Move the cluster user out of /home when the default_user_home option …

…is set to local Refactored the cookbook to use an attribute for the default user's home directory so that it can be changed when using the new config option. Also simplified the users attribute file since the exta OS specific files were not adding any value and duplicating code.
dreambeyondorange · Jan 22, 2024 · 4f62f90 · 4f62f90
1 parent 06edb61
commit 4f62f90
Show file tree

Hide file tree

Showing 10 changed files with 72 additions and 23 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@ This file is used to list changes made in each version of the AWS ParallelCluste
 ------
 
 **ENHANCEMENTS**
+- Add the config option `DefaultUserHome` under `HeadNode` to allow users to move the default user's home directory to `/local/home` instead of `/home` (default)
 - Add support for installing Intel OneAPI Base Toolkit and HPC Toolkit, and Intel Python.
   - Intel OneAPI Base Toolkits: 2023.2.0
   - Intel OneAPI HPC Toolkits: 2023.2.0

diff --git a/cookbooks/aws-parallelcluster-environment/recipes/init.rb b/cookbooks/aws-parallelcluster-environment/recipes/init.rb
@@ -17,6 +17,9 @@
   action :configure
 end
 
+# move the default user out of home if the config param is set
+include_recipe "aws-parallelcluster-environment::move_default_user" if node['cluster']['default_user_home'] == 'local'
+
 case node['cluster']['shared_storage_type']
 when 'efs'
   include_recipe "aws-parallelcluster-environment::mount_internal_use_efs"

diff --git a/cookbooks/aws-parallelcluster-environment/recipes/init/move_default_user.rb b/cookbooks/aws-parallelcluster-environment/recipes/init/move_default_user.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+#
+# Copyright:: 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the
+# License. A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Backup the cluster user's default home directory
+bash "Backup #{node['cluster']['cluster_user_home']}" do
+  user 'root'
+  group 'root'
+  code <<-EOH
+    mkdir -p /tmp#{node['cluster']['cluster_user_home']}
+    rsync -a #{node['cluster']['cluster_user_home']} /tmp#{node['cluster']['cluster_user_home']}
+  EOH
+end
+
+# Move the cluster user's default home directory
+bash "Move #{node['cluster']['cluster_user_home']}" do
+  user 'root'
+  group 'root'
+  code <<-EOH
+    mkdir -p #{node['cluster']['cluster_user_local_home']}
+    rsync -a /tmp#{node['cluster']['cluster_user_home']}/ #{node['cluster']['cluster_user_local_home']}
+    usermod -d #{node['cluster']['cluster_user_local_home']} #{node['cluster']['cluster_user']}
+    rm -rf /tmp#{node['cluster']['cluster_user_home']}
+  EOH
+end
+
+Chef::Log.info("user home before #{node['cluster']['cluster_user_home']}")
+node.normal['cluster']['cluster_user_home'] = node['cluster']['cluster_user_local_home']
+Chef::Log.info("user home after #{node['cluster']['cluster_user_home']}")
+
diff --git a/cookbooks/aws-parallelcluster-platform/recipes/config/cluster_user.rb b/cookbooks/aws-parallelcluster-platform/recipes/config/cluster_user.rb
@@ -12,42 +12,46 @@
 # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
 # limitations under the License.
 
+Chef::Log.info("config - user home before #{node['cluster']['cluster_user_home']}")
+node.normal['cluster']['cluster_user_home'] = node['cluster']['cluster_user_local_home'] if node['cluster']['default_user_home'] == 'local'
+Chef::Log.info("config - user home after #{node['cluster']['cluster_user_home']}")
+
 case node['cluster']['node_type']
 when 'HeadNode'
   # Setup cluster user
   user node['cluster']['cluster_user'] do
     manage_home true
     comment 'AWS ParallelCluster user'
-    home "/home/#{node['cluster']['cluster_user']}"
+    home "#{node['cluster']['cluster_user_home']}"
     shell '/bin/bash'
   end
 
