Merge pull request #29 from ppodgorsek/issue-28

Issue #28 - Replace the base image with an Ansible AWX execution envi…

Author: ppodgorsek

Containerfile

@@ -1,8 +1,10 @@
-FROM quay.io/podman/stable:v5.6
+FROM docker.io/ppodgorsek/ansible-awx-ee:24.6.1.4
 
 LABEL authors="Paul Podgorsek"
 LABEL description="An agent for Azure Pipelines, with Ansible, git, Helm + kubectl, Java, Maven, .Net, Podman (Docker) + Buildah, PostgreSQL, Python 3 and Terraform enabled."
 
+ENV AGENT_GROUP_ID="1000"
+ENV AGENT_USER_ID="1000"
 ENV AGENT_USER_NAME="podman"
 ENV AGENT_WORK_DIR="/opt/pipeline-agent"
 
@@ -11,14 +13,7 @@ ENV AZURE_DEVOPS_AGENT_POOL="Default"
 ENV AZURE_DEVOPS_AGENT_NAME=""
 ENV AZURE_DEVOPS_AGENT_VERSION="4.264.2"
 
-ENV ANSIBLE_COLLECTION_AWS_VERSION="10.1.2"
-ENV ANSIBLE_COLLECTION_AZURE_VERSION="v3.11.0"
-ENV ANSIBLE_COLLECTION_GCP_VERSION="v1.10.2"
 ENV DOTNET_VERSION="10.0"
-ENV HELM_VERSION="v3.19.0"
-ENV JAVA_VERSION="21"
-ENV POSTGRESQL_VERSION="18"
-ENV TERRAFORM_VERSION="1.13.5"
 
 # Agent capabilities
 ENV ansible="enabled"
@@ -31,40 +26,72 @@ ENV maven="enabled"
 ENV postgresql="enabled"
 ENV terraform="enabled"
 
+USER root
+
 # Don't include container-selinux and remove directories used by DNF that are just taking up space.
 RUN dnf upgrade -y > /dev/null \
+  && dnf reinstall -y shadow-utils \
   && dnf install -y \
     --exclude container-selinux \
     automake \
     buildah \
     # Install dependencies for cryptography due to https://github.com/pyca/cryptography/issues/5771
     cargo \
-    curl \
     dnf-plugins-core \
     dotnet-sdk-${DOTNET_VERSION} \
+    fuse-overlayfs \
     gcc \
     gcc-c++ \
     git \
-    java-${JAVA_VERSION}-openjdk \
     make \
     maven \
-    openssl \
     openssl-devel \
     podman-docker \
     python3 \
     python3-devel \
     python3-pip \
     rust \
-    unzip \
     wget \
     which \
     zip \
   && dnf clean all \
   && rm -rf /var/cache /var/log/dnf* /var/log/yum.*
 
+# Podman
+
+RUN groupadd --gid ${AGENT_GROUP_ID} ${AGENT_USER_NAME} \
+  && useradd --gid ${AGENT_GROUP_ID} --uid ${AGENT_USER_ID} ${AGENT_USER_NAME} \
+  && echo ${AGENT_USER_NAME}:10000:5000 > /etc/subuid \
+  && echo ${AGENT_USER_NAME}:10000:5000 > /etc/subgid
+
+VOLUME /var/lib/containers
+VOLUME /home/${AGENT_USER_NAME}/.local/share/containers
+
+ADD https://raw.githubusercontent.com/containers/image_build/main/podman/containers.conf /etc/containers/containers.conf
+ADD https://raw.githubusercontent.com/containers/image_build/main/podman/podman-containers.conf /home/${AGENT_USER_NAME}/.config/containers/containers.conf
+
+RUN chown ${AGENT_USER_ID}:${AGENT_GROUP_ID} -R /home/${AGENT_USER_NAME}
+
+# chmod containers.conf and adjust storage.conf to enable Fuse storage.
+RUN chmod 644 /etc/containers/containers.conf \
+  && sed -i -e 's|^#mount_program|mount_program|g' \
+    -e '/additionalimage.*/a "/var/lib/shared",' \
+    -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
+    /etc/containers/storage.conf \
+  && mkdir -p /var/lib/shared/overlay-images \
+    /var/lib/shared/overlay-layers \
+    /var/lib/shared/vfs-images \
+    /var/lib/shared/vfs-layers \
+  && touch /var/lib/shared/overlay-images/images.lock \
+  && touch /var/lib/shared/overlay-layers/layers.lock \
+  && touch /var/lib/shared/vfs-images/images.lock \
+  && touch /var/lib/shared/vfs-layers/layers.lock
+
+ENV _CONTAINERS_USERNS_CONFIGURED=""
+
 # Create directories for the agent files
 RUN mkdir ${AGENT_WORK_DIR} \
-  && chown -R ${AGENT_USER_NAME}:${AGENT_USER_NAME} ${AGENT_WORK_DIR} \
+  && chown -R ${AGENT_USER_ID}:${AGENT_GROUP_ID} ${AGENT_WORK_DIR} \
   \
   # Download and unpack tarball
   && curl -L https://download.agent.dev.azure.com/agent/${AZURE_DEVOPS_AGENT_VERSION}/vsts-agent-${AGENT_PLATFORM:-linux-x64}-${AZURE_DEVOPS_AGENT_VERSION}.tar.gz -o /tmp/agent.tar.gz \
@@ -79,39 +106,7 @@ RUN sh ${AGENT_WORK_DIR}/bin/installdependencies.sh
 COPY scripts/configure-and-run-agent.sh ${AGENT_WORK_DIR}/configure-and-run-agent.sh
 
