Skip to content

Commit 3a1fb5f

Browse files
hgreebedreambeyondorange
hgreebe
and
dreambeyondorange
authored
Prevent pcluster from changing default permissions on /home directory (#2797)
* Prevent pcluster from changing default permissions on /home directory * Create mode attribute so /home permissions can be set to 755 --------- Co-authored-by: Ryan Anderson <[email protected]>
1 parent a496d39 commit 3a1fb5f

File tree

6 files changed

+23
-8
lines changed

6 files changed

+23
-8
lines changed

cookbooks/aws-parallelcluster-environment/recipes/config/mount_home.rb

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@
6262
efs_iam_authorization_array [node['cluster']['efs_iam_authorizations'].split(',')[index]]
6363
efs_mount_point_array ['/home']
6464
efs_access_point_id_array [node['cluster']['efs_access_point_ids'].split(',')[index]]
65+
mode '755'
6566
action :mount
6667
end
6768
break
@@ -75,6 +76,7 @@
7576
efs_encryption_in_transit_array [node['cluster']['efs_encryption_in_transits'].split(',')[index]]
7677
efs_iam_authorization_array [node['cluster']['efs_iam_authorizations'].split(',')[index]]
7778
efs_access_point_id_array [node['cluster']['efs_access_point_ids'].split(',')[index]]
79+
mode '755'
7880
action :mount
7981
end
8082
break
@@ -89,6 +91,7 @@
8991
fsx_dns_name_array [node['cluster']['fsx_dns_names'].split(',')[index]]
9092
fsx_mount_name_array [node['cluster']['fsx_mount_names'].split(',')[index]]
9193
fsx_volume_junction_path_array [node['cluster']['fsx_volume_junction_paths'].split(',')[index]]
94+
mode '755'
9295
action :mount
9396
end
9497
break
@@ -101,6 +104,7 @@
101104
manage_ebs "add ebs /home" do
102105
shared_dir_array [dir]
103106
vol_array [node['cluster']['volume'].split(',')[index]]
107+
mode '755'
104108
action %i(mount export)
105109
end
106110
break
@@ -111,6 +115,7 @@
111115
shared_dir '/home'
112116
device(lazy { "#{node['cluster']['head_node_private_ip']}:#{format_directory('/home')}" })
113117
fstype 'nfs'
118+
mode '755'
114119
options node['cluster']['nfs']['hard_mount_options']
115120
retries 10
116121
retry_delay 6
@@ -123,6 +128,7 @@
123128
raid_shared_dir '/home'
124129
raid_type node['cluster']['raid_type']
125130
raid_vol_array node['cluster']['raid_vol_ids'].split(',')
131+
mode '755'
126132
action %i(mount export)
127133
end
128134
when 'ComputeFleet', 'LoginNode'
@@ -131,6 +137,7 @@
131137
shared_dir '/home'
132138
device(lazy { "#{node['cluster']['head_node_private_ip']}:/home" })
133139
fstype 'nfs'
140+
mode '755'
134141
options node['cluster']['nfs']['hard_mount_options']
135142
retries 10
136143
retry_delay 6

cookbooks/aws-parallelcluster-environment/resources/efs/partial/_mount_umount.rb

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
# This is the mount point on the EFS itself, as opposed to the local system directory, defaults to "/"
2323
property :efs_mount_point_array, Array, required: false
2424
property :efs_unmount_forced_array, Array, required: false
25+
property :mode, String, default: "1777"
2526