   # Setup SSH auth for cluster user
   bash "ssh-keygen" do
-    cwd "/home/#{node['cluster']['cluster_user']}"
+    cwd "#{node['cluster']['cluster_user_home']}"
     code <<-KEYGEN
       set -e
       su - #{node['cluster']['cluster_user']} -c \"ssh-keygen -q -t ed25519 -f ~/.ssh/id_ed25519 -N ''\"
     KEYGEN
-    not_if { ::File.exist?("/home/#{node['cluster']['cluster_user']}/.ssh/id_ed25519") }
+    not_if { ::File.exist?("#{node['cluster']['cluster_user_home']}/.ssh/id_ed25519") }
   end
 
   bash "copy_and_perms" do
-    cwd "/home/#{node['cluster']['cluster_user']}"
+    cwd "#{node['cluster']['cluster_user_home']}"
     code <<-PERMS
       set -e
       su - #{node['cluster']['cluster_user']} -c \"cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys && chmod 0600 ~/.ssh/authorized_keys && touch ~/.ssh/authorized_keys_cluster\"
     PERMS
-    not_if { ::File.exist?("/home/#{node['cluster']['cluster_user']}/.ssh/authorized_keys_cluster") }
+    not_if { ::File.exist?("#{node['cluster']['cluster_user_home']}/.ssh/authorized_keys_cluster") }
   end
 
   bash "ssh-keyscan" do
-    cwd "/home/#{node['cluster']['cluster_user']}"
+    cwd "#{node['cluster']['cluster_user_home']}"
     code <<-KEYSCAN
       set -e
       su - #{node['cluster']['cluster_user']} -c \"ssh-keyscan #{node['hostname']} > ~/.ssh/known_hosts && chmod 0600 ~/.ssh/known_hosts\"
     KEYSCAN
-    not_if { ::File.exist?("/home/#{node['cluster']['cluster_user']}/.ssh/known_hosts") }
+    not_if { ::File.exist?("#{node['cluster']['cluster_user_home']}/.ssh/known_hosts") }
   end
 
 when 'ComputeFleet', 'LoginNode'
@@ -56,7 +60,7 @@
   user node['cluster']['cluster_user'] do
     manage_home false
     comment 'AWS ParallelCluster user'
-    home "/home/#{node['cluster']['cluster_user']}"
+    home "#{node['cluster']['cluster_user_home']}"
     shell '/bin/bash'
   end
 else

diff --git a/cookbooks/aws-parallelcluster-shared/attributes/users.rb b/cookbooks/aws-parallelcluster-shared/attributes/users.rb
@@ -18,3 +18,19 @@
 default['cluster']['munge']['user_id'] = node['cluster']['reserved_base_uid'] + 2
 default['cluster']['munge']['group'] = node['cluster']['munge']['user']
 default['cluster']['munge']['group_id'] = node['cluster']['munge']['user_id']
+
+if (platform?('amazon') && node['platform_version'].to_i == 2) ||
+  (platform?('redhat') && node['platform_version'].to_i == 8)
+  default['cluster']['cluster_user'] = 'ec2-user'
+elsif platform?('centos') && node['platform_version'].to_i == 7
+  default['cluster']['cluster_user'] = 'centos'
+elsif platform?('rocky') && node['platform_version'].to_i == 8
+  default['cluster']['cluster_user'] = 'rocky'
+elsif platform?('ubuntu')
+  default['cluster']['cluster_user'] = 'ubuntu'
+else
+  raise "The OS must be one of the following: Amazon Linux 2, Ubuntu, CentOS 7, RHEL 8, or Rocky 8"
+end
+
+default['cluster']['cluster_user_home'] = "/home/#{node['cluster']['cluster_user']}"
+default['cluster']['cluster_user_local_home'] = "/local/home/#{node['cluster']['cluster_user']}"
diff --git a/cookbooks/aws-parallelcluster-shared/attributes/users_amazon2.rb b/cookbooks/aws-parallelcluster-shared/attributes/users_amazon2.rb
diff --git a/cookbooks/aws-parallelcluster-shared/attributes/users_centos7.rb b/cookbooks/aws-parallelcluster-shared/attributes/users_centos7.rb
diff --git a/cookbooks/aws-parallelcluster-shared/attributes/users_redhat8.rb b/cookbooks/aws-parallelcluster-shared/attributes/users_redhat8.rb
diff --git a/cookbooks/aws-parallelcluster-shared/attributes/users_rocky8.rb b/cookbooks/aws-parallelcluster-shared/attributes/users_rocky8.rb
diff --git a/cookbooks/aws-parallelcluster-shared/attributes/users_ubuntu.rb b/cookbooks/aws-parallelcluster-shared/attributes/users_ubuntu.rb