AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

AAP 2.7 EE Builder Step 4: Review and Validate Before Build

By Luca Berton · Published 2024-01-01 · Category: installation

How AAP 2.7's EE Builder wizard Step 4 (Review) validates base image, collections, and destination settings before triggering an execution environment build.

Why a Review Step Matters for Execution Environments

Execution environments (EEs) are the container images that carry Ansible Core, collections, and their Python and system dependencies into every job run on Ansible Automation Platform. Get one wrong — a missing collection, a mismatched base image, an unintended tag — and the failure doesn't show up until a job template runs against it, often far from whoever built the image. The AAP 2.7 Automation Portal addresses this with a visual EE Builder wizard that lets you assemble an execution environment without touching YAML at all. As shown at Red Hat Tech Day Netherlands 2026 in Bunnik, the wizard walks through four steps: Base Image, Configuration, Destination and Build, and finally Review — the checkpoint this article focuses on.

Step 4 exists precisely because the first three steps happen across separate screens, sometimes minutes apart, and it's easy to lose track of exactly what you've assembled. Review consolidates every decision into one place so you validate before committing compute time and registry space to a build.

See also: AAP 2.7 EE Builder Step 1: Choosing a Base Image

What the Review Step Shows

By the time you reach Step 4, you've already made three sets of decisions:

  1. Base Image — a Red Hat-provided image such as the recommended Red Hat Ansible Minimal EE (Ansible Core 2.18 on RHEL 9), its stable-channel variant, the Ansible Core 2.16 on RHEL 9 image, its stable-channel variant, or a fully custom base image you supplied.
  2. Configuration — the collections added via the picker, which searches both Private Automation Hub (rh-certified content) and GitHub, plus anything set in Advanced Configuration (extra Python requirements, system packages, custom build steps).
  3. Destination and Build — the EE definition's name, description, tags, the Git repository it will publish to, and whether a build should fire automatically right after publishing.
The Review screen presents all of this as a single, read-only summary before the build pipeline runs. Practically, that means you're checking:
SectionWhat to verify in Review
Base ImageCorrect Ansible Core version (2.18 vs 2.16) and RHEL 9 base, or that your custom image reference is accurate
CollectionsEvery required collection is listed with the intended version (e.g., redhat.rhel_system_roles at v1.20.5)
Advanced ConfigurationExtra Python/system packages and custom build steps appear exactly as entered, no typos in package names
DestinationEE name, description, and tags are meaningful and consistent with your naming convention
Git PublishTarget repository is correct and authentication is valid
Auto-buildThe "build immediately after publishing" toggle reflects your intent
If anything looks wrong, the wizard lets you step back to the relevant screen rather than restarting from scratch — an important usability detail, since re-entering a long collection list is the kind of friction that leads people to skip validation altogether.

Why This Matters More Than It Looks

It's tempting to treat Review as a formality, but in EE building it's the last point where a mistake is cheap to fix. Once the build kicks off, the platform pulls base layers, resolves collection dependencies, installs Python and system packages, and pushes the resulting image to your Git-backed pipeline. Catching a missing collection or wrong base image before that point saves a build cycle, a registry push, and — if the EE is already referenced by job templates — a broken automation run.

This is also where the "no YAML" promise of the wizard is tested. Under the hood, everything you reviewed in Step 4 still gets translated into the equivalent of an execution-environment.yml definition and a requirements.yml for collections. Understanding that mapping helps you sanity-check the Review screen even if you've never written EE definitions by hand. For example, a collection you added in Step 2 corresponds conceptually to an entry like this in the underlying requirements:

---
collections:
  - name: redhat.rhel_system_roles
    version: "1.20.5"
    source: https://console.redhat.com/api/automation-hub/content/rh-certified/

And a job template that later consumes this EE simply references it by name, expecting the collection to already be present:

---
- name: Apply RHEL system roles baseline via the built EE
  hosts: rhel_servers
  become: true
  collections:
    - redhat.rhel_system_roles

  tasks:
    - name: Ensure timesync role is applied consistently across the fleet
      ansible.builtin.include_role:
        name: redhat.rhel_system_roles.timesync
      vars:
        timesync_ntp_servers:
          - hostname: 0.pool.ntp.org
            iburst: true
          - hostname: 1.pool.ntp.org
            iburst: true

    - name: Confirm chronyd is active after role application
      ansible.builtin.service_facts:

    - name: Fail fast if chronyd did not converge
      ansible.builtin.assert:
        that:
          - "'chronyd.service' in ansible_facts.services"
          - "ansible_facts.services['chronyd.service'].state == 'running'"
        fail_msg: "chronyd is not running — check the EE's rhel_system_roles version in Review before re-building."

If the Review screen had shown the wrong redhat.rhel_system_roles version, or omitted it entirely, this job would fail at runtime with a much less obvious error — a missing role or module rather than a clear "collection not found." Reviewing carefully at Step 4 turns a runtime mystery into a five-second visual check.

See also: AAP 2.7 EE Builder Step 2: Adding Collections from Private Automation Hub

After Review: Build, Publish, and Catalog

Once you confirm Step 4, the wizard proceeds to build the image, publish the definition to the configured Git repository (if you enabled that in Step 3), and, if auto-build was toggled on, kick off the container build immediately. The resulting EE definition then lands in the Automation Portal's searchable catalog, alongside every other EE definition in your organization — each entry showing its owner, tags, and star/edit/delete actions. That catalog is effectively the long-term audit trail: anyone can later open a definition, see who owns it, and confirm what it contains without re-deriving it from a Review screen that only existed transiently during creation.

This is why treating Review as a real gate — not a rubber stamp — pays off downstream. A well-reviewed, well-tagged EE definition is easier for teammates to find, trust, and reuse instead of spinning up a near-duplicate image.

Key Takeaways

  • Step 4 (Review) in the AAP 2.7 EE Builder is the last checkpoint before a container build actually runs, consolidating Base Image, Configuration, and Destination/Build choices into one summary.
  • Validate the Ansible Core/RHEL 9 base image version, every collection and its version (e.g., redhat.rhel_system_roles v1.20.5), Advanced Configuration entries, and the Git publish target before confirming.
  • The wizard lets you navigate back to earlier steps from Review, so mistakes are cheap to fix here and expensive to fix after the build starts.
  • Reviewed EE definitions still map conceptually to standard execution-environment.yml and requirements.yml structures, which is useful for reasoning about what you're approving.
  • After a successful Review and build, the EE definition appears in the Automation Portal's searchable catalog with owner, tags, and star/edit/delete actions — making careful naming and tagging at Review time worth the extra minute.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home