From 7976f8d15223ba578a3a55f31ea2eb77014178ea Mon Sep 17 00:00:00 2001 From: Himani Deshpande Date: Fri, 26 Apr 2024 12:17:16 -0400 Subject: [PATCH] [AL2023] Supporting system authentication for AD --- .../system_authentication_alinux2023.rb | 19 ++----------------- .../controls/system_authentication_spec.rb | 5 ++--- .../test/libraries/os_properties.rb | 1 + 3 files changed, 5 insertions(+), 20 deletions(-) diff --git a/cookbooks/aws-parallelcluster-environment/resources/system_authentication/system_authentication_alinux2023.rb b/cookbooks/aws-parallelcluster-environment/resources/system_authentication/system_authentication_alinux2023.rb index 1ce4bb9172..374997382f 100644 --- a/cookbooks/aws-parallelcluster-environment/resources/system_authentication/system_authentication_alinux2023.rb +++ b/cookbooks/aws-parallelcluster-environment/resources/system_authentication/system_authentication_alinux2023.rb @@ -17,25 +17,10 @@ end use 'partial/_system_authentication_common' - -action :configure do - # oddjobd service is required for creating homedir - service "oddjobd" do - action %i(start enable) - end unless on_docker? - - execute 'Configure Directory Service' do - user 'root' - # Tell NSS, PAM to use SSSD for system authentication and identity information - # authconfig is a compatibility tool, replaced by authselect - command "authselect select sssd with-mkhomedir" - sensitive true - default_env true - end -end +use 'partial/_system_authentication_alinux_centos' action_class do def required_packages - %w(sssd sssd-tools sssd-ldap authselect oddjob-mkhomedir) + %w(sssd sssd-tools sssd-ldap authconfig) end end diff --git a/cookbooks/aws-parallelcluster-environment/test/controls/system_authentication_spec.rb b/cookbooks/aws-parallelcluster-environment/test/controls/system_authentication_spec.rb index bc2e077b03..98033e9dd4 100644 --- a/cookbooks/aws-parallelcluster-environment/test/controls/system_authentication_spec.rb +++ b/cookbooks/aws-parallelcluster-environment/test/controls/system_authentication_spec.rb @@ -35,7 +35,7 @@ services = %w(sssd) - if os_properties.redhat8? + if os_properties.redhat? services.append("oddjobd") end @@ -55,8 +55,7 @@ only_if { node['cluster']['node_type'] != 'ComputeFleet' || node['cluster']['directory_service']['disabled_on_compute_nodes'] != 'true' } describe 'Check NSS and PAM to use SSSD for system authentication and identity information' - if os_properties.redhat8? - + if os_properties.redhat? describe bash("authselect current") do its('exit_status') { should eq 0 } its('stdout') { should match /Profile ID: sssd/ } diff --git a/cookbooks/aws-parallelcluster-shared/test/libraries/os_properties.rb b/cookbooks/aws-parallelcluster-shared/test/libraries/os_properties.rb index 8efe50e52b..01daec430c 100644 --- a/cookbooks/aws-parallelcluster-shared/test/libraries/os_properties.rb +++ b/cookbooks/aws-parallelcluster-shared/test/libraries/os_properties.rb @@ -17,6 +17,7 @@ def redhat_on_docker? end def redhat? + # RedHat also includes Amazon inspec.os.name == 'redhat' end