Add cfn-hup configuration resource

* Separate cfn-hup update hook for ComputeFleet
* Add `get_compute_user_data.py` script to parse and get LaunchTemplates and parse them to write relevant DNA files.
* Add invocation of script get_compute_user_data.py by headNode during an update
* Writing dna.json files for each Launch template
* Using launch template logical id for update action script
* Update cfn-hup hook action script for Compute
* chnage the owner, group and mode of dna and extra files in tmp
* Share extra.json to Compute nodes
* adding cleanup operation after an update
* Update config_cfn_hup to be streamlined for node-specific configuration files

Author: Himani Anil Deshpande

cookbooks/aws-parallelcluster-environment/files/cfn_hup/get_compute_user_data.py

@@ -0,0 +1,146 @@
+# Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License").
+# You may not use this file except in compliance with the
+# License. A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+
+import argparse
+from email import message_from_string
+import json
+import mimetypes
+import os
+import boto3
+import yaml
+import base64
+
+SHARED_LOCATION = "/opt/parallelcluster/"
+
+COMPUTE_FLEET_SHARED_LOCATION = SHARED_LOCATION + 'shared/'
+LOGIN_POOL_SHARED_LOCATION = SHARED_LOCATION + 'shared_login_nodes/'
+
+COMPUTE_FLEET_DNA_LOC = COMPUTE_FLEET_SHARED_LOCATION + 'dna/'
+LOGIN_POOL_DNA_LOC = LOGIN_POOL_SHARED_LOCATION + 'dna/'
+
+COMPUTE_FLEET_LAUNCH_TEMPLATE_ID = COMPUTE_FLEET_SHARED_LOCATION + 'launch-templates-config.json'
+
+LOGIN_POOL_LAUNCH_TEMPLATE_ID = LOGIN_POOL_SHARED_LOCATION + 'launch-templates-config.json'
+
+
+
+def get_launch_template_details(shared_storage):
+    with open(shared_storage, 'r') as file:
+        lt_config = json.loads(file.read())
+    return  lt_config
+
+
+def get_compute_launch_template_ids(args):
+    lt_config = get_launch_template_details(COMPUTE_FLEET_LAUNCH_TEMPLATE_ID)
+    if lt_config:
+        all_queues = lt_config.get('Queues')
+        for _, queues in all_queues.items():
+            compute_resources = queues.get('ComputeResources')
+            for _, compute_res in compute_resources.items():
+                get_latest_dns_data(compute_res, COMPUTE_FLEET_DNA_LOC, args)
+
+
+def get_login_pool_launch_template_ids(args):
+    lt_config = get_launch_template_details(LOGIN_POOL_LAUNCH_TEMPLATE_ID)
+    if lt_config:
+        login_pools = lt_config.get('LoginPools')
+        for _, pool in login_pools.items():
+            get_latest_dns_data(pool, LOGIN_POOL_DNA_LOC, args)
+
+
+def get_user_data(lt_id, lt_version, region_name):
+    try:
+        ec2_client = boto3.client("ec2", region_name=region_name)
+        response = ec2_client.describe_launch_template_versions(
+            LaunchTemplateId= lt_id,
+            Versions=[
+                lt_version,
+            ],
+        ).get('LaunchTemplateVersions')
+        decoded_data = base64.b64decode(response[0]['LaunchTemplateData']['UserData'], validate=True).decode('utf-8')
+        return decoded_data
+    except Exception as e: # binascii.Error:
+        print("Exception raised", e)
+
+
+def parse_mime_user_data(user_data):
+    data = message_from_string(user_data)
+    for cloud_config_section in data.walk():
+        if cloud_config_section.get_content_type() == 'text/cloud-config':
+            write_directives_section = yaml.safe_load(cloud_config_section._payload).get('write_files')
+
+    return write_directives_section
+
+
+def write_dna_files(write_files_section, shared_storage_loc):
+    for data in write_files_section:
+        if data['path'] in ['/tmp/dna.json']:
+            with open(shared_storage_loc+"-dna.json" ,"w") as file:
+                file.write(json.dumps(json.loads(data['content']),indent=4))
+
+
+def get_latest_dns_data(resource, output_location, args):
+    user_data = get_user_data(resource.get('LaunchTemplate').get('Id'), resource.get('LaunchTemplate').get('Version'), args.region)
+    write_directives = parse_mime_user_data(user_data)
+    write_dna_files(write_directives, output_location+resource.get('LaunchTemplate').get("LogicalId"))
+
+def cleanup(directory_loc):
+    for f in os.listdir(directory_loc):
+        f_path = os.path.join(directory_loc, f)
+        try:
+            if os.path.isfile(f_path):
+                os.remove(f_path)
+        except Exception as e:
+            print(f"Error deleting {f_path}: {e}")
+
+def _parse_cli_args():
+    parser = argparse.ArgumentParser(
+        description="Get latest User Data from Compute and Login Node Launch Templates.", exit_on_error=False
+    )
+
+    parser.add_argument(
+        "-r",
+        "--region",
+        type=str,
+        default=os.getenv("AWS_REGION", None),
+        required=False,
+        help="the cluster AWS region, defaults to AWS_REGION env variable",
+    )
+
+    parser.add_argument(
+        "-c",
+        "--cleanup",
+        action="store_true",
+        default=False,
+        required=False,
+        help="Cleanup DNA files created",
+    )
+
+    args = parser.parse_args()
+
+    return args
+
+
+def main():
+    args = _parse_cli_args()
+    if args.cleanup:
+        cleanup(COMPUTE_FLEET_DNA_LOC)
+        cleanup(LOGIN_POOL_DNA_LOC)
+    else:
+        get_compute_launch_template_ids(args)
+    #get_login_pool_launch_template_ids(args)
+
+
+if __name__ == "__main__":
+    main()

