AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Everything New in Ansible Automation Platform 2.7: Portal, Orchestrator, MCP, and AI

By Luca Berton · Published 2024-01-01 · Category: installation

A complete roundup of Ansible Automation Platform 2.7: Automation Portal, MCP Server, Orchestrator preview, AI assistant, and 12 new collections.

Red Hat used Red Hat Tech Day Netherlands 2026, held in Bunnik on 3 June 2026, to formally introduce Ansible Automation Platform (AAP) 2.7 — and it's one of the busier releases in the platform's history. Between a new self-service portal, an AI assistant, a Tech Preview MCP server, and a first look at a Temporal-based orchestrator, there's a lot to unpack. This article rounds up every headline feature announced, plus the architecture and lifecycle changes admins need to plan around.

Automation Portal: self-service for the rest of the org

The biggest UX shift in 2.7 is the Automation Portal, a new self-service layer designed for users who aren't automation engineers but need to consume automation safely. Two capabilities stand out:

  • Self-service templates — curated, parameterized job templates that non-admin users can launch through a simplified form, without needing controller-level access.
  • Visual Execution Environment (EE) Builder — a graphical workflow for composing and building custom execution environments, replacing hand-written execution-environment.yml files with a point-and-click builder for base images, collections, and Python/system dependencies.
The intent is clear: reduce the number of people who need direct access to Automation Controller while still letting them trigger governed automation.

See also: AAP 2.7 EE Builder Step 1: Choosing a Base Image

Automation Intelligent Assistant with BYOK RAG

AAP 2.7 also ships the Automation Intelligent Assistant, an AI helper embedded in the platform experience. The standout architectural choice is BYOK (Bring Your Own Key) RAG — retrieval-augmented generation where organizations connect their own LLM provider credentials and their own knowledge sources, rather than being locked into a single hosted model. For regulated environments, this matters: content and prompts can stay inside an organization's chosen model boundary instead of flowing to a fixed third-party endpoint by default.

MCP Server (Tech Preview): 107 tools, six tool sets

Perhaps the most consequential change for anyone building agentic workflows is the new hosted MCP (Model Context Protocol) Server, shipping as a Tech Preview in 2.7. It exposes 107 tools grouped into 6 tool sets, letting AI agents and MCP-compatible clients query and act on AAP resources — job templates, inventories, execution status, and more — through a standard protocol instead of bespoke API integrations.

Because MCP is new territory for the platform, expect the tool surface to evolve before general availability. A representative (illustrative) way a controller job might expose MCP-relevant metadata today looks like this:

---
- name: Launch a job template surfaced via the AAP MCP Server tool set
  hosts: localhost
  gather_facts: false
  vars:
    aap_controller_host: "https://aap.example.com"
    job_template_name: "Patch - Production Web Tier"
  tasks:
    - name: Launch job template through automation controller
      ansible.controller.job_launch:
        name: "{{ job_template_name }}"
        controller_host: "{{ aap_controller_host }}"
        controller_username: "{{ aap_username }}"
        controller_password: "{{ aap_password }}"
        extra_vars:
          requested_by: "mcp-agent"
          change_ticket: "CHG0012345"
      register: job_launch_result

    - name: Report launch result for MCP tool-set consumption
      ansible.builtin.debug:
        msg: "Job {{ job_launch_result.id }} launched via MCP-exposed tool set"

Tech Preview status means it's supported for evaluation and feedback, not yet recommended for production-critical automation paths.

See also: AAP 2.7 EE Builder Step 2: Adding Collections from Private Automation Hub

Automation Orchestrator: a first preview, built on Temporal

Red Hat also previewed Automation Orchestrator, described as "Coming Q3 2026." It's built on Temporal, the durable-execution workflow engine, and is aimed at long-running, stateful orchestration scenarios that stretch beyond what a traditional job template or workflow template comfortably handles — think multi-day change windows, human-in-the-loop approval chains, or cross-system sagas that need to survive restarts. At Tech Day, this was shown as a preview only; there's no GA date beyond the Q3 2026 target.

