[develop] Share the munge key from the Parallel Cluster shared folder

cookbooks/aws-parallelcluster-slurm/libraries/helpers.rb

@@ -97,38 +97,51 @@ def update_munge_head_node
   share_munge_head_node
 end
 
-def share_munge_head_node
-  # Share munge key
+def share_munge_key_to_dir(shared_dir)
   bash 'share_munge_key' do
     user 'root'
     group 'root'
-    code <<-HEAD_SHARE_MUNGE_KEY
+    code <<-SHARE_MUNGE_KEY
       set -e
-      mkdir -p /home/#{node['cluster']['cluster_user']}/.munge
+      mkdir -p #{shared_dir}/.munge
       # Copy key to shared dir
-      cp /etc/munge/munge.key /home/#{node['cluster']['cluster_user']}/.munge/.munge.key
-    HEAD_SHARE_MUNGE_KEY
+      cp /etc/munge/munge.key #{shared_dir}/.munge/.munge.key
+      chmod 0600 #{shared_dir}/.munge
+      chmod 0600 #{shared_dir}/.munge/.munge.key
+    SHARE_MUNGE_KEY
   end
 end
 
-def setup_munge_compute_node
-  # Get munge key
+def share_munge_head_node
+  share_munge_key_to_dir(node['cluster']['shared_dir'])
+  share_munge_key_to_dir(node['cluster']['shared_dir_login'])
+end
+
+def setup_munge_key(shared_dir)
   bash 'get_munge_key' do
     user 'root'
     group 'root'
-    code <<-COMPUTE_MUNGE_KEY
+    code <<-MUNGE_KEY
       set -e
       # Copy munge key from shared dir
-      cp /home/#{node['cluster']['cluster_user']}/.munge/.munge.key /etc/munge/munge.key
+      cp #{shared_dir}/.munge/.munge.key /etc/munge/munge.key
       # Set ownership on the key
       chown #{node['cluster']['munge']['user']}:#{node['cluster']['munge']['group']} /etc/munge/munge.key
       # Enforce correct permission on the key
       chmod 0600 /etc/munge/munge.key
-    COMPUTE_MUNGE_KEY
+    MUNGE_KEY
     retries 5
     retry_delay 10
   end
+end
+
+def setup_munge_compute_node
+  setup_munge_key(node['cluster']['shared_dir'])
+  enable_munge_service
+end
 
+def setup_munge_login_node
+  setup_munge_key(node['cluster']['shared_dir_login'])
   enable_munge_service
 end
 

cookbooks/aws-parallelcluster-slurm/recipes/config/config_head_node.rb

@@ -292,6 +292,7 @@
     region: node['cluster']['region'],
     munge_user: node['cluster']['munge']['user'],
     munge_group: node['cluster']['munge']['group'],
-    cluster_user: node['cluster']['cluster_user']
+    shared_directory: node['cluster']['shared_dir'],
+    shared_directory_login: node['cluster']['shared_dir_login']
   )
 end

cookbooks/aws-parallelcluster-slurm/recipes/config/config_login.rb

@@ -16,6 +16,6 @@
 # limitations under the License.
 
 # TODO: rename, find a better name that include login nodes
-setup_munge_compute_node
+setup_munge_login_node
 
 include_recipe 'aws-parallelcluster-slurm::mount_slurm_dir'

cookbooks/aws-parallelcluster-slurm/recipes/test/mock_munge_key.rb

@@ -1,4 +1,4 @@
-munge_user_dir = "/home/#{node['cluster']['cluster_user']}/.munge"
+munge_user_dir = "#{node['cluster']['shared_dir']}/.munge"
 directory munge_user_dir do
   mode '1777'
 end

cookbooks/aws-parallelcluster-slurm/recipes/update/update_head_node.rb

@@ -212,7 +212,8 @@ def update_nodes_in_queue(strategy, queues)
     region: node['cluster']['region'],
     munge_user: node['cluster']['munge']['user'],
     munge_group: node['cluster']['munge']['group'],
-    cluster_user: node['cluster']['cluster_user']
+    shared_directory: node['cluster']['shared_dir'],
+    shared_directory_login: node['cluster']['shared_dir_login']
   )
   only_if { ::File.exist?(node['cluster']['previous_cluster_config_path']) && is_custom_munge_key_updated? }
 end

cookbooks/aws-parallelcluster-slurm/templates/default/slurm/head_node/update_munge_key.sh.erb

@@ -13,7 +13,8 @@ SECRET_ARN="<%= @munge_key_secret_arn %>"
 REGION="<%= @region %>"
 MUNGE_USER="<%= @munge_user %>"
 MUNGE_GROUP="<%= @munge_group %>"
-CLUSTER_USER="<%= @cluster_user %>"
+SHARED_DIRECTORY="<%= @shared_directory %>"
+SHARED_DIRECTORY_LOGIN="<%= @shared_directory_login %>"
 
 # If SECRET_ARN is provided, fetch the munge key from Secrets Manager
 if [ -n "${SECRET_ARN}" ]; then
@@ -69,8 +70,15 @@ fi
 
 # Share munge key
 echo "Sharing munge key"
-mkdir -p /home/${CLUSTER_USER}/.munge
-cp /etc/munge/munge.key /home/${CLUSTER_USER}/.munge/.munge.key
+mkdir -p ${SHARED_DIRECTORY}/.munge
+cp /etc/munge/munge.key ${SHARED_DIRECTORY}/.munge/.munge.key
+chmod 0600 ${SHARED_DIRECTORY}/.munge
+chmod 0600 ${SHARED_DIRECTORY}/.munge/.munge.key
+
+mkdir -p ${SHARED_DIRECTORY_LOGIN}/.munge
+cp /etc/munge/munge.key ${SHARED_DIRECTORY_LOGIN}/.munge/.munge.key
+chmod 0600 ${SHARED_DIRECTORY_LOGIN}/.munge
+chmod 0600 ${SHARED_DIRECTORY_LOGIN}/.munge/.munge.key
 echo "Shared munge key"
 
 exit 0