diff --git a/ansible/group_vars/all/overcloud-dib b/ansible/group_vars/all/overcloud-dib
index ca0e470c9..05bc0c0be 100644
--- a/ansible/group_vars/all/overcloud-dib
+++ b/ansible/group_vars/all/overcloud-dib
@@ -42,7 +42,7 @@ overcloud_dib_os_release: "{{ os_release }}"
 overcloud_dib_elements_default:
   - "{{ overcloud_dib_os_element }}"
   - "cloud-init-datasources"
-  - "{% if overcloud_dib_os_element in ['centos', 'rocky'] %}disable-selinux{% endif %}"
+  - "{% if os_distribution in ['centos', 'rocky'] %}disable-selinux{% endif %}"
   - "enable-serial-console"
   - "vm"
 
diff --git a/ansible/group_vars/all/seed b/ansible/group_vars/all/seed
index f1524a2e0..7ec3d4536 100644
--- a/ansible/group_vars/all/seed
+++ b/ansible/group_vars/all/seed
@@ -123,6 +123,10 @@ seed_users: "{{ users_default }}"
 #
 seed_containers: {}
 
+# Whether to attempt a basic authentication login to a registry when
+# deploying seed containers
+seed_deploy_containers_registry_attempt_login: "{{ kolla_docker_registry_username is truthy and kolla_docker_registry_password is truthy }}"
+
 ###############################################################################
 # Seed node firewalld configuration.
 
diff --git a/ansible/group_vars/seed/docker-registry b/ansible/group_vars/seed/docker-registry
new file mode 100644
index 000000000..f439501ec
--- /dev/null
+++ b/ansible/group_vars/seed/docker-registry
@@ -0,0 +1,7 @@
+---
+###############################################################################
+# Seed node docker regsitry configuration.
+
+# Whether to attempt a basic authentication login to a registry when
+# deploying seed containers
+deploy_containers_registry_attempt_login: "{{ seed_deploy_containers_registry_attempt_login }}"
diff --git a/ansible/roles/apt/tasks/keys.yml b/ansible/roles/apt/tasks/keys.yml
index 4c1cda1e0..4b04e824b 100644
--- a/ansible/roles/apt/tasks/keys.yml
+++ b/ansible/roles/apt/tasks/keys.yml
@@ -17,3 +17,7 @@
     mode: 0644
   loop: "{{ apt_keys }}"
   become: true
+  register: result
+  until: result is successful
+  retries: 3
+  delay: 5
diff --git a/ansible/roles/dell-switch-bmp/tasks/main.yml b/ansible/roles/dell-switch-bmp/tasks/main.yml
index cc7e65894..c02a5a8bc 100644
--- a/ansible/roles/dell-switch-bmp/tasks/main.yml
+++ b/ansible/roles/dell-switch-bmp/tasks/main.yml
@@ -20,3 +20,7 @@
   notify:
     - Copy Dell switch BMP images
   become: True
+  register: result
+  until: result is successful
+  retries: 3
+  delay: 5
diff --git a/ansible/roles/image-download/tasks/main.yml b/ansible/roles/image-download/tasks/main.yml
index 3f905b8bf..85a418ac8 100644
--- a/ansible/roles/image-download/tasks/main.yml
+++ b/ansible/roles/image-download/tasks/main.yml
@@ -12,6 +12,9 @@
             url: "{{ image_download_checksum_url }}"
             return_content: true
           register: expected_checksum
+          until: expected_checksum is successful
+          retries: 3
+          delay: 5
       when:
         - image_download_checksum_url is not none
         - image_download_checksum_url != ""
@@ -29,6 +32,10 @@
         # Always download the image if we have no checksum to compare with.
         force: "{{ expected_checksum is skipped }}"
         backup: true
+      register: result
+      until: result is successful
+      retries: 3
+      delay: 5
   when:
     - image_download_url is not none
     - image_download_url != ""
diff --git a/dev/functions b/dev/functions
index 47208bc4b..2c27b203e 100644
--- a/dev/functions
+++ b/dev/functions
@@ -233,17 +233,22 @@ function upgrade_kayobe_venv {
 