cookbooks/aws-parallelcluster-environment/recipes/config.rb

@@ -38,4 +38,4 @@
 # spack 'Configure Spack Packages' do
 #   action :configure
 # end
-include_recipe 'aws-parallelcluster-environment::config_cfn_hup'
+cfn_hup_configuration "Configure Cfn-hup"

cookbooks/aws-parallelcluster-environment/recipes/config/config_cfn_hup.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+#
+# Copyright:: 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the
+# License. A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+
+provides :cfn_hup_configuration
+unified_mode true
+default_action :configure
+
+action :configure do
+  cloudformation_url = "https://cloudformation.#{node['cluster']['region']}.#{node['cluster']['aws_domain']}"
+  instance_role_name = lambda {
+    # IMDS is not available on Docker
+    return "FAKE_INSTANCE_ROLE_NAME" if on_docker?
+    get_metadata_with_token(get_metadata_token, URI("http://169.254.169.254/latest/meta-data/iam/security-credentials"))
+  }.call
+
+  directory '/etc/cfn' do
+    owner 'root'
+    group 'root'
+    mode '0770'
+    recursive true
+  end
+
+  directory '/etc/cfn/hooks.d' do
+    owner 'root'
+    group 'root'
+    mode '0770'
+    recursive true
+  end
+
+  template '/etc/cfn/cfn-hup.conf' do
+    source 'cfn_hup/cfn-hup.conf.erb'
+    owner 'root'
+    group 'root'
+    mode '0400'
+    variables(
+      stack_id: node['cluster']['stack_arn'],
+      region: node['cluster']['region'],
+      cloudformation_url: cloudformation_url,
+      cfn_init_role: instance_role_name
+    )
+  end
+
+  action_extra_configuration
+
+  template '/etc/cfn/hooks.d/pcluster-update.conf' do
+    source "cfn_hup/cfn-hook-update.conf.erb"
+    owner 'root'
+    group 'root'
+    mode '0400'
+    variables(
+      stack_id: node['cluster']['stack_arn'],
+      region: node['cluster']['region'],
+      cloudformation_url: cloudformation_url,
+      cfn_init_role: instance_role_name,
+      launch_template_resource_id: node['cluster']['launch_template_id'],
+      update_hook_script_dir: node['cluster']['scripts_dir']
+    )
+  end
+end
+
+action :extra_configuration do
+  case node['cluster']['node_type']
+  when 'HeadNode'
+    cookbook_file "#{node['cluster']['scripts_dir']}/get_compute_user_data.py" do
+      source 'cfn_hup/get_compute_user_data.py'
+      owner 'root'
+      group 'root'
+      mode '0755'
+      action :create_if_missing
+    end
+
+    directory "#{node['cluster']['shared_dir']}/dna"
+
+  when 'ComputeFleet'
+    template "#{node['cluster']['scripts_dir']}/cfn-hup-update-action.sh" do
+      source "cfn_hup/#{node['cluster']['node_type']}/cfn-hup-update-action.sh.erb"
+      owner 'root'
+      group 'root'
+      mode '0744' # TODO: Change permission
+      variables(
+        monitor_shared_dir: monitor_shared_dir,
+        launch_template_resource_id: node['cluster']['launch_template_id']
+      )
+    end
+  end
+end
+
+action_class do
+  def monitor_shared_dir
+    "#{node['cluster']['shared_dir']}/dna"
+  end
+end

