[POC] Add support for Amazon Linux 2023

### Description of changes

Used new utility `os-resources.py` introduced as part of aws#2328 to create new resources for alinux2023, starting from redhat8 resources.

Relevant changes to the code:
* os_type --> Replaced rhel with alinux
* Tried to fix CloudWatch agent setup by changing `platform_url_component` to point to the same of rhel (not sure if it's correct)
* Copied network setup templates from redhat folders
* Added alinux2023 to pcluster_dcv_connect.sh script

Removed redhat_on_docker condition from:
* stunnel
* system_authentication
* efa

TODO:
* efa -> check efa_supported? condition and log messages
* lustre -> check version condition and log messages
* install_packages --> Removed postgresql packages
* Enable repository needed by hwloc-devel blas-devel libedit-devel and glibc-static packages

### Tests

* Added Alinux2023 to ec2 kitchen configuration files. Copied from rhel8 with minor changes:
  * AMI name prefix took from EC2 Amazon Linux official AMI
  * I called the suite `alinux-2023`, with an "-" in the name to avoid having alinux2
    as prefix of alinux-2023 and be able to distinguish them on Inspec runs.
* Created new `pre_converge` hook to install libxcrypt-compat package, required to install Chef, leveraging the work done with aws#2342
* I had to pass a custom `provisioner/download_url` for cinc because package for AL2023 is not available in the default path.
* The validated resources are:
  * nvidia_driver
  * arm_Pl
  * c_states
  * stunnel
  * build_tools
  * chrony
  * modules
  * munge
  * dns_domain (install only)
  * jwt_dependencies
  * nfs (install only)
  * raid (install only)
  * system_authentication (install only)
  * efs (install only)

TODO:
* Add Alinux2023 to GitHub actions
* Add new os to kitchen.docker.yml config file (search for `kernel_release` version from an EC2 instance)
* Fix Inspec and ChefSpec tests conditions

### References
* https://hub.docker.com/_/amazonlinux
* https://github.com/test-kitchen/kitchen-ec2/tree/main/lib/kitchen/driver/aws/standard_platform

Known issues/FE:
* amazonlinux/amazon-linux-2023#47
* amazonlinux/amazon-linux-2023#146
* amazonlinux/amazon-linux-2023#168
* amazonlinux/amazon-linux-2023#309
* amazonlinux/amazon-linux-2023#316

Signed-off-by: Enrico Usai <usai@amazon.com>

cookbooks/aws-parallelcluster-environment/files/alinux2023/network_interfaces/configure_nw_interface.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+# Configure a specific Network Interface according to the OS
+# The configuration involves 3 aspects:
+# - Main configuration (IP address, protocol and gateway)
+# - A specific routing table, so that all traffic coming to a network interface leaves the instance using the same
+#   interface
+# - A routing rule to make the OS use the specific routing table for this network interface
+
+# RedHat 8 official documentation:
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/configuring-policy-based-routing-to-define-alternative-routes_configuring-and-managing-networking
+
+set -e
+
+if
+  [ -z "${DEVICE_NAME}" ] ||          # name of the device
+  [ -z "${DEVICE_NUMBER}" ] ||        # number of the device
+  [ -z "${GW_IP_ADDRESS}" ] ||        # gateway ip address
+  [ -z "${DEVICE_IP_ADDRESS}" ] ||    # ip address to assign to the interface
+  [ -z "${CIDR_PREFIX_LENGTH}" ]      # the prefix length of the device IP cidr block
+then
+  echo 'One or more environment variables missing'
+  exit 1
+fi
+
+con_name="System ${DEVICE_NAME}"
+route_table="100${DEVICE_NUMBER}"
+priority="100${DEVICE_NUMBER}"
+metric="100${DEVICE_NUMBER}"
+
+# Rename connection
+original_con_name=`nmcli -t -f GENERAL.CONNECTION device show ${DEVICE_NAME} | cut -f2 -d':'`
+sudo nmcli connection modify "${original_con_name}" con-name "${con_name}" ifname ${DEVICE_NAME}
+
+configured_ip=`nmcli -t -f IP4.ADDRESS device show ${DEVICE_NAME} | cut -f2 -d':'`
+if [ -z "${configured_ip}" ]; then
+  # Setup connection method to "manual", configure ip address and gateway, only if not already configured.
+  sudo nmcli connection modify "${con_name}" ipv4.method manual ipv4.addresses ${DEVICE_IP_ADDRESS}/${CIDR_PREFIX_LENGTH} ipv4.gateway ${GW_IP_ADDRESS}
+fi
+
+# Setup routes
+# This command uses the ipv4.routes parameter to add a static route to the routing table with ID ${route_table}.
+# This static route for 0.0.0.0/0 uses the IP of the gateway as next hop.
+sudo nmcli connection modify "${con_name}" ipv4.routes "0.0.0.0/0 ${GW_IP_ADDRESS} ${metric} table=${route_table}"
+
+# Setup routing rules
+# The command uses the ipv4.routing-rules parameter to add a routing rule with priority ${priority} that routes
+# traffic from ${DEVICE_IP_ADDRESS} to table ${route_table}. Low values have a high priority.
+# The syntax in the ipv4.routing-rules parameter is the same as in an "ip rule add" command,
+# except that ipv4.routing-rules always requires specifying a priority.
+sudo nmcli connection modify "${con_name}" ipv4.routing-rules "priority ${priority} from ${DEVICE_IP_ADDRESS} table ${route_table}"
+
+# Reapply previous connection modification.
+sudo nmcli device reapply ${DEVICE_NAME}