2627
action :mount do
2728
return if on_docker?
@@ -61,7 +62,7 @@
6162
directory efs_shared_dir do
6263
owner 'root'
6364
group 'root'
64-
mode '1777'
65+
mode new_resource.mode
6566
recursive true
6667
action :create
6768
end unless ::File.directory?(efs_shared_dir)
@@ -97,7 +98,7 @@
9798
path efs_shared_dir
9899
owner 'root'
99100
group 'root'
100-
mode '1777'
101+
mode new_resource.mode
101102
only_if { node['cluster']['node_type'] == "HeadNode" }
102103
end
103104
end
@@ -130,7 +131,7 @@
130131
directory efs_shared_dir do
131132
owner 'root'
132133
group 'root'
133-
mode '1777'
134+
mode new_resource.mode
134135
recursive false
135136
action :delete
136137
only_if { Dir.exist?(efs_shared_dir.to_s) && Dir.empty?(efs_shared_dir.to_s) }

cookbooks/aws-parallelcluster-environment/resources/lustre/partial/_mount_unmount.rb

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
property :fsx_dns_name_array, Array, required: %i(mount unmount)
1616
property :fsx_mount_name_array, Array, required: %i(mount unmount)
1717
property :fsx_volume_junction_path_array, Array, required: %i(mount unmount)
18+
property :mode, String, default: "1777"
1819

1920
action :mount do
2021
return if on_docker?
@@ -25,7 +26,7 @@
2526
directory fsx.shared_dir do
2627
owner 'root'
2728
group 'root'
28-
mode '1777'
29+
mode new_resource.mode
2930
recursive true
3031
action :create
3132
end
@@ -61,7 +62,7 @@
6162
path fsx.shared_dir
6263
owner 'root'
6364
group 'root'
64-
mode '1777'
65+
mode new_resource.mode
6566
only_if { fsx.can_change_shared_dir_permissions && node['cluster']['node_type'] == "HeadNode" }
6667
end
6768
end
@@ -92,7 +93,7 @@
9293
directory fsx.shared_dir do
9394
owner 'root'
9495
group 'root'
95-
mode '1777'
96+
mode new_resource.mode
9697
recursive false
9798
action :delete
9899
only_if { Dir.exist?(fsx.shared_dir) && Dir.empty?(fsx.shared_dir) }

cookbooks/aws-parallelcluster-environment/resources/manage_ebs.rb

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
property :shared_dir_array, Array, required: %i(mount export unmount unexport)
1515
property :vol_array, Array, required: %i(mount unmount)
16+
property :mode, String, default: "1777"
1617

1718
default_action :mount
1819

@@ -43,6 +44,7 @@
4344

4445
volume "mount volume #{index}" do
4546
action :mount
47+
mode new_resource.mode
4648
shared_dir shared_dir_array[index]
4749
device(lazy_uuid(dev_path[index]))
4850
fstype(DelayedEvaluator.new { node['cluster']['volume_fs_type'] })

cookbooks/aws-parallelcluster-environment/resources/raid/partial/_raid_common.rb

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
property :raid_shared_dir, String, required: %i(mount unmount export unexport)
1616
property :raid_type, [String, Integer], required: %i(mount)
1717
property :raid_vol_array, Array, required: %i(mount unmount)
18+
property :mode, String, default: "1777"
1819

1920
action :setup do
2021
package 'mdadm' do
@@ -79,6 +80,7 @@
7980
device raid_dev
8081
fstype "ext4"
8182
options "defaults,nofail,_netdev"
83+
mode new_resource.mode
8284
retries 10
8385
retry_delay 6
8486
end

cookbooks/aws-parallelcluster-environment/resources/volume.rb

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
property :options, [Array, String], required: %i(mount)
88
property :device_type, [String, Symbol], default: :device
99
property :volume_id, String, required: %i(attach detach)
10+
property :mode, String, default: "1777"
1011

1112
action :attach do
1213
volume_id = new_resource.volume_id.strip
@@ -42,7 +43,7 @@
4243
directory shared_dir do
4344
owner 'root'
4445
group 'root'
45-
mode '1777'
46+
mode new_resource.mode
4647
recursive true
4748
action :create
4849
end
@@ -78,7 +79,8 @@
7879
directory shared_dir do
7980
owner 'root'
8081
group 'root'
81-
mode '1777'
82+
mode new_resource.mode
83+
only_if { node['cluster']['node_type'] == "HeadNode" }
8284
end
8385
end
8486

0 commit comments

Comments
 (0)