[CfnHup] Define cfn-hup configuration files within the environment config recipe.

These files used to be defined within the nodes user data,
but we decided to move them to the cookbook in order to
resize the CloudFormation template.

Signed-off-by: Giacomo Marciani <[email protected]>

Author: gmarciani

cookbooks/aws-parallelcluster-environment/recipes/config.rb

@@ -38,3 +38,4 @@
 # spack 'Configure Spack Packages' do
 #   action :configure
 # end
+include_recipe 'aws-parallelcluster-environment::config_cfn_hup'

cookbooks/aws-parallelcluster-environment/recipes/config/config_cfn_hup.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+#
+# Copyright:: 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the
+# License. A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+
+cloudformation_url = "https://cloudformation.#{node['cluster']['region']}.#{node['cluster']['aws_domain']}"
+instance_role_name = lambda {
+  # IMDS is not available on Docker
+  return "FAKE_INSTANCE_ROLE_NAME" if on_docker?
+  get_metadata_with_token(get_metadata_token, URI("http://169.254.169.254/latest/meta-data/iam/security-credentials"))
+}.call
+
+directory '/etc/cfn' do
+  owner 'root'
+  group 'root'
+  mode '0770'
+  recursive true
+end
+
+directory '/etc/cfn/hooks.d' do
+  owner 'root'
+  group 'root'
+  mode '0770'
+  recursive true
+end
+
+template '/etc/cfn/cfn-hup.conf' do
+  source 'cfn_bootstrap/cfn-hup.conf.erb'
+  owner 'root'
+  group 'root'
+  mode '0400'
+  variables(
+    stack_id: node['cluster']['stack_arn'],
+    region: node['cluster']['region'],
+    cloudformation_url: cloudformation_url,
+    cfn_init_role: instance_role_name
+  )
+end
+
+template '/etc/cfn/hooks.d/pcluster-update.conf' do
+  source 'cfn_bootstrap/cfn-hook-update.conf.erb'
+  owner 'root'
+  group 'root'
+  mode '0400'
+  variables(
+    stack_id: node['cluster']['stack_arn'],
+    region: node['cluster']['region'],
+    cloudformation_url: cloudformation_url,
+    cfn_init_role: instance_role_name,
+    launch_template_resource_id: node['cluster']['launch_template_id']
+  )
+end

cookbooks/aws-parallelcluster-environment/spec/unit/recipes/config_cfn_hup_spec.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+# Copyright:: 2024 Amazon.com, Inc. and its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the
+# License. A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "spec_helper"
+
+describe "aws-parallelcluster-environment::config_cfn_hup" do
+  AWS_REGION = "AWS_REGION"
+  AWS_DOMAIN = "AWS_DOMAIN"
+  STACK_ID = "STACK_ID"
+  CLOUDFORMATION_URL = "https://cloudformation.#{AWS_REGION}.#{AWS_DOMAIN}"
+  INSTANCE_ROLE_NAME = "INSTANCE_ROLE_NAME"
+  LAUNCH_TEMPLATE_ID = "LAUNCH_TEMPLATE_ID"
+
+  for_all_oses do |platform, version|
+    context "on #{platform}#{version}" do
+      for_all_node_types do |node_type|
+        context "when #{node_type}" do
+          cached(:chef_run) do
+            runner = runner(platform: platform, version: version) do |node|
+              allow_any_instance_of(Object).to receive(:get_metadata_token).and_return("IMDS_TOKEN")
+              allow_any_instance_of(Object).to receive(:get_metadata_with_token)
+                .with("IMDS_TOKEN", URI("http://169.254.169.254/latest/meta-data/iam/security-credentials"))
+                .and_return(INSTANCE_ROLE_NAME)
+
+              node.override["cluster"]["node_type"] = node_type
+              node.override["cluster"]["region"] = AWS_REGION
+              node.override["cluster"]["aws_domain"] = AWS_DOMAIN
+              # TODO: We inject the stack id into the attribute stack_arn when generating the dna.json in the CLI.
+              #  This should be fixed at the CLI level first and adapt the cookbook accordingly.
+              node.override["cluster"]["stack_arn"] = STACK_ID
+              node.override["cluster"]["launch_template_id"] = LAUNCH_TEMPLATE_ID
+            end
+            runner.converge(described_recipe)
+          end
+          cached(:node) { chef_run.node }
+
+          %w(/etc/cfn /etc/cfn/hooks.d).each do |dir|
+            it "creates the directory #{dir}" do
+              is_expected.to create_directory(dir).with(
+                owner: "root",
+                group: "root",
+                mode:  "0770",
+                recursive: true
+              )
+            end
+          end
+
+          it "creates the file /etc/cfn/cfn-hup.conf" do
+            is_expected.to create_template("/etc/cfn/cfn-hup.conf")
+              .with(source: 'cfn_bootstrap/cfn-hup.conf.erb')
+              .with(user: "root")
+              .with(group: "root")
+              .with(mode: "0400")
+              .with(variables: {
+               stack_id: STACK_ID,
+               region: AWS_REGION,
+               cloudformation_url: CLOUDFORMATION_URL,
+               cfn_init_role: INSTANCE_ROLE_NAME,
+             })
+          end
+
+          it "creates the file /etc/cfn/hooks.d/pcluster-update.conf" do
+            is_expected.to create_template("/etc/cfn/hooks.d/pcluster-update.conf")
+              .with(source: 'cfn_bootstrap/cfn-hook-update.conf.erb')
+              .with(user: "root")
+              .with(group: "root")
+              .with(mode: "0400")
+              .with(variables: {
+               stack_id: STACK_ID,
+               region: AWS_REGION,
+               cloudformation_url: CLOUDFORMATION_URL,
+               cfn_init_role: INSTANCE_ROLE_NAME,
+               launch_template_resource_id: LAUNCH_TEMPLATE_ID,
+             })
+          end
+        end
+      end
+    end
+  end
+end

