diff --git a/apps/api/src/services/awooop_ansible_check_mode_service.py b/apps/api/src/services/awooop_ansible_check_mode_service.py
index 8e4e6933..d44b4c69 100644
--- a/apps/api/src/services/awooop_ansible_check_mode_service.py
+++ b/apps/api/src/services/awooop_ansible_check_mode_service.py
@@ -256,6 +256,19 @@ def _resolve_playbook_path(playbook_root: Path, playbook_path: str) -> Path:
     return resolved
 
 
+def _ansible_command_env(playbook_root: Path) -> dict[str, str]:
+    roles_path = str((playbook_root / "roles").resolve())
+    existing_roles_path = os.environ.get("ANSIBLE_ROLES_PATH")
+    if existing_roles_path:
+        roles_path = os.pathsep.join([roles_path, existing_roles_path])
+    return {
+        **os.environ,
+        "ANSIBLE_HOST_KEY_CHECKING": "true",
+        "ANSIBLE_RETRY_FILES_ENABLED": "false",
+        "ANSIBLE_ROLES_PATH": roles_path,
+    }
+
+
 def build_ansible_check_mode_command(
     *,
     playbook_path: str,
@@ -296,11 +309,7 @@ def build_ansible_check_mode_command(
         "--extra-vars",
         json.dumps(extra_vars, ensure_ascii=False, separators=(",", ":")),
     ]
-    env = {
-        **os.environ,
-        "ANSIBLE_HOST_KEY_CHECKING": "true",
-        "ANSIBLE_RETRY_FILES_ENABLED": "false",
-    }
+    env = _ansible_command_env(root)
     return AnsibleCommandSpec(
         command=command,
         cwd=root,
@@ -351,11 +360,7 @@ def build_ansible_apply_command(
         "--extra-vars",
         json.dumps(extra_vars, ensure_ascii=False, separators=(",", ":")),
     ]
-    env = {
-        **os.environ,
-        "ANSIBLE_HOST_KEY_CHECKING": "true",
-        "ANSIBLE_RETRY_FILES_ENABLED": "false",
-    }
+    env = _ansible_command_env(root)
     return AnsibleCommandSpec(
         command=command,
         cwd=root,
diff --git a/apps/api/tests/test_awooop_truth_chain_service.py b/apps/api/tests/test_awooop_truth_chain_service.py
index cb085eaf..563ae56f 100644
--- a/apps/api/tests/test_awooop_truth_chain_service.py
+++ b/apps/api/tests/test_awooop_truth_chain_service.py
@@ -1,6 +1,7 @@
 from __future__ import annotations
 
 import inspect
+import os
 from datetime import UTC, datetime, timedelta
 from pathlib import Path
 from types import SimpleNamespace
@@ -1418,6 +1419,9 @@ def test_ansible_check_mode_command_uses_check_diff_and_selected_ssh_transport(t
     assert str(repair_key) in spec.command[-1]
     assert str(known_hosts) in spec.command[-1]
     assert "apply" not in " ".join(spec.command)
+    assert str((playbook_root / "roles").resolve()) in spec.env[
+        "ANSIBLE_ROLES_PATH"
+    ].split(os.pathsep)
 
 
 def test_ansible_apply_command_uses_controlled_apply_without_check(tmp_path: Path) -> None:
@@ -1448,6 +1452,9 @@ def test_ansible_apply_command_uses_controlled_apply_without_check(tmp_path: Pat
     assert "ansible_ssh_private_key_file" in spec.command[-1]
     assert str(repair_key) in spec.command[-1]
     assert str(known_hosts) in spec.command[-1]
+    assert str((playbook_root / "roles").resolve()) in spec.env[
+        "ANSIBLE_ROLES_PATH"
+    ].split(os.pathsep)
 
 
 def test_ansible_controlled_apply_builds_auto_repair_receipt() -> None: