diff --git a/ansible/roles/bootstrap/tasks/main.yml b/ansible/roles/bootstrap/tasks/main.yml
index aaf5abc7d..70e1dcf48 100644
--- a/ansible/roles/bootstrap/tasks/main.yml
+++ b/ansible/roles/bootstrap/tasks/main.yml
@@ -26,8 +26,10 @@
     user: "{{ ansible_facts.user_id }}"
     key: "{{ lookup('file', bootstrap_ssh_private_key_path ~ '.pub') }}"
 
+# NOTE(priteau): Exclude comments from ssh-keyscan output because they break
+# known_hosts on Rocky Linux 9.8.
 - name: Scan for SSH keys
-  command: ssh-keyscan {{ item }}
+  shell: ssh-keyscan {{ item }} | grep -v '^#'
   with_items:
     - localhost
     - 127.0.0.1
diff --git a/ansible/roles/kolla-ansible/tasks/install.yml b/ansible/roles/kolla-ansible/tasks/install.yml
index fb0662745..785d375a3 100644
--- a/ansible/roles/kolla-ansible/tasks/install.yml
+++ b/ansible/roles/kolla-ansible/tasks/install.yml
@@ -105,6 +105,20 @@
     virtualenv: "{{ kolla_ansible_venv }}"
     virtualenv_python: "{{ kolla_ansible_venv_python }}"
 
+- name: Ensure core Ansible collections are installed
+  command:
+    cmd: >-
+      ansible-galaxy collection install --force
+      -r {{ kolla_ansible_core_requirements_yml }}
+      -p {{ kolla_ansible_venv }}/share/kolla-ansible/ansible/collections/
+  environment:
+    # NOTE(wszumski): Ignore collections shipped with ansible, so that we can install
+    # newer versions.
+    ANSIBLE_COLLECTIONS_SCAN_SYS_PATH: "False"
+    # NOTE(wszumski): Don't use path configured for kayobe
+    ANSIBLE_COLLECTIONS_PATH: ''
+  when: not kolla_ansible_venv_ansible
+
 - name: Ensure Ansible collections are installed
   command:
     cmd: >-
diff --git a/ansible/roles/ssh-known-host/tasks/main.yml b/ansible/roles/ssh-known-host/tasks/main.yml
index 2cb8cc49e..d9274b402 100644
--- a/ansible/roles/ssh-known-host/tasks/main.yml
+++ b/ansible/roles/ssh-known-host/tasks/main.yml
@@ -13,9 +13,11 @@
       vm provision' and 'kayobe overcloud inventory discover'.
   when: not ansible_host | default(inventory_hostname)
 
+# NOTE(priteau): Exclude comments from ssh-keyscan output because they break
+# known_hosts on Rocky Linux 9.8.
 - name: Scan for SSH keys
   local_action:
-    module: command ssh-keyscan {{ item }}
+    module: shell ssh-keyscan {{ item }} | grep -v '^#'
   with_items:
     - "{{ ansible_host|default(inventory_hostname) }}"
   register: keyscan_result