Stop the sshd service and close connections before moving the default user home (#2652)

dreambeyondorange · web-flow · commit d85a09c20b06 · 2024-02-16T17:05:39.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ This file is used to list changes made in each version of the AWS ParallelCluste
 - Add support for RHEL9.
 - Add support for Rocky Linux 9 as `CustomAmi` created through `build-image` process. No public official ParallelCluster Rocky9 Linux AMI is made available at this time.
 - Add the configuration parameter `DeploymentSettings/DefaultUserHome` to allow users to move the default user's home directory to `/local/home` instead of `/home` (default).
+  - SSH connections will be closed and rejected while the user's home directory is being moved during the bootstrapping process.
 - Add possibility to choose between Open and Closed Source Nvidia Drivers when building an AMI, through the ```['cluster']['nvidia']['kernel_open']``` cookbook node attribute.
 
 **CHANGES**
diff --git a/cookbooks/aws-parallelcluster-environment/recipes/init/config_default_user_home.rb b/cookbooks/aws-parallelcluster-environment/recipes/init/config_default_user_home.rb
@@ -14,6 +14,20 @@
 
 return if node['cluster']['default_user_home'] == 'shared'
 
+# Stop sshd and close all connections
+service 'sshd' do
+  action :stop
+  sensitive true
+end
+bash "Close ssh connections to perform a default user move" do
+  user 'root'
+  group 'root'
+  returns [0, 1]
+  code <<-EOH
+    pkill --signal HUP sshd
+  EOH
+end
+
 # Backup the cluster user's default home directory
 bash "Backup #{node['cluster']['cluster_user_home']}" do
   user 'root'
@@ -46,3 +60,9 @@
 end
 
 node.override['cluster']['cluster_user_home'] = node['cluster']['cluster_user_local_home']
+
+# Start the sshd service again once the move is complete
+service 'sshd' do
+  action :start
+  sensitive true
+end
diff --git a/cookbooks/aws-parallelcluster-environment/spec/unit/recipes/config_default_user_home_spec.rb b/cookbooks/aws-parallelcluster-environment/spec/unit/recipes/config_default_user_home_spec.rb
@@ -15,9 +15,12 @@
         cached(:node) { chef_run.node }
 
         it 'runs the recipe' do
+          is_expected.to stop_service("sshd")
+          is_expected.to run_bash("Close ssh connections to perform a default user move")
           is_expected.to run_bash("Backup /home/user")
           is_expected.to run_bash("Move /home/user")
           expect(chef_run.node['cluster']['cluster_user_home']).to eq('/local/home/user')
+          is_expected.to start_service("sshd")
         end
       end
       context 'when shared' do