cookbooks/aws-parallelcluster-environment/spec/unit/recipes/config_spec.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+# Copyright:: 2024 Amazon.com, Inc. and its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the
+# License. A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'spec_helper'
+
+describe 'aws-parallelcluster-environment::config' do
+  before do
+    @included_recipes = []
+    # We assume this is the order in which the recipes are included
+    @expected_recipes = %w(
+      aws-parallelcluster-environment::ephemeral_drives
+      aws-parallelcluster-environment::update_fs_mapping
+      aws-parallelcluster-environment::export_home
+      aws-parallelcluster-environment::export_internal_use_ebs
+      aws-parallelcluster-environment::mount_intel_dir
+      aws-parallelcluster-environment::ebs
+      aws-parallelcluster-environment::raid
+      aws-parallelcluster-environment::efs
+      aws-parallelcluster-environment::fsx
+      aws-parallelcluster-environment::config_cfn_hup
+    )
+    @expected_recipes.each do |recipe_name|
+      allow_any_instance_of(Chef::Recipe).to receive(:include_recipe).with(recipe_name) do
+        @included_recipes << recipe_name
+      end
+    end
+  end
+
+  for_all_oses do |platform, version|
+    context "on #{platform}#{version}" do
+      for_all_node_types do |node_type|
+        context "when #{node_type}" do
+          cached(:chef_run) do
+            runner = runner(platform: platform, version: version) do |node|
+              node.override['cluster']['node_type'] = node_type
+              node.override['cluster']['shared_storage_type'] = 'ebs'
+            end
+            runner.converge(described_recipe)
+          end
+          cached(:node) { chef_run.node }
+
+          it "includes the recipes in the right order" do
+            chef_run
+            expect(@included_recipes).to eq(@expected_recipes)
+          end
+        end
+      end
+    end
+  end
+end

cookbooks/aws-parallelcluster-environment/templates/cfn_bootstrap/cfn-hook-update.conf.erb

@@ -0,0 +1,5 @@
+[parallelcluster-update]
+triggers=post.update
+path=Resources.<%= @launch_template_resource_id %>.Metadata.AWS::CloudFormation::Init
+action=PATH=/usr/local/bin:/bin:/usr/bin:/opt/aws/bin; . /etc/profile.d/pcluster.sh; cfn-init -v --stack <%= @stack_id %> --resource <%= @launch_template_resource_id %> --configsets update --region <%= @region %> --url <%= @cloudformation_url %> --role <%= @cfn_init_role %>
+runas=root

cookbooks/aws-parallelcluster-environment/templates/cfn_bootstrap/cfn-hup.conf.erb

@@ -0,0 +1,5 @@
+[main]
+stack=<%= @stack_id %>
+region=<%= @region %>
+url=<%= @cloudformation_url %>
+role=<%= @cfn_init_role %>