Simplify logic around udev rules

ParallelCluster uses udev to trigger a Python script upon EBS attachment. Specifically, when it detects an attach from a device (e.g. /dev/xvdb), ParallelCluster udev rule creates a symbolic link from `/dev/disk/by-ebs-volumeid` (e.g. `/dev/disk/by-ebs-volumeid/vol-123456`) to the device name (/dev/xvdb). Then, our cookbook checks the device under `/dev/disk/by-ebs-volumeid` is ready.

Prior to this commit, ParallelCluster udev script used boto3 calls to retrieve volume id from device name.

Seems starting from RHEL 9, the scripts triggered by udev no long have network access for security reasons. Therefore, this commit removes the boto3 calls and get the volume id from `/dev/disk/by-ebs-volumeid/parallelcluster_dev_id_mapping`, which is a file ParallelCluster cookbook writes to. Although the logic could be further simplified by not using the udev rule at all, this commit takes the first step of improvement without spending too much time to reach the absolute simplicity.

Moreover, prior to this commit, a service was created to trigger `udevadm trigger`. `udevadm trigger` is used to refresh udev system after udev rules changes. It is unnecessary to have a service trigger the command. Therefore, this commit deletes the service and triggers the command once after the rules changes.

Signed-off-by: Hanwen <[email protected]>

Author: hanwen-cluster

cookbooks/aws-parallelcluster-environment/files/default/ec2_udev_rules/ec2_dev_2_volid.py

@@ -1,31 +1,11 @@
 # FIXME: Fix Code Duplication
 # pylint: disable=R0801
 
-import configparser
+import json
 import os
 import re
 import sys
 import syslog
-import time
-
-import boto3
-import requests
-from botocore.config import Config
-
-METADATA_REQUEST_TIMEOUT = 60
-
-
-def get_imdsv2_token():
-    # Try with getting IMDSv2 token, fall back to IMDSv1 if can not get the token
-    token = requests.put(
-        "http://169.254.169.254/latest/api/token",
-        headers={"X-aws-ec2-metadata-token-ttl-seconds": "300"},
-        timeout=METADATA_REQUEST_TIMEOUT,
-    )
-    headers = {}
-    if token.status_code == requests.codes.ok:
-        headers["X-aws-ec2-metadata-token"] = token.content
-    return headers
 
 
 def validate_device_name(device_name):
@@ -66,47 +46,6 @@ def adapt_device_name(dev):
     return dev
 
