Patch al20203

hgreebe · hgreebe · commit a70d6d85b619 · 2025-01-15T11:06:29.000-05:00
diff --git a/cookbooks/aws-parallelcluster-environment/templates/isolated/patch-iso-instance.sh.erb b/cookbooks/aws-parallelcluster-environment/templates/isolated/patch-iso-instance.sh.erb
@@ -35,7 +35,7 @@ if [[ "${OS}" == "amzn2023" ]]; then
   cat > ${REPOSITORY_DEFINITION_FILE} <<REPO_DEFINITION
 [amzn2023-iso]
 name=Amazon Linux 2023 isolated Region repository
-mirrorlist=http://al2023-repos-$awsregion-de612dc2.s3.$awsregion.$awsdomain/core-iso/mirrors/$releasever/$basearch/mirror.list
+mirrorlist=http://al2023-repos-\$awsregion-de612dc2.s3.\$awsregion.\$awsdomain/core-iso/mirrors/\$releasever/\$basearch/mirror.list
 priority=10
 enabled=1
 repo_gpgcheck=0
@@ -45,8 +45,12 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-linux-2023
 REPO_DEFINITION
 
   echo "sslverify=0" >> /etc/dnf/dnf.conf
-  dnf install -y amazon-linux-repo-iso ca-certificates-iso
-  echo -n "" > sudo tee /etc/dnf/vars/dualstack
+  echo -n "" | sudo tee /etc/dnf/vars/dualstack
+  if [[ ${REGION} == us-isob* ]]; then
+    dnf install -y amazon-linux-repo-iso ca-certificates-isob
+  else
+    dnf install -y amazon-linux-repo-iso ca-certificates-iso
+  fi
   sed -i "s/sslverify=0//g" /etc/dnf/dnf.conf
 else
   cat > ${REPOSITORY_DEFINITION_FILE} <<REPO_DEFINITION
@@ -66,27 +70,30 @@ fi
 
 rm -f ${REPOSITORY_DEFINITION_FILE}
 
-echo "[INFO] Complete: installation of packages from amazon Linux 2 repository for US isolated region"
+echo "[INFO] Complete: installation of packages from ${OS} repository for US isolated region"
 
 echo "[INFO] Starting: CA bundle configuration for AWS CLI in US isolated region"
 
-USERS=(<%= @users %>)
 CA_BUNDLE="/etc/pki/${REGION}/certs/ca-bundle.pem"
 
-for user in "${USERS[@]}"; do
-  echo "[INFO] Setting CA bundle ${CA_BUNDLE} for user ${user}"
-  sudo mkhomedir_helper $user
-  sudo -u $user aws configure set ca_bundle "$CA_BUNDLE"
-done
+sudo aws configure set ca_bundle "$CA_BUNDLE"
 
 echo "[INFO] Complete: CA bundle configuration for AWS CLI in US isolated region"
 
 echo "[INFO] Starting: Setting system-wide environment variables for AWS CLI in US isolated region"
 
+echo "export AWS_CA_BUNDLE=/etc/pki/${REGION}/certs/ca-bundle.pem" >> /etc/profile.d/aws-cli-default-config.sh
+
 echo "export AWS_DEFAULT_REGION=${REGION}" >> /etc/profile.d/aws-cli-default-config.sh
 
-echo "Defaults env_keep += \"AWS_DEFAULT_REGION AWS_CA_BUNDLE\"" > /etc/sudoers.d/pcluster-aws-cli-envkeep
+echo "export REQUESTS_CA_BUNDLE=${AWS_CA_BUNDLE}" >> /etc/profile.d/aws-cli-default-config.sh
 
-echo "[INFO] Complete: Setting system-wide environment variables for AWS CLI in US isolated region"
+echo "export SSL_CERT_FILE=${AWS_CA_BUNDLE}" >> /etc/profile.d/aws-cli-default-config.sh
+
+echo "Defaults env_keep += \"AWS_DEFAULT_REGION AWS_CA_BUNDLE REQUESTS_CA_BUNDLE SSL_CERT_FILE\"" > /etc/sudoers.d/pcluster-aws-cli-envkeep
 
-echo "[INFO] Complete: instance configuration for US isolated region"
+source /etc/profile.d/aws-cli-default-config.sh
+
+sudo aws configure set ca_bundle "$CA_BUNDLE"
+
+echo "[INFO] Complete: Setting system-wide environment variables for AWS CLI in US isolated region"
diff --git a/cookbooks/aws-parallelcluster-platform/files/isolated/iso-ca-bundle-config.sh b/cookbooks/aws-parallelcluster-platform/files/isolated/iso-ca-bundle-config.sh
@@ -9,6 +9,8 @@ function get_instance_region {
 
 REGION="$(get_instance_region)"
 
+CA_BUNDLE="/etc/pki/${REGION}/certs/ca-bundle.pem"
+
 echo "export AWS_CA_BUNDLE=/etc/pki/${REGION}/certs/ca-bundle.pem" >> /etc/profile.d/aws-cli-default-config.sh
 
 echo "export AWS_DEFAULT_REGION=${REGION}" >> /etc/profile.d/aws-cli-default-config.sh
