
 variables:
   SCENARIO: "default"
   # ANSIBLE_VAULT_PASSWORD_FILE: "molecule/lza_server_hardening.pass"
@@ -19,18 +26,33 @@ variables:
   ANSIBLE_FORCE_COLOR: 'true'
   PY_COLORS: '1'
 
-test-job:
+test-job-debian:
   stage: test
   tags:
     - "shell"
+  variables:
+    SCENARIO: "default"
+  script:
+    # run Molecule tests
+    - molecule syntax --scenario-name ${SCENARIO}
+    # We cannot use `molecule lint` anymore because:
+    # - https://github.com/ansible-community/molecule/pull/3802 "Remove lint command"
+    # - https://github.com/ansible-community/molecule/discussions/3825#discussioncomment-4908366
+    - yamllint --strict --format colored ./
+    - ansible-lint --format full --profile production --strict --force-color ./
+    - molecule create --scenario-name ${SCENARIO}
+    - molecule converge --scenario-name ${SCENARIO}
+    - molecule idempotence --scenario-name ${SCENARIO}
+    # - molecule verify --scenario-name ${SCENARIO}
+    - molecule destroy --scenario-name ${SCENARIO}
+
+test-job-rhel:
+  stage: test
+  tags:
+    - "shell"
+  variables:
+    SCENARIO: "virtualbox_rocky8"
   script:
-    - echo "CURRENT PATH= '$(pwd)'" 
-    # make sure that Ansible Vaults are present and can be decrypted
-    - echo "${VAULT_SERVER_HARDENING}" > ${ANSIBLE_VAULT_PASSWORD_FILE}
-    - export ANSIBLE_VAULT_PASSWORD_FILE="../../${ANSIBLE_VAULT_PASSWORD_FILE}"
-    - tree
-    - rm -rf ../ansible_vaults/
-    - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/; \
     # run Molecule tests
     - molecule syntax --scenario-name ${SCENARIO}
     # We cannot use `molecule lint` anymore because:
diff --git a/molecule/resources/playbooks/converge.yml b/molecule/resources/playbooks/converge.yml
index 4a49614c4cf2b38ebb289314914c7ddc165d0350..6544237d2fba9152e3de40dc74137ee85f1fa9b9 100644
--- a/molecule/resources/playbooks/converge.yml
+++ b/molecule/resources/playbooks/converge.yml
@@ -9,7 +9,7 @@
       become: true
       when: ansible_os_family == "Debian"
     - name: update yum cache
-      ansible.builtin.yum:
+      ansible.builtin.dnf:
         update_cache: true
       become: true
       when: ansible_os_family == "RedHat"
diff --git a/molecule/resources/playbooks/prepare.yml b/molecule/resources/playbooks/prepare.yml
index 53af85c1122b1c5b1e8847f842031ee269f8261c..b4551514480c01ba7ff92a3448d976291b66b92a 100644
--- a/molecule/resources/playbooks/prepare.yml
+++ b/molecule/resources/playbooks/prepare.yml
@@ -24,9 +24,47 @@
         notify: update package cache
         become: true
 
+    - name: inform users about supported RHEL versions
+      ansible.builtin.debug:
+        msg: >
+          "RHEL 7 and older versions are EOL and are no longer supported by
+           this Ansible role. This is also true for RHEL compatible Linux
+           distributions like CentOS 7. Please upgrade your systems and try
+           again."
+      when:
+        - ansible_os_family == "RedHat"
+        - "ansible_distribution_major_version is version('8', '<')"
+      failed_when: true    # Always exit on unsupported targets.
+
     - name: configure additional package repositories for RedHat
-      when: ansible_os_family == "RedHat"
+      when:
+        - ansible_os_family == "RedHat"
+        - "ansible_distribution_major_version is version('8', '>=')"
       block:
+      # https://docs.fedoraproject.org/en-US/epel/getting-started/#_other_rhel_8_compatible_distributions
+      - name: enable powertools repository on RHEL 8 in order to use EPEL
+        community.general.dnf_config_manager:
+          name: "powertools"
+          state: enabled
+        when: "ansible_distribution_major_version is version('8', '==')"
+        become: true
+        notify: update package cache
+      - name: enable crb repository on RHEL 9 in order to use EPEL
+        community.general.dnf_config_manager:
+          name: "crb"
+          state: enabled
+        when: "ansible_distribution_major_version is version('9', '==')"
+        become: true
+        notify: update package cache
+      - name: >
+          flush handlers to immediately update package cache for installing
+          EPEL repo package
+        ansible.builtin.meta: flush_handlers
+      - name: install EPEL package
+        ansible.builtin.dnf:
+          name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
+          disable_gpg_check: true
+        become: true
       - name: add custom repositories
         ansible.builtin.yum_repository:
           name: "{{ item.name }}"
@@ -35,10 +73,6 @@
           gpgcheck: "{{ item.gpgcheck | default('true') }}"
           gpgkey: "{{ item.gpgkey | default(omit) }}"
         loop:
-          - name: "epel"
-            description: EPEL YUM repo
-            baseurl: "https://download.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/x86_64/"
-            gpgkey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
           - name: "slub"
             description: SLUB YUM repo
             baseurl: "https://sdvrhelrepo.slub-dresden.de/"
diff --git a/molecule/centos7/molecule.yml b/molecule/virtualbox_rocky8/molecule.yml
similarity index 66%
rename from molecule/centos7/molecule.yml
rename to molecule/virtualbox_rocky8/molecule.yml
index 5f4380424eac056ea6e48af50c62f205ad2d8c91..d03a5a75046279199ec986ff8696bd830439e80b 100644
--- a/molecule/centos7/molecule.yml
+++ b/molecule/virtualbox_rocky8/molecule.yml
@@ -4,33 +4,29 @@ dependency:
   enabled: false
 driver:
   name: vagrant
-lint: |
-  set -e
-  yamllint .
-  ansible-lint -x no-loop-var-prefix,command-instead-of-module,package-latest
 platforms:
   # Check out the documentation at
   # https://github.com/ansible-community/molecule-vagrant#documentation
   # for more platform parameters.
-  - name: vm-runner
-    box: centos/7
+  - name: vm-harden-mol
+    box: rockylinux/8
     memory: 1024
     # List of raw Vagrant `config` options.
     # provider_raw_config_args:
     #   - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
     # Dictionary of `config` options.
     config_options:
-      ssh.keep_alive: yes
+      ssh.keep_alive: true
       ssh.remote_user: "lza"
+      disksize.size: '20GB'
 provisioner:
   name: ansible
   log: true
   config_options:
     defaults:
       # https://stackoverflow.com/questions/57435811/ansible-molecule-pass-multiple-vault-ids
-      #vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
-      #vault_identity_list: "${MOLECULE_PROJECT_DIRECTORY}/../../lza_server_hardening.pass"
-      vault_identity_list: "../lza_server_hardening.pass, ../../../lza_server_hardening.pass"
+      # vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
+      vault_identity_list: "../../../lza_server_hardening.pass"
   vvv: false
   playbooks:
     # create: ../resources/playbooks/create.yml