cookbooks/aws-parallelcluster-environment/resources/cloudwatch/cloudwatch_alinux2023.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+# Copyright:: 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License").
+# You may not use this file except in compliance with the License.
+# A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file.
+# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+
+provides :cloudwatch, platform: 'amazon' do |node|
+  node['platform_version'].to_i == 2023
+end
+
+use 'partial/_cloudwatch_common'
+use 'partial/_cloudwatch_install_package_rhel'
+
+action_class do
+  def platform_url_component
+    'redhat'
+  end
+end

cookbooks/aws-parallelcluster-environment/resources/ec2_udev_rules/ec2_udev_rules_alinux2023.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+#
+# Copyright:: 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License").
+# You may not use this file except in compliance with the License.
+# A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file.
+# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+provides :ec2_udev_rules, platform: 'amazon' do |node|
+  node['platform_version'].to_i == 2023
+end
+
+unified_mode true
+use 'partial/_common_udev_configuration'
+
+default_action :setup
+
+action :setup do
+  action_create_common_udev_files
+  action_start_ec2blk
+end

cookbooks/aws-parallelcluster-environment/resources/efa/efa_alinux2023.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+# Copyright:: 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License").
+# You may not use this file except in compliance with the License.
+# A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file.
+# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+
+provides :efa, platform: 'amazon' do |node|
+  node['platform_version'].to_i == 2023
+end
+unified_mode true
+default_action :setup
+
+use 'partial/_common'
+
+action_class do
+  def efa_supported?
+    if node['platform_version'].to_f < 8.4
+      log "EFA is not supported in this Amazon Linux version #{node['platform_version']}, supported versions are >= 8.4" do
+        level :warn
+      end
+      false
+    else
+      true
+    end
+  end
+
+  def conflicting_packages
+    %w(openmpi-devel openmpi)
+  end
+
+  def prerequisites
+    %w(environment-modules libibverbs-utils librdmacm-utils rdma-core-devel)
+  end
+end

cookbooks/aws-parallelcluster-environment/resources/efs/efs_alinux2023.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+# Copyright:: 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License").
+# You may not use this file except in compliance with the License.
+# A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file.
+# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+
+provides :efs, platform: 'amazon' do |node|
+  node['platform_version'].to_i == 2023
+end
+
+use 'partial/_get_package_version_rpm'
+use 'partial/_common'
+use 'partial/_redhat_based'
+use 'partial/_install_from_tar'
+use 'partial/_mount_umount'
+
+def prerequisites
+  %w(rpm-build make)
+end

cookbooks/aws-parallelcluster-environment/resources/ephemeral_drives/ephemeral_drives_alinux2023.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+# Copyright:: 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License").
+# You may not use this file except in compliance with the License.
+# A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file.
+# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+
+provides :ephemeral_drives, platform: 'amazon' do |node|
+  node['platform_version'].to_i == 2023
+end
+
+use 'partial/_ephemeral_drives_common.rb'
+
+action_class do
+  def network_target
+    'network-online.target'
+  end
+end

