[develop] Share the munge key from the Parallel Cluster shared folder

cookbooks/aws-parallelcluster-slurm/libraries/helpers.rb

@@ -104,9 +104,11 @@ def share_munge_head_node
     group 'root'
     code <<-HEAD_SHARE_MUNGE_KEY
       set -e
-      mkdir -p /home/#{node['cluster']['cluster_user']}/.munge
+      mkdir -p #{node['cluster']['shared_dir']}/.munge
       # Copy key to shared dir
-      cp /etc/munge/munge.key /home/#{node['cluster']['cluster_user']}/.munge/.munge.key
+      cp /etc/munge/munge.key #{node['cluster']['shared_dir']}/.munge/.munge.key
+      chmod 0600 #{node['cluster']['shared_dir']}/.munge
+      chmod 0600 #{node['cluster']['shared_dir']}/.munge/.munge.key
     HEAD_SHARE_MUNGE_KEY
   end
 end
@@ -119,7 +121,7 @@ def setup_munge_compute_node
     code <<-COMPUTE_MUNGE_KEY
       set -e
       # Copy munge key from shared dir
-      cp /home/#{node['cluster']['cluster_user']}/.munge/.munge.key /etc/munge/munge.key
+      cp #{node['cluster']['shared_dir']}/.munge/.munge.key /etc/munge/munge.key
       # Set ownership on the key
       chown #{node['cluster']['munge']['user']}:#{node['cluster']['munge']['group']} /etc/munge/munge.key
       # Enforce correct permission on the key

cookbooks/aws-parallelcluster-slurm/recipes/config/config_head_node.rb

@@ -292,6 +292,6 @@
     region: node['cluster']['region'],
     munge_user: node['cluster']['munge']['user'],
     munge_group: node['cluster']['munge']['group'],
-    cluster_user: node['cluster']['cluster_user']
+    shared_directory: node['cluster']['shared_dir']
   )
 end

cookbooks/aws-parallelcluster-slurm/recipes/test/mock_munge_key.rb

@@ -1,4 +1,4 @@
-munge_user_dir = "/home/#{node['cluster']['cluster_user']}/.munge"
+munge_user_dir = "#{node['cluster']['shared_dir']}/.munge"
 directory munge_user_dir do
   mode '1777'
 end

cookbooks/aws-parallelcluster-slurm/recipes/update/update_head_node.rb

@@ -212,7 +212,7 @@ def update_nodes_in_queue(strategy, queues)
     region: node['cluster']['region'],
     munge_user: node['cluster']['munge']['user'],
     munge_group: node['cluster']['munge']['group'],
-    cluster_user: node['cluster']['cluster_user']
+    shared_directory: node['cluster']['shared_dir']
   )
   only_if { ::File.exist?(node['cluster']['previous_cluster_config_path']) && is_custom_munge_key_updated? }
 end

cookbooks/aws-parallelcluster-slurm/templates/default/slurm/head_node/update_munge_key.sh.erb

@@ -13,7 +13,7 @@ SECRET_ARN="<%= @munge_key_secret_arn %>"
 REGION="<%= @region %>"
 MUNGE_USER="<%= @munge_user %>"
 MUNGE_GROUP="<%= @munge_group %>"
-CLUSTER_USER="<%= @cluster_user %>"
+SHARED_DIRECTORY="<%= @shared_directory %>"
 
 # If SECRET_ARN is provided, fetch the munge key from Secrets Manager
 if [ -n "${SECRET_ARN}" ]; then
@@ -62,8 +62,10 @@ fi
 
 # Share munge key
 echo "Sharing munge key"
-mkdir -p /home/${CLUSTER_USER}/.munge
-cp /etc/munge/munge.key /home/${CLUSTER_USER}/.munge/.munge.key
+mkdir -p ${SHARED_DIRECTORY}/.munge
+cp /etc/munge/munge.key ${SHARED_DIRECTORY}/.munge/.munge.key
+chmod 0600 ${SHARED_DIRECTORY}/.munge
+chmod 0600 ${SHARED_DIRECTORY}/.munge/.munge.key
 echo "Shared munge key"
 
 exit 0