FROM centos:8

USER root

# sync with installer/roles/image_build/templates/Dockerfile.j2
RUN dnf -y update && \
  dnf -y install epel-release 'dnf-command(config-manager)' && \
  dnf module -y enable 'postgresql:10' && \
  dnf config-manager --set-enabled PowerTools && \
  dnf -y install acl \
  ansible \
  bubblewrap \
  curl \
  gcc \
  gcc-c++ \
  git-core \
  glibc-langpack-en \
  krb5-workstation \
  libcurl-devel \
  libffi-devel \
  libstdc++.so.6 \
  libtool-ltdl-devel \
  libcgroup-tools \
  make \
  mercurial \
  nginx \
  nodejs \
  nss \
  openldap-devel \
  openssh-server \
  patch \
  @postgresql:10 \
  postgresql-devel \
  python3-devel \
  python3-libselinux \
  python3-pip \
  python3-psycopg2 \
  python3-setuptools \
  rsync \
  subversion \
  sudo \
  swig \
  tmux \
  unzip \
  vim-minimal \
  xmlsec1 \
  xmlsec1-devel \
  xmlsec1-openssl \
  xmlsec1-openssl-devel \
  dnf-utils

ADD https://github.com/krallin/tini/releases/download/v0.14.0/tini /tini
RUN chmod +x /tini

RUN python3 -m ensurepip && pip3 install virtualenv
RUN pip3 install supervisor

ADD Makefile /tmp/Makefile
RUN mkdir /tmp/requirements
ADD requirements/requirements_ansible.txt \
    requirements/requirements_ansible_uninstall.txt \
    requirements/requirements_ansible_git.txt \
    requirements/requirements.txt \
    requirements/requirements_tower_uninstall.txt \
    requirements/requirements_git.txt \
    /tmp/requirements/
RUN cd /tmp && VENV_BASE="/var/lib/awx/venv" make requirements_awx requirements_ansible_py3

RUN dnf -y remove *-devel \
  gcc \
  gcc-c++ \
  nodejs

# makes postgres available for data migrations when upgrading
RUN export PATH=/usr/pgsql-10/bin:$PATH

RUN dnf -y clean all
RUN rm -rf /root/.cache

ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8

RUN ln -s /var/lib/awx/venv/awx/bin/awx-manage /usr/bin/awx-manage
RUN rm -rf /tmp/*

RUN echo "{{ awx_version }}" > /var/lib/awx/.tower_version
COPY {{ awx_sdist_file }} /tmp/{{ awx_sdist_file }}
RUN OFFICIAL=yes /var/lib/awx/venv/awx/bin/pip install /tmp/{{ awx_sdist_file }}

ADD settings.py /etc/tower/settings.py
ADD supervisor.conf /supervisor.conf
ADD supervisor_task.conf /supervisor_task.conf
ADD launch_awx.sh /usr/bin/launch_awx.sh
ADD launch_awx_task.sh /usr/bin/launch_awx_task.sh
ADD config-watcher /usr/bin/config-watcher
RUN chmod +rx /usr/bin/launch_awx.sh && \
    chmod +rx /usr/bin/launch_awx_task.sh && \
    chmod +rx /usr/bin/config-watcher

# Install OpenShift CLI
RUN cd /usr/local/bin && \
    curl -L https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz | \
    tar -xz --strip-components=1 --wildcards --no-anchored 'oc'

ADD google-cloud-sdk.repo /etc/yum.repos.d/
RUN dnf install -y kubectl

RUN find /var/lib/awx -not -path '/var/lib/awx/venv*' | xargs chgrp root
RUN find /var/lib/awx -not -path '/var/lib/awx/venv*' | xargs chmod g+w

# Pre-create things that we need to write to
RUN for dir in /home/awx /var/log/tower /var/log/nginx /var/lib/nginx; \
  do mkdir -p $dir; chmod -R g+rwx $dir; chgrp -R root $dir; done

RUN for file in /etc/passwd /var/run/nginx.pid; \
  do touch $file; chmod -R g+rwx $file; chgrp -R root $file; done

# https://github.com/ansible/awx/issues/5224
RUN chmod u+s /usr/bin/bwrap

VOLUME /var/lib/nginx
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
    && ln -sf /dev/stderr /var/log/nginx/error.log

ENV HOME=/home/awx
WORKDIR ${HOME}
USER 1000
EXPOSE 8052

ENTRYPOINT ["/tini", "--"]
CMD /usr/bin/launch_awx.sh