 
-def parse_proxy_config():
-    config = configparser.RawConfigParser()
-    config.read("/etc/boto.cfg")
-    proxy_config = Config()
-    if config.has_option("Boto", "proxy") and config.has_option("Boto", "proxy_port"):
-        proxy = config.get("Boto", "proxy")
-        proxy_port = config.get("Boto", "proxy_port")
-        proxy_config = Config(proxies={"https": f"{proxy}:{proxy_port}"})
-    return proxy_config
-
-
-def get_device_volume_id(ec2, dev, instance_id):
-    # Poll for blockdevicemapping
-    devices = ec2.describe_instance_attribute(InstanceId=instance_id, Attribute="blockDeviceMapping").get(
-        "BlockDeviceMappings"
-    )
-    dev_map = dict((d.get("DeviceName"), d) for d in devices)
-    loop_count = 0
-    while dev not in dev_map:
-        if loop_count == 36:
-            syslog.syslog(f"Dev {dev} did not appears in 180 seconds.")
-            sys.exit(1)
-        syslog.syslog(f"Looking for dev {dev} in dev_map {dev_map}")
-        time.sleep(5)
-        devices = ec2.describe_instance_attribute(InstanceId=instance_id, Attribute="blockDeviceMapping").get(
-            "BlockDeviceMappings"
-        )
-        dev_map = dict((d.get("DeviceName"), d) for d in devices)
-        loop_count += 1
-
-    return dev_map.get(dev).get("Ebs").get("VolumeId")
-
-
-def get_metadata_value(token, metadata_path):
-    return requests.get(
-        metadata_path,
-        headers=token,
-        timeout=METADATA_REQUEST_TIMEOUT,
-    ).text
-
-
 def main():
     syslog.syslog("Starting ec2_dev_2_volid.py script")
     try:
@@ -115,29 +54,14 @@ def main():
         syslog.syslog(f"Input block device is {dev}")
     except IndexError:
         syslog.syslog(syslog.LOG_ERR, "Provide block device i.e. xvdf")
-
     dev = adapt_device_name(dev)
-
-    token = get_imdsv2_token()
-
-    instance_id = get_metadata_value(token, "http://169.254.169.254/latest/meta-data/instance-id")
-
-    region = get_metadata_value(token, "http://169.254.169.254/latest/meta-data/placement/availability-zone")
-    region = region[:-1]
-
-    proxy_config = parse_proxy_config()
-
-    # Configure the AWS CA bundle.
-    # In US isolated regions the dedicated CA bundle will be used.
-    # In any other region, the default bundle will be used (None stands for the default settings).
-    # Note: We want to apply a more general solution that applies to every region,
-    # but for the time being this is enough to support US isolated regions without
-    # impacting the other ones.
-    ca_bundle = f"/etc/pki/{region}/certs/ca-bundle.pem" if region.startswith("us-iso") else None
-
-    ec2 = boto3.client("ec2", region_name=region, config=proxy_config, verify=ca_bundle)
-
-    volume_id = get_device_volume_id(ec2, dev, instance_id)
+    mapping_file_path = "/dev/disk/by-ebs-volumeid/parallelcluster_dev_id_mapping"
+    if os.path.isfile(mapping_file_path):
+        with open(mapping_file_path, "r", encoding="utf-8") as mapping_file:
+            mapping = json.load(mapping_file)
+    else:
+        mapping = {}
+    volume_id = mapping.get(dev)
     print(volume_id)
 
 

cookbooks/aws-parallelcluster-environment/files/default/ec2_udev_rules/ec2blkdev-init

@@ -7,6 +7,7 @@
 
 import argparse
 import configparser
+import json
 import os
 import re
 import subprocess  # nosec B404
@@ -133,6 +134,17 @@ def attach_volume(volume_id, instance_id, ec2):
     dev = available_devices[0]
     response = ec2.attach_volume(VolumeId=volume_id, InstanceId=instance_id, Device=dev)
 
+    mapping_file_path = "/dev/disk/by-ebs-volumeid/parallelcluster_dev_id_mapping"
+    if os.path.isfile(mapping_file_path):
+        with open(mapping_file_path, "r", encoding="utf-8") as mapping_file:
+            mapping = json.load(mapping_file)
+    else:
+        mapping = {}
+    mapping[dev] = volume_id
+    os.makedirs(os.path.dirname(mapping_file_path), exist_ok=True)
+    with open(mapping_file_path, "w", encoding="utf-8") as mapping_file:
+        json.dump(mapping, mapping_file)
+
     # Poll for volume to attach
     state = response.get("State")
     delay = 5  # seconds

cookbooks/aws-parallelcluster-environment/files/default/ec2_udev_rules/manageVolume.py

@@ -18,12 +18,10 @@
 
 unified_mode true
 use 'partial/_common_udev_configuration'
-use 'partial/_debian_udev_configuration'
 
 default_action :setup
 
 action :setup do
   action_create_common_udev_files
-  action_set_udev_autoreload
   action_start_ec2blk
 end

cookbooks/aws-parallelcluster-environment/files/ubuntu/ec2_udev_rules/ec2blkdev-init

@@ -47,15 +47,6 @@
     mode '0744'
   end
 
-  cookbook_file 'ec2blkdev-init' do
-    source 'ec2_udev_rules/ec2blkdev-init'
-    cookbook 'aws-parallelcluster-environment'
-    path '/etc/init.d/ec2blkdev'
-    user 'root'
-    group 'root'
-    mode '0744'
-  end
-
   cookbook_file 'manageVolume.py' do
     source 'ec2_udev_rules/manageVolume.py'
     cookbook 'aws-parallelcluster-environment'
@@ -67,8 +58,7 @@
 end
 
 action :start_ec2blk do
-  service "ec2blkdev" do
-    supports restart: true
-    action %i(enable start)
+  execute "Refresh UdevAdmin" do
+    command "udevadm trigger --action=change --subsystem-match=block"
   end unless on_docker?
 end

cookbooks/aws-parallelcluster-environment/files/ubuntu/ec2_udev_rules/udev-override.conf

