diff --git a/ansible/configs/base-infra/default_vars.yml b/ansible/configs/base-infra/default_vars.yml
index 3b705ca6323..cb9b04d575d 100644
--- a/ansible/configs/base-infra/default_vars.yml
+++ b/ansible/configs/base-infra/default_vars.yml
@@ -24,6 +24,48 @@ ansible_devops_user_ssh_config: ./files/ssh_config.j2
 
 software_to_deploy: none
 
+# Workloads should be specified in the appropriate var targeting the stage.
+# The format for each is a list with role name, hosts, and optional vars
+#
+# Workload roles use the ACTION var do determine whether they should
+# perform provision, start, stop, or destroy.
+#
+# If vars are included then those will be set with set_fact before the role
+# is called. This allows the same role to be called repeatedly on the same
+# or different hosts with different variables.
+#
+# Example:
+#
+# post_infra_workloads:
+# # Provsision a VM, add host to inventory
+# - name: mitzi_vm
+#   hosts: localhost
+#
+# # Configure software on bastion VM
+# software_workloads:
+# - name: mitzi_software
+#   hosts: bastion
+#
+# # Start the VM, then check software state
+# start_workloads:
+# - name: mitzi_vm
+#   hosts: localhost
+# - name: mitzi_software
+#   hosts: bastion
+#
+# # Shutdown the VM
+# stop_workloads:
+# - name: mitzi_vm
+#   hosts: localhost
+# - name: mitzi_software
+#   hosts: bastion
+#
+pre_infra_workloads: []
+post_infra_workloads: []
+pre_software_workloads: []
+software_workloads: []
+post_software_workloads: []
+
 # Setup inventory group for AAP2 Automation controller bastion
 # load-balancers, app_servers, database_servers may be discarded
 # in future iterations (update default_vars_<CLOUD_PROVIDER> as well
diff --git a/ansible/configs/base-infra/noop.yml b/ansible/configs/base-infra/noop.yml
new file mode 100644
index 00000000000..e57d366f1cd
--- /dev/null
+++ b/ansible/configs/base-infra/noop.yml
@@ -0,0 +1,4 @@
+---
+# Stand-in to implement no-op for workloads import_playbook compatibility
+- name: No-op
+  hosts: localhost
diff --git a/ansible/configs/base-infra/post_infra.yml b/ansible/configs/base-infra/post_infra.yml
index b6c1331dbdd..90730e7d108 100644
--- a/ansible/configs/base-infra/post_infra.yml
+++ b/ansible/configs/base-infra/post_infra.yml
@@ -47,3 +47,22 @@
           ansible.builtin.service:
             name: sshd
             state: restarted
+
+- name: Run host_workloads for post_infra_workloads
+  any_errors_fatal: true
+  hosts: all:localhost
+  gather_facts: false
+  tags:
+    - step002
+    - post_infrastructure
+  tasks:
+    - name: Include host_workloads for post_infra
+      when:
+        - post_infra_workloads is iterable
+        - post_infra_workloads is not mapping
+        - post_infra_workloads is not string
+      vars:
+        agnosticd_stage: post_infra
+        host_workloads: "{{ post_infra_workloads }}"
+      ansible.builtin.include_role:
+        name: host_workloads
diff --git a/ansible/configs/base-infra/post_software.yml b/ansible/configs/base-infra/post_software.yml
index 95eb2c1c55c..98edfc2a2ba 100644
--- a/ansible/configs/base-infra/post_software.yml
+++ b/ansible/configs/base-infra/post_software.yml
@@ -14,11 +14,31 @@
 # Post-Software Workloads as role
 # ----------------------------------------------------------------------
 - name: Import Post-software workloads
-  import_playbook: workloads.yml
+  import_playbook: >-
+    {{ 'workloads.yml' if post_software_workloads is mapping else 'noop.yml' }}
   vars:
     _workload_title_: "Post Software"
     _workloads_: "{{ post_software_workloads | default([]) }}"
 
