Move the cluster user out of /home when the default_user_home option is set to local

Author: dreambeyondorange

cookbooks/aws-parallelcluster-environment/recipes/init.rb

@@ -17,6 +17,9 @@
   action :configure
 end
 
+# move the default user out of home if the config param is set
+include_recipe "aws-parallelcluster-environment::move_default_user" if node['cluster']['default_user_home'] == 'local'
+
 case node['cluster']['shared_storage_type']
 when 'efs'
   include_recipe "aws-parallelcluster-environment::mount_internal_use_efs"

cookbooks/aws-parallelcluster-environment/recipes/init/move_default_user.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+#
+# Copyright:: 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the
+# License. A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Backup the cluster user's default home directory
+bash "Backup #{node['cluster']['cluster_user_home']}" do
+  user 'root'
+  group 'root'
+  code <<-EOH
+    mkdir -p /tmp#{node['cluster']['cluster_user_home']}
+    rsync -a #{node['cluster']['cluster_user_home']} /tmp#{node['cluster']['cluster_user_home']}
+  EOH
+end
+
+# Move the cluster user's default home directory
+bash "Move #{node['cluster']['cluster_user_home']}" do
+  user 'root'
+  group 'root'
+  code <<-EOH
+    mkdir -p #{node['cluster']['cluster_user_local_home']}
+    rsync -a /tmp#{node['cluster']['cluster_user_home']}/ #{node['cluster']['cluster_user_local_home']}
+    usermod -d #{node['cluster']['cluster_user_local_home']} #{node['cluster']['cluster_user']}
+    rm -rf /tmp#{node['cluster']['cluster_user_home']}
+  EOH
+end
+
+Chef::Log.info("user home before #{node['cluster']['cluster_user_home']}")
+node.normal['cluster']['cluster_user_home'] = node['cluster']['cluster_user_local_home']
+Chef::Log.info("user home after #{node['cluster']['cluster_user_home']}")
+

cookbooks/aws-parallelcluster-platform/recipes/config/cluster_user.rb

@@ -12,42 +12,46 @@
 # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
 # limitations under the License.
 
+Chef::Log.info("config - user home before #{node['cluster']['cluster_user_home']}")
+node.normal['cluster']['cluster_user_home'] = node['cluster']['cluster_user_local_home'] if node['cluster']['default_user_home'] == 'local'
+Chef::Log.info("config - user home after #{node['cluster']['cluster_user_home']}")
+
 case node['cluster']['node_type']
 when 'HeadNode'
   # Setup cluster user
   user node['cluster']['cluster_user'] do
     manage_home true
     comment 'AWS ParallelCluster user'
-    home "/home/#{node['cluster']['cluster_user']}"
+    home "#{node['cluster']['cluster_user_home']}"
     shell '/bin/bash'
   end
 
   # Setup SSH auth for cluster user
   bash "ssh-keygen" do
-    cwd "/home/#{node['cluster']['cluster_user']}"
+    cwd "#{node['cluster']['cluster_user_home']}"
     code <<-KEYGEN
       set -e
       su - #{node['cluster']['cluster_user']} -c \"ssh-keygen -q -t ed25519 -f ~/.ssh/id_ed25519 -N ''\"
     KEYGEN
-    not_if { ::File.exist?("/home/#{node['cluster']['cluster_user']}/.ssh/id_ed25519") }
+    not_if { ::File.exist?("#{node['cluster']['cluster_user_home']}/.ssh/id_ed25519") }
   end
 
   bash "copy_and_perms" do
-    cwd "/home/#{node['cluster']['cluster_user']}"
+    cwd "#{node['cluster']['cluster_user_home']}"
     code <<-PERMS
       set -e
       su - #{node['cluster']['cluster_user']} -c \"cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys && chmod 0600 ~/.ssh/authorized_keys && touch ~/.ssh/authorized_keys_cluster\"
     PERMS
-    not_if { ::File.exist?("/home/#{node['cluster']['cluster_user']}/.ssh/authorized_keys_cluster") }
+    not_if { ::File.exist?("#{node['cluster']['cluster_user_home']}/.ssh/authorized_keys_cluster") }
   end
 
   bash "ssh-keyscan" do
-    cwd "/home/#{node['cluster']['cluster_user']}"
+    cwd "#{node['cluster']['cluster_user_home']}"
     code <<-KEYSCAN
       set -e
       su - #{node['cluster']['cluster_user']} -c \"ssh-keyscan #{node['hostname']} > ~/.ssh/known_hosts && chmod 0600 ~/.ssh/known_hosts\"
     KEYSCAN
-    not_if { ::File.exist?("/home/#{node['cluster']['cluster_user']}/.ssh/known_hosts") }
+    not_if { ::File.exist?("#{node['cluster']['cluster_user_home']}/.ssh/known_hosts") }
   end
 
 when 'ComputeFleet', 'LoginNode'
@@ -56,7 +60,7 @@
   user node['cluster']['cluster_user'] do
     manage_home false
     comment 'AWS ParallelCluster user'
-    home "/home/#{node['cluster']['cluster_user']}"
+    home "#{node['cluster']['cluster_user_home']}"
     shell '/bin/bash'
   end
 else

cookbooks/aws-parallelcluster-shared/attributes/users.rb

@@ -18,3 +18,19 @@
 default['cluster']['munge']['user_id'] = node['cluster']['reserved_base_uid'] + 2
 default['cluster']['munge']['group'] = node['cluster']['munge']['user']
 default['cluster']['munge']['group_id'] = node['cluster']['munge']['user_id']
+
+if (platform?('amazon') && node['platform_version'].to_i == 2) ||
+  (platform?('redhat') && node['platform_version'].to_i == 8)
+  default['cluster']['cluster_user'] = 'ec2-user'
+elsif platform?('centos') && node['platform_version'].to_i == 7
+  default['cluster']['cluster_user'] = 'centos'
+elsif platform?('rocky') && node['platform_version'].to_i == 8
+  default['cluster']['cluster_user'] = 'rocky'
+elsif platform?('ubuntu')
+  default['cluster']['cluster_user'] = 'ubuntu'
+else
+  raise "The OS must be one of the following: Amazon Linux 2, Ubuntu, CentOS 7, RHEL 8, or Rocky 8"
+end
+
+default['cluster']['cluster_user_home'] = "/home/#{node['cluster']['cluster_user']}"
+default['cluster']['cluster_user_local_home'] = "/local/home/#{node['cluster']['cluster_user']}"