From dd6f9d1ec5b9177c9c783c49a88262f5bff012f1 Mon Sep 17 00:00:00 2001
From: Francesco Giordano <giordafr@amazon.it>
Date: Tue, 19 Jul 2022 10:47:57 +0200
Subject: [PATCH 1/2] Set MTU to 9001 when multiple nic are configured in the
 instance

The change flollows the best practice described in the official guide https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html
---
 .../files/default/network_interfaces/configure_nw_interface.sh   | 1 +
 .../files/ubuntu/network_interfaces/configure_nw_interface.sh    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/cookbooks/aws-parallelcluster-config/files/default/network_interfaces/configure_nw_interface.sh b/cookbooks/aws-parallelcluster-config/files/default/network_interfaces/configure_nw_interface.sh
index 9e787e3636..edd657d89e 100644
--- a/cookbooks/aws-parallelcluster-config/files/default/network_interfaces/configure_nw_interface.sh
+++ b/cookbooks/aws-parallelcluster-config/files/default/network_interfaces/configure_nw_interface.sh
@@ -33,6 +33,7 @@ BOOTPROTO=none
 IPADDR=${DEVICE_IP_ADDRESS}
 PREFIX=${CIDR_PREFIX_LENGTH}
 GATEWAY=${GW_IP_ADDRESS}
+MTU="9001"
 IPV4_FAILURE_FATAL=yes
 NAME="System ${DEVICE_NAME}"
 EOF
diff --git a/cookbooks/aws-parallelcluster-config/files/ubuntu/network_interfaces/configure_nw_interface.sh b/cookbooks/aws-parallelcluster-config/files/ubuntu/network_interfaces/configure_nw_interface.sh
index 96291e4c0e..e4fba258ca 100644
--- a/cookbooks/aws-parallelcluster-config/files/ubuntu/network_interfaces/configure_nw_interface.sh
+++ b/cookbooks/aws-parallelcluster-config/files/ubuntu/network_interfaces/configure_nw_interface.sh
@@ -47,6 +47,7 @@ network:
   ethernets:
     ${DEVICE_NAME}:
 $STATIC_IP_CONFIG
+      mtu: '9001'
       routes:
        - to: 0.0.0.0/0
          via: ${GW_IP_ADDRESS} # Default gateway

From 6e8619ce34041beebb6bf13b6940c1f200569523 Mon Sep 17 00:00:00 2001
From: Francesco Giordano <giordafr@amazon.it>
Date: Mon, 18 Jul 2022 15:07:23 +0200
Subject: [PATCH 2/2] Disable DLAMI aws-ubuntu-eni-helper to prevent confict
 with configure_nw_interface.sh

Refactor of log4j-cve-2021-44228-hotpatch service disabling
---
 CHANGELOG.md                                  |  2 ++
 .../libraries/helpers.rb                      | 24 +++++++++++++++++++
 .../recipes/base.rb                           |  2 +-
 ...e_log4j_patcher.rb => disable_services.rb} | 20 +++++++---------
 .../libraries/helpers.rb                      | 13 +++++++++-
 .../aws-parallelcluster-test/recipes/tests.rb | 10 ++++++++
 6 files changed, 58 insertions(+), 13 deletions(-)
 create mode 100644 cookbooks/aws-parallelcluster-install/libraries/helpers.rb
 rename cookbooks/aws-parallelcluster-install/recipes/{disable_log4j_patcher.rb => disable_services.rb} (51%)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 957430e6e1..e68b319299 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -44,6 +44,8 @@ This file is used to list changes made in each version of the AWS ParallelCluste
   - selinux-6.0.4 (from selinux-3.1.1)
   - yum-7.4.0 (from yum-6.1.1)
   - yum-epel-4.5.0 (from yum-epel-4.1.2)
+- Disable `aws-ubuntu-eni-helper` service, available in Deep Learning AMIs, to avoid conflicts with `configure_nw_interface.sh` when configuring instances with multiple network cards.
+- Set MTU to 9001 for all the network interfaces when configuring instances with multiple network cards.
 