12 new content collections

AAP 2.7 also broadens day-2 integration coverage with 12 new content collections, including:

  • Splunk
  • HashiCorp Vault
  • Cisco Intersight
  • Microsoft MECM (Configuration Manager) and SCOM
  • Google Cloud
  • Azure
These join the existing certified content catalog, giving teams more first-party-supported building blocks for observability, secrets management, hardware/UCS management, and multi-cloud operations without relying on community-maintained equivalents.

See also: AAP 2.7 EE Builder Step 3: Destination, Build, and Publish to Git

Architecture and platform changes

Several changes underneath the UI are just as significant as the headline features:

ChangeWhat it means
Gateway-only architectureAll inter-component traffic now flows exclusively through the gateway — no direct service-to-service calls — and this is enforced and regression-tested
PostgreSQL 16 and 17 supportBroader database version compatibility for new and upgraded installs
Django 5.2 LTSUnderlying web framework moves to a long-term-support release
Centralized OpenAPI specA single, unified API specification across platform components
ansible.platform collection, Phase 1Configuration-as-code for platform settings begins rolling out
The gateway-only architecture is a real hardening step: by removing direct service-to-service calls, Red Hat closes off a class of bypass paths and makes the gateway the single, auditable choke point for all traffic.

UX and customer-requested improvements

A batch of smaller, customer-driven fixes rounds out the release:

  • Bulk host delete
  • Clearer authentication mapping labels
  • Repository sync date shown directly in the UI
  • A feature-flags runtime UI
  • Workflow convergence improvements
  • An Automation Dashboard shipped as part of the main UI and installer (no longer a separate add-on)
None of these are headline-grabbing on their own, but they're the kind of friction-reducing changes that show up in day-to-day admin work constantly.

Lifecycle and upgrade timeline

Alongside 2.7, Red Hat confirmed important lifecycle dates:

  • AAP 2.4 reaches end of life in June 2026 — teams still on 2.4 should be actively planning migration now.
  • Extended Update Support (EUS) costs 50% extra for a first 12-month term and 75% extra for a second, for organizations that need more runway on an otherwise-retiring version.
  • The managed AAP 2.7 rollout follows a staged schedule:
  • Communications begin March 23, 2026
  • Segment 1 upgrades: June 2, 2026
  • General Availability: June 3, 2026
  • Segment 2 upgrades: June 16, 2026
If you're on a Red Hat-managed AAP offering, check which segment your organization falls into so the upgrade window doesn't catch your change-management process off guard.

Key Takeaways

  • Automation Portal brings self-service templates and a visual Execution Environment Builder to non-admin users.
  • Automation Intelligent Assistant uses BYOK RAG, so organizations control the LLM and knowledge sources behind AI assistance.
  • The new MCP Server (Tech Preview) exposes 107 tools across 6 tool sets for agentic and AI-driven automation — evaluate it, but don't bet production workflows on it yet.
  • Automation Orchestrator, built on Temporal, is previewed with a Q3 2026 target for long-running, stateful orchestration.
  • 12 new certified collections (Splunk, HashiCorp Vault, Cisco Intersight, Microsoft MECM/SCOM, Google Cloud, Azure) expand day-2 coverage.
  • The gateway-only architecture, PostgreSQL 16/17, Django 5.2 LTS, a centralized OpenAPI spec, and ansible.platform Phase 1 are the structural changes underpinning the release.
  • Plan around lifecycle dates now: AAP 2.4 EOL in June 2026, EUS pricing premiums of 50%/75%, and the managed rollout running from Segment 1 (June 2) through GA (June 3) to Segment 2 (June 16).
AAP 2.7 is less a single feature and more a statement of direction: more self-service, more AI surface area (with customer-controlled keys), and a hardened, more auditable core architecture. Teams should start with the low-risk wins — Automation Portal for self-service, the new collections for integration coverage — while treating MCP Server and Automation Orchestrator as previews to pilot, not production dependencies, until they mature past Tech Preview.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home