+- name: Run host_workloads for post_software_workloads
+  any_errors_fatal: true
+  hosts: all:localhost
+  gather_facts: false
+  tags:
+    - step005
+    - post_software
+  tasks:
+    - name: Include host_workloads for post_software
+      when:
+        - post_software_workloads is iterable
+        - post_software_workloads is not mapping
+        - post_software_workloads is not string
+      vars:
+        agnosticd_stage: post_software
+        host_workloads: "{{ post_software_workloads }}"
+      ansible.builtin.include_role:
+        name: host_workloads
+
 - name: Deploy user setup
   hosts: localhost
   gather_facts: false
diff --git a/ansible/configs/base-infra/pre_infra.yml b/ansible/configs/base-infra/pre_infra.yml
index 1de473066a0..36c189a881d 100644
--- a/ansible/configs/base-infra/pre_infra.yml
+++ b/ansible/configs/base-infra/pre_infra.yml
@@ -28,10 +28,29 @@
 # ----------------------------------------------------------------------
 # Post-Software Workloads as role
 # ----------------------------------------------------------------------
-- name: Import Post-software workloads
-  import_playbook: workloads.yml
+- name: Import pre_infra workloads
+  import_playbook: >-
+    {{ 'workloads.yml' if pre_infra_workloads is mapping else 'noop.yml' }}
   vars:
     _workload_title_: "Pre Infra"
     _workloads_: "{{ pre_infra_workloads | default([]) }}"
 
+- name: Run host_workloads for pre_infra_workloads
+  any_errors_fatal: true
+  hosts: localhost
+  gather_facts: false
+  tags:
+    - step005
+    - pre_infrastructure
+  tasks:
+    - name: Include host_workloads for pre_infra
+      when:
+        - pre_infra_workloads is iterable
+        - pre_infra_workloads is not mapping
+        - pre_infra_workloads is not string
+      vars:
+        agnosticd_stage: pre_infra
+        host_workloads: "{{ pre_infra_workloads }}"
+      ansible.builtin.include_role:
+        name: host_workloads
 ...
diff --git a/ansible/configs/base-infra/pre_software.yml b/ansible/configs/base-infra/pre_software.yml
index 6dc86cf8bc0..3f976606557 100644
--- a/ansible/configs/base-infra/pre_software.yml
+++ b/ansible/configs/base-infra/pre_software.yml
@@ -17,11 +17,31 @@
 # Pre-Software Workloads as role
 # ----------------------------------------------------------------------
 - name: Import Pre-software workloads
-  import_playbook: workloads.yml
+  import_playbook: >-
+    {{ 'workloads.yml' if pre_software_workloads is mapping else 'noop.yml' }}
   vars:
     _workload_title_: "Pre Software"
     _workloads_: "{{ pre_software_workloads | default([]) }}"
 
+- name: Run host_workloads for pre_software_workloads
+  any_errors_fatal: true
+  hosts: all:localhost
+  gather_facts: false
+  tags:
+    - step004
+    - pre_software
+  tasks:
+    - name: Include host_workloads for pre_software
+      when:
+        - pre_software_workloads is iterable
+        - pre_software_workloads is not mapping
+        - pre_software_workloads is not string
+      vars:
+        agnosticd_stage: pre_software
+        host_workloads: "{{ pre_software_workloads }}"
+      ansible.builtin.include_role:
+        name: host_workloads
+
 - name: Create local ssh keys
   hosts: localhost
   gather_facts: false
diff --git a/ansible/configs/base-infra/software.yml b/ansible/configs/base-infra/software.yml
index 006e93da06d..92dcfa9c229 100644
--- a/ansible/configs/base-infra/software.yml
+++ b/ansible/configs/base-infra/software.yml
@@ -19,10 +19,30 @@
 # Software Workloads as role
 # ----------------------------------------------------------------------
 - name: Import Software workloads
-  import_playbook: workloads.yml
+  import_playbook: >-
+    {{ 'workloads.yml' if software_workloads is mapping else 'noop.yml' }}
   vars:
     _workload_title_: "Software"
-    _workloads_: "{{ software_workloads | default([]) }}"
+    _workloads_: "{{ software_workloads }}"
+
+- name: Run host_workloads for software_workloads
+  any_errors_fatal: true
+  hosts: all:localhost
+  gather_facts: false
+  tags:
+    - step005
+    - software
+  tasks:
+    - name: Include host_workloads for software
+      when:
+        - software_workloads is iterable
+        - software_workloads is not mapping
+        - software_workloads is not string
+      vars:
+        agnosticd_stage: software
+        host_workloads: "{{ software_workloads }}"
+      ansible.builtin.include_role:
+        name: host_workloads
 
 - name: Software flight-check
   hosts: localhost