openshift · openshift-merge-robot · Aug 17, 2022 · Aug 16, 2022
diff --git a/...sion/cucushift-installer-rehearse-gcp-ipi-disconnected-workers-rhel8-provision-chain.yaml b/...sion/cucushift-installer-rehearse-gcp-ipi-disconnected-workers-rhel8-provision-chain.yaml
@@ -3,6 +3,7 @@ chain:
   steps: 
   - chain: cucushift-installer-rehearse-gcp-ipi-disconnected-provision
   - ref: workers-rhel-gcp-provision
+  - ref: workers-rhel-pre-hook-gcp
   - ref: workers-rhel-pre-hook-sshtunnel
   - chain: workers-rhel
   env:

diff --git a/ci-operator/step-registry/workers-rhel/pre-hook/gcp/OWNERS b/ci-operator/step-registry/workers-rhel/pre-hook/gcp/OWNERS
@@ -0,0 +1,8 @@
+approvers:
+- jianlinliu
+- gpei
+- jianli-wei
+reviewers:
+- jianlinliu
+- gpei
+- jianli-wei
diff --git a/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-commands.sh b/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-commands.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -o nounset
+set -o errexit
+set -o pipefail
+set -x
+
+# Ensure our UID, which is randomly generated, is in /etc/passwd. This is required
+# to be able to SSH.
+if ! whoami &> /dev/null; then
+    if [[ -w /etc/passwd ]]; then
+        echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd
+    else
+        echo "/etc/passwd is not writeable, and user matching this uid is not found."
+        exit 1
+    fi
+fi
+
+cat > scaleup-pre-hook-gcp.yaml <<- 'EOF'
+- name: Configure RHEL machine on GCP
+  hosts: new_workers
+  any_errors_fatal: true
+  gather_facts: false
+
+  tasks:
+  - name: install checkpolicy
+    yum: name=checkpolicy state=present
+EOF
+
+ansible-inventory -i "${SHARED_DIR}/ansible-hosts" --list --yaml
+ansible-playbook -i "${SHARED_DIR}/ansible-hosts" scaleup-pre-hook-gcp.yaml -vvv
diff --git a/...rator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-ref.metadata.json b/...rator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-ref.metadata.json
@@ -0,0 +1,15 @@
+{
+	"path": "workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-ref.yaml",
+	"owners": {
+		"approvers": [
+			"jianlinliu",
+			"gpei",
+			"jianli-wei"
+		],
+		"reviewers": [
+			"jianlinliu",
+			"gpei",
+			"jianli-wei"
+		]
+	}
+}
diff --git a/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-ref.yaml b/ci-operator/step-registry/workers-rhel/pre-hook/gcp/workers-rhel-pre-hook-gcp-ref.yaml
@@ -0,0 +1,11 @@
+ref:
+  as: workers-rhel-pre-hook-gcp
+  from: ansible
+  commands: workers-rhel-pre-hook-gcp-commands.sh
+  resources:
+    requests:
+      cpu: 100m
+      memory: 200Mi
+  env:
+  documentation: |-
+    The post-installation step ensures 'checkpolicy' is installed on new GCP RHEL instances.
diff --git a/...step-registry/workers-rhel/pre-hook/sshtunnel/workers-rhel-pre-hook-sshtunnel-commands.sh b/...step-registry/workers-rhel/pre-hook/sshtunnel/workers-rhel-pre-hook-sshtunnel-commands.sh
@@ -47,9 +47,6 @@ cat > scaleup-pre-hook-ssh-tunnel.yaml <<-'EOF'
     bastion_ssh_private_key_file: "{{ lookup('env', 'BASTION_SSH_PRIV_KEY_PATH') }}"
 
   tasks:
-  - name: install checkpolicy
-    yum: name=checkpolicy state=present
-
   - name: Copy private SSH
     copy:
       src: "{{ bastion_ssh_private_key_file }}"