Skip to content

Commit 2975a43

Browse files
lukeseawalkerlukeseawalker
committed
Share munge key from dir owned by root, under the default user home folder
Share munge key from dir owned by root from head node, than setup it in compute node This because `munge` user can be different between head and compute node (e.g. during baking at runtime), hence the shared home munge dir can have different permission. Signed-off-by: Luca Carrogu <carrogu@amazon.com> (cherry picked from commit dd55258) Signed-off-by: Luca Carrogu <carrogu@amazon.com>
1 parent 46c841d commit 2975a43

File tree

2 files changed

+26
-11
lines changed

2 files changed

+26
-11
lines changed

libraries/helpers.rb

Lines changed: 24 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -446,30 +446,46 @@ def setup_munge_head_node
446446
user 'munge'
447447
group 'munge'
448448
cwd '/tmp'
449-
code <<-HEAD_MUNGE_KEY
449+
code <<-HEAD_CREATE_MUNGE_KEY
450450
set -e
451451
# Generates munge key in /etc/munge/munge.key
452452
/usr/sbin/mungekey --verbose
453453
# Enforce correct permission on the key
454454
chmod 0600 /etc/munge/munge.key
455-
# Copy key to shared dir
456-
cp -p /etc/munge/munge.key /home/munge/.munge.key
457-
HEAD_MUNGE_KEY
455+
HEAD_CREATE_MUNGE_KEY
458456
end
459457

460458
enable_munge_service()
459+
share_munge_head_node()
460+
end
461+
462+
def share_munge_head_node
463+
# Share munge key
464+
bash 'share_munge_key' do
465+
user 'root'
466+
group 'root'
467+
code <<-HEAD_SHARE_MUNGE_KEY
468+
set -e
469+
mkdir /home/#{node['cfncluster']['cfn_cluster_user']}/.munge
470+
# Copy key to shared dir
471+
cp /etc/munge/munge.key /home/#{node['cfncluster']['cfn_cluster_user']}/.munge/.munge.key
472+
HEAD_SHARE_MUNGE_KEY
473+
end
461474
end
462475

463476
def setup_munge_compute_node
464477
# Get munge key
465478
bash 'get_munge_key' do
466-
user 'munge'
467-
group 'munge'
468-
cwd '/tmp'
479+
user 'root'
480+
group 'root'
469481
code <<-COMPUTE_MUNGE_KEY
470482
set -e
471483
# Copy munge key from shared dir
472-
cp -p /home/munge/.munge.key /etc/munge/munge.key
484+
cp /home/#{node['cfncluster']['cfn_cluster_user']}/.munge/.munge.key /etc/munge/munge.key
485+
# Set ownership on the key
486+
chown munge:munge /etc/munge/munge.key
487+
# Enforce correct permission on the key
488+
chmod 0600 /etc/munge/munge.key
473489
COMPUTE_MUNGE_KEY
474490
end
475491

recipes/munge_install.rb

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -67,11 +67,10 @@
6767

6868
# Make sure the munge user exists
6969
user 'munge' do
70-
manage_home true
70+
manage_home false
7171
comment 'munge user'
72-
home "/home/munge"
7372
system true
74-
shell '/usr/sbin/nologin'
73+
shell '/sbin/nologin'
7574
end
7675

7776
# Create required directories for munge

0 commit comments

Comments
 (0)