diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/disconnected/workers-rhel8/provision/cucushift-installer-rehearse-gcp-ipi-disconnected-workers-rhel8-provision-chain.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/disconnected/workers-rhel8/provision/cucushift-installer-rehearse-gcp-ipi-disconnected-workers-rhel8-provision-chain.yaml index 28c5777e4321f..ca4b489d1e6a8 100644 --- a/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/disconnected/workers-rhel8/provision/cucushift-installer-rehearse-gcp-ipi-disconnected-workers-rhel8-provision-chain.yaml +++ b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/disconnected/workers-rhel8/provision/cucushift-installer-rehearse-gcp-ipi-disconnected-workers-rhel8-provision-chain.yaml @@ -3,6 +3,7 @@ chain: steps: - chain: cucushift-installer-rehearse-gcp-ipi-disconnected-provision - ref: workers-rhel-gcp-provision + - ref: workers-rhel-pre-hook-gcp - ref: workers-rhel-pre-hook-sshtunnel - chain: workers-rhel env: diff --git a/ci-operator/step-registry/workers-rhel/pre-hook/gcp/OWNERS b/ci-operator/step-registry/workers-rhel/pre-hook/gcp/OWNERS new file mode 100644 index 0000000000000..8c6e11a76df27 --- /dev/null +++ b/ci-operator/step-registry/workers-rhel/pre-hook/gcp/OWNERS @@ -0,0 +1,8 @@ +approvers: +- jianlinliu +- gpei +- jianli-wei +reviewers: +- jianlinliu +- gpei +- jianli-wei diff --git a/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-commands.sh b/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-commands.sh new file mode 100644 index 0000000000000..af66302afd11f --- /dev/null +++ b/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-commands.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +set -o nounset +set -o errexit +set -o pipefail +set -x + +# Ensure our UID, which is randomly generated, is in /etc/passwd. This is required +# to be able to SSH. +if ! whoami &> /dev/null; then + if [[ -w /etc/passwd ]]; then + echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd + else + echo "/etc/passwd is not writeable, and user matching this uid is not found." + exit 1 + fi +fi + +cat > scaleup-pre-hook-gcp.yaml <<- 'EOF' +- name: Configure RHEL machine on GCP + hosts: new_workers + any_errors_fatal: true + gather_facts: false + + tasks: + - name: install checkpolicy + yum: name=checkpolicy state=present +EOF + +ansible-inventory -i "${SHARED_DIR}/ansible-hosts" --list --yaml +ansible-playbook -i "${SHARED_DIR}/ansible-hosts" scaleup-pre-hook-gcp.yaml -vvv diff --git a/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-ref.metadata.json b/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-ref.metadata.json new file mode 100644 index 0000000000000..a36cdd3d7e8bd --- /dev/null +++ b/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-ref.metadata.json @@ -0,0 +1,15 @@ +{ + "path": "workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-ref.yaml", + "owners": { + "approvers": [ + "jianlinliu", + "gpei", + "jianli-wei" + ], + "reviewers": [ + "jianlinliu", + "gpei", + "jianli-wei" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-ref.yaml b/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-ref.yaml new file mode 100644 index 0000000000000..6fdef9c6f598c --- /dev/null +++ b/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-ref.yaml @@ -0,0 +1,11 @@ +ref: + as: workers-rhel-pre-hook-gcp + from: ansible + commands: workers-rhel-pre-hook-gcp-commands.sh + resources: + requests: + cpu: 100m + memory: 200Mi + env: + documentation: |- + The post-installation step ensures 'checkpolicy' is installed on new GCP RHEL instances. diff --git a/ci-operator/step-registry/workers-rhel/pre-hook/sshtunnel/workers-rhel-pre-hook-sshtunnel-commands.sh b/ci-operator/step-registry/workers-rhel/pre-hook/sshtunnel/workers-rhel-pre-hook-sshtunnel-commands.sh index 9dff98eeca0d4..137297bc3c01b 100644 --- a/ci-operator/step-registry/workers-rhel/pre-hook/sshtunnel/workers-rhel-pre-hook-sshtunnel-commands.sh +++ b/ci-operator/step-registry/workers-rhel/pre-hook/sshtunnel/workers-rhel-pre-hook-sshtunnel-commands.sh @@ -47,9 +47,6 @@ cat > scaleup-pre-hook-ssh-tunnel.yaml <<-'EOF' bastion_ssh_private_key_file: "{{ lookup('env', 'BASTION_SSH_PRIV_KEY_PATH') }}" tasks: - - name: install checkpolicy - yum: name=checkpolicy state=present - - name: Copy private SSH copy: src: "{{ bastion_ssh_private_key_file }}"