diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2
index 80e6c8747d..2b299a0d64 100644
--- a/docker/base/Dockerfile.j2
+++ b/docker/base/Dockerfile.j2
@@ -17,15 +17,6 @@ COPY curlrc /root/.curlrc
 ENV LANG en_US.UTF-8
 {% endblock %}
 
-{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
-{# Specifics required such as homedir or shell are configured within the service specific image #}
-{%- for name, user in users | dictsort() %}
-{% if loop.first -%}RUN {% else %}    && {% endif -%}
-    groupadd --gid {{ user.gid }} {{ user.group }} \
-    && useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
-        {%- if not loop.last %} \{% endif -%}
-{%- endfor %}
-
 LABEL kolla_version="{{ kolla_version }}"
 
 {% import "macros.j2" as macros with context %}
@@ -223,6 +214,7 @@ RUN {{ macros.install_packages(base_centos_yum_repo_packages | customizable("cen
         'socat',
         'sudo',
         'tar',
+        'util-linux',
         'util-linux-user',
         'which'
 ] %}
@@ -358,6 +350,15 @@ RUN apt-get update \
 {# endif base_package_type deb #}
 {% endif %}
 
+{# NOTE(SamYaple): Avoid uid/gid conflicts by creating each user/group up front. #}
+{# Specifics required such as homedir or shell are configured within the service specific image #}
+{%- for name, user in users | dictsort() %}
+{% if loop.first -%}RUN {% else %}    && {% endif -%}
+    groupadd --gid {{ user.gid }} {{ user.group }} \
+    && useradd -l -M --shell /usr/sbin/nologin --uid {{ user.uid }} --gid {{ user.gid }} {{ name }}
+        {%- if not loop.last %} \{% endif -%}
+{%- endfor %}
+
 {% if base_distro == 'centos' %}
 RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth \
     && sed -ri '/^[^#]/ s/systemd//g' /etc/nsswitch.conf
diff --git a/tests/playbooks/pre.yml b/tests/playbooks/pre.yml
index 30eb8c9fc7..0fbeec3dfc 100644
--- a/tests/playbooks/pre.yml
+++ b/tests/playbooks/pre.yml
@@ -55,6 +55,12 @@
           apt_repository:
             repo: "deb {{ nodepool_docker_proxy }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
             state: present
+
+        - name: Ensure AppArmor is installed
+          package:
+            name: apparmor
+            state: present
+
       when: ansible_os_family == "Debian"
       become: true
 
diff --git a/tests/playbooks/run.yml b/tests/playbooks/run.yml
index f5f0882163..f95b1da40c 100644
--- a/tests/playbooks/run.yml
+++ b/tests/playbooks/run.yml
@@ -8,7 +8,6 @@
       DEFAULT:
         debug: true
         logs_dir: "{{ kolla_build_logs_dir }}"
-        work_dir: "{{ kolla_logs_dir }}/work_dir"
         quiet: true
         base: "{{ base_distro }}"
         install_type: "{{ install_type }}"
@@ -43,5 +42,8 @@
         src: "{{ zuul.executor.work_root }}/{{ zuul.project.src_dir }}/tests/templates/template_overrides.j2"
         dest: /etc/kolla/template_overrides.j2
 
+    - name: Run kolla-build to template out dockerfiles
+      command: "{{ virtualenv_path }}/bin/kolla-build --template-only --work-dir {{ kolla_build_logs_dir }}/work_dir"
+
     - name: Run kolla-build
       command: "{{ virtualenv_path }}/bin/kolla-build"