Disable log4j-cve-2021-44228-hotpatch service on Amazon Linux

Signed-off-by: Francesco De Martino <[email protected]>

Author: demartinofra

CHANGELOG.md

@@ -3,6 +3,12 @@ aws-parallelcluster-cookbook CHANGELOG
 
 This file is used to list changes made in each version of the AWS ParallelCluster cookbook.
 
+3.0.3
+------
+
+**CHANGES**
+- Disable log4j-cve-2021-44228-hotpatch service on Amazon Linux to avoid incurring in potential performance degradation.
+
 3.0.2
 ------
 

recipes/base_install.rb

@@ -17,6 +17,7 @@
 
 include_recipe "aws-parallelcluster::setup_envars"
 include_recipe "aws-parallelcluster::sudoers_install"
+include_recipe "aws-parallelcluster::disable_log4j_patcher"
 
 return if node['conditions']['ami_bootstrapped']
 

recipes/disable_log4j_patcher.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+#
+# Cookbook Name:: aws-parallelcluster
+# Recipe:: disable_log4j_patcher
+#
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the
+# License. A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+
+if platform_family?('amazon')
+  # masking the service in order to prevent it from being automatically enabled
+  # if not installed yet
+  service 'log4j-cve-2021-44228-hotpatch' do
+    action %i[disable stop mask]
+  end
+end