@@ -46,45 +46,13 @@ def self.setup(chef_run)
           .with(group: 'root')
           .with(mode: '0744')
 
-        is_expected.to create_cookbook_file('ec2blkdev-init')
-          .with(source: 'ec2_udev_rules/ec2blkdev-init')
-          .with(path: '/etc/init.d/ec2blkdev')
-          .with(user: 'root')
-          .with(group: 'root')
-          .with(mode: '0744')
-
         is_expected.to create_cookbook_file('manageVolume.py')
           .with(source: 'ec2_udev_rules/manageVolume.py')
           .with(path: '/usr/local/sbin/manageVolume.py')
           .with(user: 'root')
           .with(group: 'root')
           .with(mode: '0755')
       end
-
-      if platform == 'ubuntu'
-        it 'sets udev autoreload' do
-          is_expected.to nothing_execute('udev-daemon-reload')
-            .with(command: 'udevadm control --reload')
-
-          is_expected.to create_directory('/etc/systemd/system/systemd-udevd.service.d')
-
-          is_expected.to create_cookbook_file('udev-override.conf')
-            .with(source: 'ec2_udev_rules/udev-override.conf')
-            .with(path: '/etc/systemd/system/systemd-udevd.service.d/override.conf')
-            .with(user: 'root')
-            .with(group: 'root')
-            .with(mode: '0644')
-
-          expect(chef_run.cookbook_file('udev-override.conf')).to notify('execute[udev-daemon-reload]').to(:run).immediately
-        end
-      end
-
-      it 'enables and starts ec2blk service' do
-        is_expected.to enable_service('ec2blkdev')
-          .with(supports: { restart: true })
-        is_expected.to start_service('ec2blkdev')
-          .with(supports: { restart: true })
-      end
     end
   end
 end

cookbooks/aws-parallelcluster-environment/resources/ec2_udev_rules/ec2_udev_rules_ubuntu20+.rb

@@ -1,4 +1,4 @@
-KERNEL=="xvd*", ENV{DEVTYPE}=="disk", PROGRAM="<%= @cookbook_virtualenv_path %>/bin/python /sbin/ec2_dev_2_volid.py %k", SYMLINK+="disk/by-ebs-volumeid/%c"
-KERNEL=="xvd*", ENV{DEVTYPE}=="partition", PROGRAM="<%= @cookbook_virtualenv_path %>/bin/python /sbin/ec2_dev_2_volid.py %k", SYMLINK+="disk/by-ebs-volumeid/%c-p%n"
+KERNEL=="xvd*", KERNEL!="xvda*", ENV{DEVTYPE}=="disk", PROGRAM="<%= @cookbook_virtualenv_path %>/bin/python /sbin/ec2_dev_2_volid.py %k", SYMLINK+="disk/by-ebs-volumeid/%c"
+KERNEL=="xvd*", KERNEL!="xvda*",  ENV{DEVTYPE}=="partition", PROGRAM="<%= @cookbook_virtualenv_path %>/bin/python /sbin/ec2_dev_2_volid.py %k", SYMLINK+="disk/by-ebs-volumeid/%c-p%n"
 KERNEL=="nvme*", ENV{DEVTYPE}=="disk", PROGRAM="<%= @cookbook_virtualenv_path %>/bin/python /sbin/ec2_dev_2_volid.py %k", SYMLINK+="disk/by-ebs-volumeid/%c"
 KERNEL=="nvme*", ENV{DEVTYPE}=="partition", PROGRAM="<%= @cookbook_virtualenv_path %>/bin/python /sbin/ec2_dev_2_volid.py %k", SYMLINK+="disk/by-ebs-volumeid/%c-p%n"