cookbooks/aws-parallelcluster-environment/resources/config_cfn_hup.rb

@@ -0,0 +1,43 @@
+#!/bin/bash
+set -ex
+
+
+
+
+function run_cookbook_recipes() {
+    LATEST_DNA_LOC=<%= @monitor_shared_dir %>
+    LATEST_DNA_FILE=$LATEST_DNA_LOC/<%= @launch_template_resource_id %>-dna.json
+    LATEST_EXTRA_FILE=$LATEST_DNA_LOC/extra.json
+
+    GET_DNA_FILE=true
+    while $GET_DNA_FILE; do
+        if [[ -f $LATEST_DNA_FILE ]]; then
+          GET_DNA_FILE=false
+          cp $LATEST_DNA_FILE /tmp/dna.json
+          chown root:root /tmp/dna.json
+          chmod 000644 /tmp/dna.json
+          cp $LATEST_EXTRA_FILE /tmp/extra.json
+          chown root:root /tmp/extra.json
+          chmod 000644 /tmp/extra.json
+          mkdir -p /etc/chef/ohai/hints
+          touch /etc/chef/ohai/hints/ec2.json
+          jq -s ".[0] * .[1]" /tmp/dna.json /tmp/extra.json > /etc/chef/dna.json || ( echo "jq not installed"; cp /tmp/dna.json /etc/chef/dna.json )
+          cd /etc/chef
+          cinc-client --local-mode --config /etc/chef/client.rb --log_level info --logfile /var/log/chef-client.log --force-formatter --no-color --chef-zero-port 8889 --json-attributes /etc/chef/dna.json --override-runlist aws-parallelcluster-entrypoints::update && /opt/parallelcluster/scripts/fetch_and_run -postupdate
+
+        fi
+
+        sleep 60
+    done
+}
+
+
+main() {
+  PATH=/usr/local/bin:/bin:/usr/bin:/opt/aws/bin;
+  . /etc/parallelcluster/pcluster_cookbook_environment.sh;
+  echo "We monitor <%= @monitor_shared_dir %> to check for <%= @launch_template_resource_id %>-dna.json is being added"
+  run_cookbook_recipes
+}
+
+
+main "$@"

cookbooks/aws-parallelcluster-environment/templates/cfn_hup/ComputeFleet/cfn-hup-update-action.sh.erb

@@ -1,5 +1,11 @@
 [parallelcluster-update]
 triggers=post.update
+<% case node['cluster']['node_type'] -%>
+<% when 'HeadNode', 'LoginNode' -%>
 path=Resources.<%= @launch_template_resource_id %>.Metadata.AWS::CloudFormation::Init
 action=PATH=/usr/local/bin:/bin:/usr/bin:/opt/aws/bin; . /etc/parallelcluster/pcluster_cookbook_environment.sh; $CFN_BOOTSTRAP_VIRTUALENV_PATH/cfn-init -v --stack <%= @stack_id %> --resource <%= @launch_template_resource_id %> --configsets update --region <%= @region %> --url <%= @cloudformation_url %> --role <%= @cfn_init_role %>
+<% when 'ComputeFleet' -%>
+path=Resources.<%= @launch_template_resource_id %>
+action=timeout 900 <%= @update_hook_script_dir %>/cfn-hup-update-action.sh
+<% end %>
 runas=root