diff --git a/container-images/kolla/tripleo-ansible-ee/requirements.yaml b/container-images/kolla/tripleo-ansible-ee/requirements.yaml
new file mode 100644
index 000000000..a4b801518
--- /dev/null
+++ b/container-images/kolla/tripleo-ansible-ee/requirements.yaml
@@ -0,0 +1,37 @@
+---
+# Copyright 2021 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Roles and collections dependencies of tripleo-ansible
+# https://opendev.org/openstack/tripleo-ansible/src/branch/master/tripleo_ansible/requirements.yml
+collections:
+  - name: https://opendev.org/openstack/ansible-collections-openstack.git
+    type: git
+  - containers.podman
+  - community.general
+  - ansible.posix
+  - community.crypto
+roles:
+  - name: openstack-operations
+    scm: git
+    src: https://opendev.org/openstack/ansible-role-openstack-operations
+    version: master
+    trackbranch: master
+  # ansible-config_template action plugin
+  - name: config_template
+    scm: git
+    src: https://opendev.org/openstack/ansible-config_template
+    version: master
+    trackbranch: master
diff --git a/container-images/kolla/tripleo-ansible-ee/settings b/container-images/kolla/tripleo-ansible-ee/settings
new file mode 100644
index 000000000..f96409e8f
--- /dev/null
+++ b/container-images/kolla/tripleo-ansible-ee/settings
@@ -0,0 +1,26 @@
+# If no output is detected from ansible in this number of seconds the execution will
+# be terminated.
+idle_timeout: ${RUNNER_IDLE_TIMEOUT:-600}
+# The maximum amount of time to allow the job to run for, exceeding this and the
+# execution will be terminated.
+job_timeout: ${RUNNER_JOB_TIMEOUT:-3600}
+
+# Number of seconds for the internal pexpect command to wait to block on
+# input before continuing.
+pexpect_timeout: ${RUNNER_PEXPECT_TIMEOUT:-10}
+# Use poll() function for communication with child processes instead of select().
+# select() is used when the value is set to False. select() has a known limitation of
+# using only up to 1024 file descriptors.
+pexpect_use_poll: ${RUNNER_PEXPECT_USE_POLL:-True}
+
+# Allow output from ansible to not be streamed to the stdout or stderr files inside
+# of the artifacts directory.
+suppress_output_file: ${RUNNER_SUPPRESS_OUTPUT_FILE:-False}
+# Allow output from ansible to not be printed to the screen.
+suppress_ansible_output: ${RUNNER_SUPPRESS_ANSIBLE_OUTPUT:-False}
+
+# The directory relative to artifacts where jsonfile fact caching will be stored.
+# Defaults to fact_cache. This is ignored if fact_cache_type is different than jsonfile.
+fact_cache: ${RUNNER_FACT_CACHE:-'fact_cache'}
+# The type of fact cache to use. Defaults to jsonfile.
+fact_cache_type: ${RUNNER_FACT_CACHE_TYPE:-'jsonfile'}
diff --git a/container-images/kolla/tripleo-ansible-ee/tripleo_entrypoint.sh b/container-images/kolla/tripleo-ansible-ee/tripleo_entrypoint.sh
new file mode 100644
index 000000000..f62d416f1
--- /dev/null
+++ b/container-images/kolla/tripleo-ansible-ee/tripleo_entrypoint.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# Adding tripleo ansible-runner specific scripts here
+# Expand the variables
+eval "echo \"$(cat /runner/env/settings)\"" > /runner/env/settings
+
+# Contents from ansible-runner entrypoint
diff --git a/container-images/tcib/tripleo-ansible-ee/tripleo-ansible-ee.yaml b/container-images/tcib/tripleo-ansible-ee/tripleo-ansible-ee.yaml
new file mode 100644
index 000000000..cb3208745
--- /dev/null
+++ b/container-images/tcib/tripleo-ansible-ee/tripleo-ansible-ee.yaml
@@ -0,0 +1,48 @@
+tcib_args:
+  TRIPLEO_ANSIBLE_REQ: "/usr/share/openstack-tripleo-common-containers/container-images/kolla/tripleo-ansible-ee/requirements.yaml"
+  ANSIBLE_RUNNER_IMAGE: quay.io/tripleoansible/ansible-runner:stream9
+tcib_from: $ANSIBLE_RUNNER_IMAGE
+tcib_actions:
+- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
+- user: root
+- run: >-
+    cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/tripleo-ansible-ee/settings /runner/env/settings &&
+    chmod 777 /runner/env/settings
+# To be able for ansible to deal with the arbirtray uid's that Openshift is enforcing
+# in its default scc, it would be necessary to add "RUN chmod g=u /etc/passwd /etc/group"
+# to the tcib file so the subsequent image let the operator set temporary permissions
+# on the openshift uid for ansible to work.
