Skip to content

Commit

Permalink
Move action of updating munge key to munge key manager and delete the…
Browse files Browse the repository at this point in the history
… update manager
  • Loading branch information
hehe7318 committed Sep 13, 2023
1 parent 87bbd54 commit c0be969
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 81 deletions.
2 changes: 1 addition & 1 deletion cookbooks/aws-parallelcluster-slurm/libraries/helpers.rb
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ def setup_munge_head_node
end

def update_munge_head_node
munge_key_update_manager 'update_munge_key' do
munge_key_manager 'update_munge_key' do
munge_key_secret_arn lazy { node['cluster']['config'].dig(:DevSettings, :SlurmSettings, :MungeKeySecretArn) }
action :update_munge_key
only_if { ::File.exist?(node['cluster']['previous_cluster_config_path']) && is_custom_munge_key_updated? }
Expand Down
2 changes: 1 addition & 1 deletion cookbooks/aws-parallelcluster-slurm/libraries/update.rb
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ def execute_command(command, user = "root", timeout = 300, raise_on_error = true
cmd.stdout.strip
end

# Verify if MungeKeySecretArn in SlurmSetting section of cluster configuration has been updated
# Verify if MungeKeySecretArn in SlurmSettings section of cluster configuration has been updated
def is_custom_munge_key_updated?
require 'yaml'
config = YAML.safe_load(File.read(node['cluster']['cluster_config_path']))
Expand Down
55 changes: 55 additions & 0 deletions cookbooks/aws-parallelcluster-slurm/resources/munge_key_manager.rb
Original file line number Diff line number Diff line change
Expand Up @@ -70,3 +70,58 @@
end
end
end

action :update_munge_key do
bash 'remove_current_munge_key' do
user 'root'
group 'root'
cwd '/tmp'
code <<-REMOVE_CURRENT_MUNGE_KEY
if [ -f "/etc/munge/munge.key" ]; then
rm -f /etc/munge/munge.key
fi
REMOVE_CURRENT_MUNGE_KEY
end

if new_resource.munge_key_secret_arn
bash 'fetch_and_decode_munge_key' do
user 'root'
group 'root'
cwd '/tmp'
code <<-FETCH_AND_DECODE
# Get encoded munge key from secrets manager
encoded_key=$(aws secretsmanager get-secret-value --secret-id #{new_resource.munge_key_secret_arn} --query 'SecretString' --output text --region #{node['cluster']['region']})
# If encoded_key doesn't have a value, error and exit
if [ -z "$encoded_key" ]; then
echo "Error fetching munge key from Secrets Manager or the key is empty"
exit 1
fi
# Decode munge key and write to /etc/munge/munge.key
decoded_key=$(echo $encoded_key | base64 -d)
if [ $? -ne 0 ]; then
echo "Error decoding the munge key with base64"
exit 1
fi
echo "$decoded_key" > /etc/munge/munge.key
# Set ownership on the key
chown #{node['cluster']['munge']['user']}:#{node['cluster']['munge']['group']} /etc/munge/munge.key
# Enforce correct permission on the key
chmod 0600 /etc/munge/munge.key
FETCH_AND_DECODE
end
else
bash 'generate_munge_key' do
user node['cluster']['munge']['user']
group node['cluster']['munge']['group']
cwd '/tmp'
code <<-GENERATE_KEY
set -e
/usr/sbin/mungekey --verbose
chmod 0600 /etc/munge/munge.key
GENERATE_KEY
end
end
end

This file was deleted.

0 comments on commit c0be969

Please sign in to comment.