Use ubi9 image for aee

The current adt image is with fedora base image that installs packages
using pip without constraints and prone to be broken with latest changes
in packages.

We also probably need a way to control what should be installed with pip and
dnf when using ubi9.

Signed-off-by: rabi <[email protected]>

Makefile

@@ -41,7 +41,7 @@ execute_molecule: setup_test_environment ## Setup the test environment and execu
 
 .PHONY: openstack_ansibleee_build
 openstack_ansibleee_build: ## Build the openstack-ansibleee-runner image
-	podman build . -f openstack_ansibleee/Dockerfile -t ${IMG}
+	podman build . -f openstack_ansibleee/Containerfile -t ${IMG}
 
 .PHONY: openstack_ansibleee_push
 openstack_ansibleee_push: ## Push the openstack-ansibleee-runner image

openstack_ansibleee/Containerfile

@@ -0,0 +1,38 @@
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest as builder
+ARG PYV=3.12
+ARG REMOTE_SOURCE=.
+ARG REMOTE_SOURCE_DIR=/var/tmp/edpm-ansible
+ARG REMOTE_BUILD_DIR=/tmp/openstack_ansibleee
+
+COPY $REMOTE_SOURCE $REMOTE_SOURCE_DIR
+
+USER 0
+RUN --mount=type=bind,source=openstack_ansibleee,target=$REMOTE_BUILD_DIR,rw=true --mount=type=cache,dst=/var/cache/dnf \
+    --mount=type=cache,dst=/root/.cache/pip chmod +x $REMOTE_BUILD_DIR/setup.sh && $REMOTE_BUILD_DIR/setup.sh
+
+RUN cd $REMOTE_SOURCE_DIR/openstack_ansibleee && \
+    ansible-galaxy collection install -U --timeout 120 -r requirements.yaml --collections-path "/usr/share/ansible/collections" && \
+    ansible-galaxy collection install -U $REMOTE_SOURCE_DIR --collections-path "/usr/share/ansible/collections"
+
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest as runner
+
+ARG PYV=3.12
+ARG REMOTE_SOURCE=.
+ARG REMOTE_BUILD_DIR=/tmp/openstack_ansibleee
+
+USER 0
+RUN --mount=type=bind,source=openstack_ansibleee,target=$REMOTE_BUILD_DIR,rw=true --mount=type=cache,dst=/var/cache/dnf \
+ --mount=type=cache,dst=/root/.cache/pip chmod +x $REMOTE_BUILD_DIR/setup.sh && $REMOTE_BUILD_DIR/setup.sh
+
+COPY --from=builder /usr/share/ansible /usr/share/ansible
+COPY $REMOTE_SOURCE/openstack_ansibleee/settings /runner/env/settings
+COPY $REMOTE_SOURCE/openstack_ansibleee/edpm_entrypoint.sh /opt/builder/bin/edpm_entrypoint
+
+RUN sed '1d' /usr/local/lib/python${PYV}/site-packages/ansible_builder/_target_scripts/entrypoint >> /opt/builder/bin/edpm_entrypoint
+RUN mkdir /runner/project && chmod -R 775 /runner && chmod +x /opt/builder/bin/edpm_entrypoint && chmod ug+rw /etc/passwd
+
+ENV EDPM_SYSTEMROLES='fedora.linux_system_roles'
+WORKDIR /runner
+LABEL ansible-execution-environment=true
+ENTRYPOINT ["/opt/builder/bin/edpm_entrypoint", "dumb-init"]

openstack_ansibleee/requirements.txt

@@ -0,0 +1,4 @@
+ansible-core>=2.16.1
+ansible-runner>=2.4.0
+ansible-builder>=3.1.0
+dumb-init>=1.2.2

openstack_ansibleee/setup.sh

@@ -0,0 +1,23 @@
+#!/bin/bash -e
+set -eux pipefail
+
+microdnf -y makecache
+microdnf install -y \
+    gcc \
+    libssh-devel \
+    iputils \
+    bind-utils \
+    ncurses \
+    openssh-clients \
+    "python${PYV}" \
+    "python${PYV}-cffi" \
+    "python${PYV}-pip" \
+    "python${PYV}-pyyaml" \
+    "python${PYV}-wheel" \
+    util-linux-user \
+    which \
+    zsh
+
+microdnf -y clean all
+
+"/usr/bin/python${PYV}" -m pip install --no-cache -r $REMOTE_BUILD_DIR/requirements.txt