cookbooks/aws-parallelcluster-environment/resources/lustre/lustre_alinux2023.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+#
+# Copyright:: 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License").
+# You may not use this file except in compliance with the License.
+# A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file.
+# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+
+provides :lustre, platform: 'amazon' do |node|
+  node['platform_version'].to_i == 2023
+end
+unified_mode true
+
+use 'partial/_install_lustre_centos_redhat'
+use 'partial/_mount_unmount'
+
+default_action :setup
+
+action :setup do
+  version = node['platform_version']
+  if version.to_f < 8.2
+    log "FSx for Lustre is not supported in this RHEL version #{version}, supported versions are >= 8.2" do
+      level :warn
+    end
+    # rhel8 kernel 4.18.0-425.3.1.el8 has broken kABI compat https://github.com/openzfs/zfs/issues/14724
+  elsif node['cluster']['kernel_release'].include? "4.18.0-425.3.1.el8"
+    log "FSx for Lustre is not supported in kernel version 4.18.0-425.3.1.el8 of RHEL, please update the kernel version" do
+      level :warn
+    end
+  else
+    action_install_lustre
+  end
+end
+
+def find_os_minor_version
+  os_minor_version = ''
+  kernel_patch_version = find_kernel_patch_version
+
+  # kernel patch versions under 193 are prior to RHEL 8.2
+  # kernel patch version number can be retrieved from https://access.redhat.com/articles/3078#RHEL8
+  os_minor_version = '2' if kernel_patch_version >= '193'
+  os_minor_version = '3' if kernel_patch_version >= '240'
+  os_minor_version = '4' if kernel_patch_version >= '305'
+  os_minor_version = '5' if kernel_patch_version >= '348'
+  os_minor_version = '6' if kernel_patch_version >= '372'
+  os_minor_version = '7' if kernel_patch_version >= '425'
+  os_minor_version = '8' if kernel_patch_version >= '477'
+
+  os_minor_version
+end
+
+action_class do
+  def base_url
+    # https://docs.aws.amazon.com/fsx/latest/LustreGuide/install-lustre-client.html#lustre-client-rhel
+    "https://fsx-lustre-client-repo.s3.amazonaws.com/el/8.#{find_os_minor_version}/$basearch"
+  end
+
+  def public_key
+    "https://fsx-lustre-client-repo-public-keys.s3.amazonaws.com/fsx-rpm-public-key.asc"
+  end
+end

cookbooks/aws-parallelcluster-environment/resources/network_service/network_service_alinux2023.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+# Copyright:: 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License").
+# You may not use this file except in compliance with the License.
+# A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file.
+# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+
+provides :network_service, platform: 'amazon' do |node|
+  node['platform_version'].to_i == 2023
+end
+
+use 'partial/_network_service'
+use 'partial/_network_service_redhat_based'
+
+def network_service_name
+  'NetworkManager'
+end

cookbooks/aws-parallelcluster-environment/resources/nfs/nfs_alinux2023.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+#
+# Copyright:: 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License").
+# You may not use this file except in compliance with the License.
+# A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file.
+# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+
+provides :nfs, platform: 'amazon' do |node|
+  node['platform_version'].to_i == 2023
+end
+unified_mode true
+
+use 'partial/_install_nfs4_and_disable'
+use 'partial/_configure'
+
+default_action :setup
+
+action :setup do
+  action_install_nfs4
+  action_disable_start_at_boot
+end
+
+action_class do
+  def override_server_template
+    edit_resource(:template, node['nfs']['config']['server_template']) do
+      cookbook 'nfs'
+    end
+  end
+end

cookbooks/aws-parallelcluster-environment/resources/raid/raid_alinux2023.rb

@@ -0,0 +1,11 @@
+provides :raid, platform: 'amazon' do |node|
+  node['platform_version'].to_i == 2023
+end
+
+use 'partial/_raid_common'
+
+action_class do
+  def raid_superblock_version
+    '1.2'
+  end
+end

cookbooks/aws-parallelcluster-environment/resources/system_authentication/system_authentication_alinux2023.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+# Copyright:: 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License").
+# You may not use this file except in compliance with the License.
+# A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file.
+# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+
+provides :system_authentication, platform: 'amazon' do |node|
+  node['platform_version'].to_i == 2023
+end
+
+use 'partial/_system_authentication_common'
+
+action :configure do
+  # oddjobd service is required for creating homedir
+  service "oddjobd" do
+    action %i(start enable)
+  end unless on_docker?
+
+  execute 'Configure Directory Service' do
+    user 'root'
+    # Tell NSS, PAM to use SSSD for system authentication and identity information
+    # authconfig is a compatibility tool, replaced by authselect
+    command "authselect select sssd with-mkhomedir"
+    sensitive true
+    default_env true
+  end
+end
+
+action_class do
+  def required_packages
+    %w(sssd sssd-tools sssd-ldap authselect oddjob-mkhomedir)
+  end
+end