 function is_deploy_image_built_locally {
     ipa_build_images=$(kayobe configuration dump --host controllers[0] --var-name ipa_build_images)
-    [[ $ipa_build_images =~ ^true$ ]]
+    to_bool "$ipa_build_images"
 }
 
 function is_ironic_enabled {
     ironic_enabled=$(kayobe configuration dump --host controllers[0] --var-name kolla_enable_ironic)
-    [[ $ironic_enabled =~ ^true$ ]]
+    to_bool "$ironic_enabled"
 }
 
 function is_overcloud_host_image_built_by_dib {
     overcloud_dib_build_host_images=$(kayobe configuration dump --host controllers[0] --var-name overcloud_dib_build_host_images)
-    [[ $overcloud_dib_build_host_images =~ ^true$ ]]
+    to_bool "$overcloud_dib_build_host_images"
+}
+
+function is_cinder_enabled {
+    flag="$(run_kayobe configuration dump --host controllers[0] --var-name kolla_enable_cinder)"
+    to_bool "$flag"
 }
 
 function environment_setup {
@@ -862,11 +867,6 @@ function to_bool {
     fi
 }
 
-function is_cinder_enabled {
-    flag="$(run_kayobe configuration dump --host controllers[0] --var-name kolla_enable_cinder)"
-    to_bool "$flag"
-}
-
 function configure_iptables {
     # NOTE(wszumski): adapted from the ironic devstack plugin, see:
     # https://github.com/openstack/ironic/blob/36e87dc5b472d79470b783fbba9ce396e3cbb96e/devstack/lib/ironic#L2132
diff --git a/doc/source/configuration/reference/seed-custom-containers.rst b/doc/source/configuration/reference/seed-custom-containers.rst
index 8c9738ff0..5b3e03cdd 100644
--- a/doc/source/configuration/reference/seed-custom-containers.rst
+++ b/doc/source/configuration/reference/seed-custom-containers.rst
@@ -73,9 +73,9 @@ custom seed container. In this case, basic authentication login attempts can be
 disabled by setting
 
 .. code-block:: yaml
-   :caption: ``kolla.yml``
+   :caption: ``seed.yml``
 
-   deploy_containers_registry_attempt_login: false
+   seed_deploy_containers_registry_attempt_login: false
 
 Without this setting, the login will fail because the registry has not yet been
 deployed.
diff --git a/etc/kayobe/seed.yml b/etc/kayobe/seed.yml
index f7cacab42..bc86fa627 100644
--- a/etc/kayobe/seed.yml
+++ b/etc/kayobe/seed.yml
@@ -106,6 +106,10 @@
 #
 #seed_containers:
 
+# Whether to attempt a basic authentication login to a registry when
+# deploying seed containers
+#seed_deploy_containers_registry_attempt_login:
+
 ###############################################################################
 # Seed node firewalld configuration.
 
diff --git a/kayobe/utils.py b/kayobe/utils.py
index 5864cfff4..6ccc4b6e9 100644
--- a/kayobe/utils.py
+++ b/kayobe/utils.py
@@ -91,7 +91,7 @@ def _get_base_path():
         return os.path.join(prefix, "share", "kayobe")
 
     # Assume uninstalled
-    return os.path.join(os.path.realpath(__file__), "..")
+    return os.path.join(os.path.dirname(os.path.realpath(__file__)), "..")
 
 
 def galaxy_role_install(role_file, roles_path, force=False):
diff --git a/releasenotes/notes/disable-selinux-overcloud-dib-rocky-7c381912c3dfbc09.yaml b/releasenotes/notes/disable-selinux-overcloud-dib-rocky-7c381912c3dfbc09.yaml
new file mode 100644
index 000000000..24b3bf78a
--- /dev/null
+++ b/releasenotes/notes/disable-selinux-overcloud-dib-rocky-7c381912c3dfbc09.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Adds missing ``disable-selinux`` element when building Rocky Linux
+    overcloud host disk images.