 # Grant the correct permissions
-RUN chown ${AGENT_USER_NAME}:${AGENT_USER_NAME} ${AGENT_WORK_DIR}/configure-and-run-agent.sh
-
-# Install the latest version of Ansible, along with the collections for major cloud providers
-RUN pip3 install ansible --upgrade \
-  && pip3 install cryptography --upgrade \
-  && pip3 install -r https://raw.githubusercontent.com/ansible-collections/amazon.aws/${ANSIBLE_COLLECTION_AWS_VERSION}/requirements.txt \
-  # azure-iot-hub relies on the outdated uamqp library, which doesn't work with recent Python versions
-  && curl https://raw.githubusercontent.com/ansible-collections/azure/${ANSIBLE_COLLECTION_AZURE_VERSION}/requirements.txt | grep -ivE "azure-iot-hub|azure-mgmt-iothub" > azure-requirements.txt \
-  && pip3 install -r azure-requirements.txt \
-  && pip3 install -r https://raw.githubusercontent.com/ansible-collections/google.cloud/${ANSIBLE_COLLECTION_GCP_VERSION}/requirements.txt
-
-# Kubernetes & Helm
-COPY conf/kubernetes.repo /etc/yum.repos.d/kubernetes.repo
-RUN dnf install -y kubectl \
-  && dnf clean all \
-  && pip3 install kubernetes \
-  && curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/${HELM_VERSION}/scripts/get-helm-3 \
-  && chmod 700 get_helm.sh \
-  && ./get_helm.sh --version ${HELM_VERSION} \
-  && rm -f get_helm.sh \
-  && helm plugin install https://github.com/databus23/helm-diff
-
-# PostgreSQL
-RUN dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/F-43-x86_64/pgdg-fedora-repo-latest.noarch.rpm \
-  && dnf install -y postgresql${POSTGRESQL_VERSION} \
-  && dnf clean all \
-  && pip3 install psycopg2-binary
-
-# Terraform
-# Official documentation: https://developer.hashicorp.com/terraform/install
-RUN dnf config-manager addrepo --from-repofile=https://rpm.releases.hashicorp.com/fedora/hashicorp.repo \
-  && dnf install -y terraform-${TERRAFORM_VERSION}* \
-  && dnf clean all
+RUN chown ${AGENT_USER_ID}:${AGENT_GROUP_ID} ${AGENT_WORK_DIR}/configure-and-run-agent.sh
 
 USER ${AGENT_USER_NAME}
 

README.md

@@ -8,6 +8,7 @@
     * [Changing the name of the agent pool](#changing-agent-pool-name)
     * [Initialising a self-hosted agent pool via the placeholder mode](#placeholder-mode)
     * [Overriding the agent name](#overriding-agent-name)
+    * [Running Ansible](#running-ansible)
 * [Running the image on different platforms](#platforms)
     * [Azure Container Apps](#platform-azure-container-apps)
 * [Please contribute!](#please-contribute)
@@ -129,6 +130,22 @@ docker run --rm \
     docker.io/ppodgorsek/azure-pipelines-agent:<version>
 ```
 
+<a name="running-ansible"></a>
+
+### Running Ansible
+
+When running Ansible in your build pipeline, remember to install the relevant Ansible collections, for example:
+
+```yml
+- script: |
+  cd $(Pipeline.Workspace)/$(INFRASTRUCTURE_AS_CODE_PATH)/
+
+  ansible-galaxy install -r collections/requirements.yml
+
+  ansible-playbook CHANGEME-playbook.yml -i inventories/CHANGEME/hosts
+displayName: Ansible
+```
+
 <a name="platforms"></a>
 
 ## Running the image on different platforms