diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml
index 375206c..2f4d806 100644
--- a/.github/workflows/gitlab.yml
+++ b/.github/workflows/gitlab.yml
@@ -45,6 +45,7 @@ jobs:
       fail-fast: false
       matrix:
         image:
+          - "ghcr.io/hifis-net/almalinux-systemd:9"
           - "ghcr.io/hifis-net/ubuntu-systemd:22.04"
           - "ghcr.io/hifis-net/ubuntu-systemd:24.04"
           - "ghcr.io/hifis-net/debian-systemd:11"
diff --git a/molecule/gitlab/prepare.yml b/molecule/gitlab/prepare.yml
index ba08fa7..762bffe 100644
--- a/molecule/gitlab/prepare.yml
+++ b/molecule/gitlab/prepare.yml
@@ -21,6 +21,20 @@
             state: "present"
             update_cache: true
 
+        # Workaround to prevent "sudo: PAM account management error" because of non-readable shadows file on AlmaLinux
+        - name: "Get file stats for /etc/shadow"
+          ansible.builtin.stat:
+            path: "/etc/shadow"
+          register: "shadow"
+
+        - name: "Fix permissions for /etc/shadow"
+          ansible.builtin.file:
+            path: "/etc/shadow"
+            owner: "root"
+            group: "{{ shadow.stat.gr_name }}"
+            mode: "0640"
+          when: "not shadow.stat.rusr"
+
     - name: "Install depenencies for OS family Debian"
       when: "ansible_facts.os_family == 'Debian'"
       block:
diff --git a/roles/gitlab/README.md b/roles/gitlab/README.md
index 2a58960..a9ae6e0 100644
--- a/roles/gitlab/README.md
+++ b/roles/gitlab/README.md
@@ -13,6 +13,7 @@ A role to install and configure official GitLab Omnibus package.
 
 Currently [supported platforms](meta/main.yml) are:
 
+- AlmaLinux 9
 - Debian 11 (Bullseye)
 - Ubuntu 22.04 LTS (Jemmy Jellyfish)
 - Ubuntu 24.04 LTS (Noble Numbat)
diff --git a/roles/gitlab/meta/main.yml b/roles/gitlab/meta/main.yml
index 6f5a463..e0feff5 100644
--- a/roles/gitlab/meta/main.yml
+++ b/roles/gitlab/meta/main.yml
@@ -25,6 +25,9 @@ galaxy_info:
     - name: "Debian"
       versions:
         - "bullseye"
+    - name: "EL"
+      versions:
+        - "9"
 
   galaxy_tags:
     - "git"
diff --git a/roles/gitlab/tasks/install.yml b/roles/gitlab/tasks/install.yml
index 2d784dd..af6939d 100644
--- a/roles/gitlab/tasks/install.yml
+++ b/roles/gitlab/tasks/install.yml
@@ -10,6 +10,7 @@
   ansible.builtin.package:
     name: "{{ gitlab_dependencies }}"
     state: "present"
+    allowerasing: "{{ true if ansible_facts['os_family'] == 'RedHat' else omit }}"
 
 - name: "Prepare Debian GitLab installation"
   when: "ansible_facts.os_family == 'Debian'"
@@ -71,6 +72,7 @@
         gpgkey:
           - "{{ gitlab_gpg_key_url }}"
           - "{{ gitlab_gpg_key_url }}/gitlab-{{ gitlab_edition }}-3D645A26AB9FBD22.pub.gpg"
+          - "{{ gitlab_gpg_key_url }}/gitlab-{{ gitlab_edition }}-CB947AD886C8E8FD.pub.gpg"
         sslverify: true
         sslcacert: "/etc/pki/tls/certs/ca-bundle.crt"
         metadata_expire: "300"
@@ -87,6 +89,7 @@
         gpgkey:
           - "{{ gitlab_gpg_key_url }}"
           - "{{ gitlab_gpg_key_url }}/gitlab-{{ gitlab_edition }}-3D645A26AB9FBD22.pub.gpg"
+          - "{{ gitlab_gpg_key_url }}/gitlab-{{ gitlab_edition }}-CB947AD886C8E8FD.pub.gpg"
         sslverify: true
         sslcacert: "/etc/pki/tls/certs/ca-bundle.crt"
         metadata_expire: "300"