From 2dd50de1938c6c97f0e27c3ed21e14332a17e7e2 Mon Sep 17 00:00:00 2001 From: Helena Greebe Date: Wed, 24 Jul 2024 10:58:52 -0400 Subject: [PATCH] patch iso --- .../files/isolated/iso-ca-bundle-config.sh | 15 ++++++++++++ .../recipes/install/awscli.rb | 24 +++++++++---------- .../install_packages_redhat8.rb | 2 +- 3 files changed, 28 insertions(+), 13 deletions(-) create mode 100644 cookbooks/aws-parallelcluster-platform/files/isolated/iso-ca-bundle-config.sh diff --git a/cookbooks/aws-parallelcluster-platform/files/isolated/iso-ca-bundle-config.sh b/cookbooks/aws-parallelcluster-platform/files/isolated/iso-ca-bundle-config.sh new file mode 100644 index 000000000..5476a5127 --- /dev/null +++ b/cookbooks/aws-parallelcluster-platform/files/isolated/iso-ca-bundle-config.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -ex + +function get_instance_region { + local _token=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 3600") + curl -H "X-aws-ec2-metadata-token: $_token" -v "http://169.254.169.254/latest/meta-data/placement/region" 2> /dev/null +} + +REGION="$(get_instance_region)" + +echo -e "export AWS_CA_BUNDLE=/etc/pki/${REGION}/certs/ca-bundle.pem" >> /etc/profile.d/aws-cli-default-config.sh + +echo "export AWS_DEFAULT_REGION=${REGION}" >> /etc/profile.d/aws-cli-default-config.sh + +echo "Defaults env_keep += \"AWS_DEFAULT_REGION AWS_CA_BUNDLE\"" > /etc/sudoers.d/pcluster-aws-cli-envkeep diff --git a/cookbooks/aws-parallelcluster-platform/recipes/install/awscli.rb b/cookbooks/aws-parallelcluster-platform/recipes/install/awscli.rb index 95d05a947..bc6262d92 100644 --- a/cookbooks/aws-parallelcluster-platform/recipes/install/awscli.rb +++ b/cookbooks/aws-parallelcluster-platform/recipes/install/awscli.rb @@ -46,15 +46,15 @@ code "#{file_cache_path}/awscli/aws/install -i /usr/local/aws -b /usr/local/bin" end -# cookbook_file "#{node['cluster']['scripts_dir']}/iso-ca-bundle-config.sh" do -# source 'isolated/iso-ca-bundle-config.sh' -# cookbook 'aws-parallelcluster-platform' -# owner 'root' -# group 'root' -# mode '0755' -# action :create_if_missing -# end -# -# execute "patch ca bundle" do -# command "sh #{node['cluster']['scripts_dir']}/iso-ca-bundle-config.sh" -# end +cookbook_file "#{node['cluster']['scripts_dir']}/iso-ca-bundle-config.sh" do + source 'isolated/iso-ca-bundle-config.sh' + cookbook 'aws-parallelcluster-platform' + owner 'root' + group 'root' + mode '0755' + action :create_if_missing +end + +execute "patch ca bundle" do + command "sh #{node['cluster']['scripts_dir']}/iso-ca-bundle-config.sh" +end diff --git a/cookbooks/aws-parallelcluster-platform/resources/install_packages/install_packages_redhat8.rb b/cookbooks/aws-parallelcluster-platform/resources/install_packages/install_packages_redhat8.rb index 3bad9b152..b22860dba 100644 --- a/cookbooks/aws-parallelcluster-platform/resources/install_packages/install_packages_redhat8.rb +++ b/cookbooks/aws-parallelcluster-platform/resources/install_packages/install_packages_redhat8.rb @@ -43,7 +43,7 @@ def default_packages action :install_extras do remote_file "epel_deps.tar.gz" do - source "https://dut1b9icvluta.cloudfront.net/archives/dependencies/epel/rhel8/x86_64/epel_deps.tar.gz" + source "#{node['cluster']['artifacts_s3_url']}/dependencies/epel/rhel8/x86_64/epel_deps.tar.gz" mode '0644' retries 3 retry_delay 5