+- run: chmod g=u /etc/passwd /etc/group
+- workdir: /usr/share/ansible/roles
+- run: >-
+    if [ -f "$TRIPLEO_ANSIBLE_REQ" ]; then
+    ansible-galaxy role install -r $TRIPLEO_ANSIBLE_REQ --roles-path /usr/share/ansible/roles; fi
+- workdir: /usr/share/ansible/collections
+- run: >-
+    if [ -f "$TRIPLEO_ANSIBLE_REQ" ]; then
+    ansible-galaxy collection install -r $TRIPLEO_ANSIBLE_REQ --collections-path /usr/share/ansible/collections; fi
+- workdir: /runner
+- run: >-
+    if [ -d "/usr/share/ansible/roles" ]; then
+    rm -rf /runner/roles && ln -snf /usr/share/ansible/ansible roles; fi
+- run: >-
+    if [ -d "/usr/share/ansible/tripleo-playbooks" ]; then
+    rm -rf /runner/project && ln -snf /usr/share/ansible/tripleo-playbooks project; fi
+- run: >-
+    if [ -d "/usr/share/ansible/tripleo-inventory" ]; then
+    rm -rf /runner/inventory && ln -snf /usr/share/ansible/tripleo-inventory inventory; fi
+# Append the ansible-runner entrypoint content in tripleo_entrypoint by removing bash shebang
+- run: >-
+    cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/tripleo-ansible-ee/tripleo_entrypoint.sh /bin/tripleo_entrypoint &&
+    sed -i '1d' /bin/entrypoint &&
+    cat /bin/entrypoint >> /bin/tripleo_entrypoint &&
+    chmod +x /bin/tripleo_entrypoint
+- user: 1001
+tcib_entrypoint: tripleo_entrypoint
+# Install dumb-init from package instead from pip, used in ansible-runner entrypoint.
+tcib_packages:
+  common:
+  - ansible-role-chrony
+  - dumb-init
+  - openstack-tripleo-common-containers
+  - tripleo-ansible
diff --git a/container-images/tripleo_containers.yaml b/container-images/tripleo_containers.yaml
index e3980b9ec..7e20ace07 100644
--- a/container-images/tripleo_containers.yaml
+++ b/container-images/tripleo_containers.yaml
@@ -189,3 +189,5 @@ container_images:
   image_source: tripleo
 - imagename: quay.io/tripleomastercentos9/openstack-tripleoclient:current-tripleo
   image_source: tripleo
+- imagename: quay.io/tripleomastercentos9/tripleo-ansible-ee:current-tripleo
+  image_source: tripleo
diff --git a/container-images/tripleo_containers.yaml.j2 b/container-images/tripleo_containers.yaml.j2
index 3b1ad1328..9eb797394 100644
--- a/container-images/tripleo_containers.yaml.j2
+++ b/container-images/tripleo_containers.yaml.j2
@@ -735,3 +735,7 @@ container_images_template:
   services:
   - OS::TripleO::Services::TripleoClient
 
+- imagename: "{{namespace}}/tripleo-ansible-ee:{{tag}}"
+  image_source: tripleo
+  params:
+  - ContainerAEEImage