 3.1.4
 ------
diff --git a/cookbooks/aws-parallelcluster-install/libraries/helpers.rb b/cookbooks/aws-parallelcluster-install/libraries/helpers.rb
new file mode 100644
index 0000000000..5f6514b269
--- /dev/null
+++ b/cookbooks/aws-parallelcluster-install/libraries/helpers.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+# Copyright:: 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License").
+# You may not use this file except in compliance with the License.
+# A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file.
+# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+
+#
+# Disable service
+#
+def disable_service(service, platform_families = %i(rhel amazon debian), operations = :disable)
+  if platform_family?(platform_families)
+    service service do
+      action operations
+    end
+  end
+end
diff --git a/cookbooks/aws-parallelcluster-install/recipes/base.rb b/cookbooks/aws-parallelcluster-install/recipes/base.rb
index 3cb354517a..4744b00fab 100644
--- a/cookbooks/aws-parallelcluster-install/recipes/base.rb
+++ b/cookbooks/aws-parallelcluster-install/recipes/base.rb
@@ -18,7 +18,7 @@
 include_recipe "aws-parallelcluster::setup_envars"
 include_recipe "aws-parallelcluster-install::sudoers"
 include_recipe "aws-parallelcluster-install::cluster_admin_user"
-include_recipe "aws-parallelcluster-install::disable_log4j_patcher"
+include_recipe "aws-parallelcluster-install::disable_services" unless virtualized?
 
 case node['platform_family']
 when 'rhel', 'amazon'
diff --git a/cookbooks/aws-parallelcluster-install/recipes/disable_log4j_patcher.rb b/cookbooks/aws-parallelcluster-install/recipes/disable_services.rb
similarity index 51%
rename from cookbooks/aws-parallelcluster-install/recipes/disable_log4j_patcher.rb
rename to cookbooks/aws-parallelcluster-install/recipes/disable_services.rb
index b4182faf5d..22911a5a60 100644
--- a/cookbooks/aws-parallelcluster-install/recipes/disable_log4j_patcher.rb
+++ b/cookbooks/aws-parallelcluster-install/recipes/disable_services.rb
@@ -2,9 +2,9 @@
 
 #
 # Cookbook:: aws-parallelcluster
-# Recipe:: disable_log4j_patcher
+# Recipe:: disable_services
 #
-# Copyright:: 2013-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright:: 2013-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the
 # License. A copy of the License is located at
@@ -15,13 +15,11 @@
 # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
 # limitations under the License.
 
-# default openmpi installation conflicts with new install
-# new one is installed in /opt/amazon/efa/bin/
+# Disable DLAMI multi eni helper
+# no only_if statement because if the service is not present the action disable does not return error
+disable_service('aws-ubuntu-eni-helper', 'debian', %i(disable stop mask))
 
-if platform_family?('amazon')
-  # masking the service in order to prevent it from being automatically enabled
-  # if not installed yet
-  service 'log4j-cve-2021-44228-hotpatch' do
-    action %i(disable stop mask)
-  end
-end
+# Disable log4j-cve-2021-44228-hotpatch
+# masking the service in order to prevent it from being automatically enabled
+# if not installed yet
+disable_service('log4j-cve-2021-44228-hotpatch', 'amazon', %i(disable stop mask))
diff --git a/cookbooks/aws-parallelcluster-test/libraries/helpers.rb b/cookbooks/aws-parallelcluster-test/libraries/helpers.rb
index f3ef2ee094..b1ce422b18 100644
--- a/cookbooks/aws-parallelcluster-test/libraries/helpers.rb
+++ b/cookbooks/aws-parallelcluster-test/libraries/helpers.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Copyright:: 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright:: 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License").
 # You may not use this file except in compliance with the License.
@@ -224,3 +224,14 @@ def check_ssh_target_checker_vpc_cidr_list(ssh_target_checker_script, expected_c
     TEST
   end
 end
+
+#
+# Check if a service is disabled
+#
+def is_service_disabled(service, platform_families = %i(rhel amazon debian))
+  if platform_family?(platform_families)
+    execute "check #{service} service is disabled" do
+      command "systemctl is-enabled #{service} && exit 1 || exit 0"
+    end
+  end
+end
diff --git a/cookbooks/aws-parallelcluster-test/recipes/tests.rb b/cookbooks/aws-parallelcluster-test/recipes/tests.rb
index 69e2cb70be..c7cce648b0 100644
--- a/cookbooks/aws-parallelcluster-test/recipes/tests.rb
+++ b/cookbooks/aws-parallelcluster-test/recipes/tests.rb
@@ -541,6 +541,16 @@ module load intelmpi && mpirun --help | grep '#{node['cluster']['intelmpi']['kit
   command "systemctl is-enabled ec2blkdev"
 end
 
+###################
+# Verify that aws-ubuntu-eni-helper service is disabled
+###################
+is_service_disabled('aws-ubuntu-eni-helper', 'debian')
+
+###################
+# Verify that log4j-cve-2021-44228-hotpatch service is disabled
+###################
+is_service_disabled('log4j-cve-2021-44228-hotpatch', 'amazon')
+
 ###################
 # clusterstatusmgtd
 ###################