Skip to content

Commit dd55258

Browse files
lukeseawalkerlukeseawalker
committed
Share munge key from dir owned by root, under the default user home folder
Share munge key from dir owned by root from head node, than setup it in compute node This because `munge` user can be different between head and compute node (e.g. during baking at runtime), hence the shared home munge dir can have different permission. Signed-off-by: Luca Carrogu <[email protected]>
1 parent 2e0c35c commit dd55258

File tree

2 files changed

+27
-10
lines changed

2 files changed

+27
-10
lines changed

libraries/helpers.rb

Lines changed: 25 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -446,15 +446,30 @@ def setup_munge_head_node
446446
user 'munge'
447447
group 'munge'
448448
cwd '/tmp'
449-
code <<-HEAD_MUNGE_KEY
449+
code <<-HEAD_CREATE_MUNGE_KEY
450450
set -e
451451
# Generates munge key in /etc/munge/munge.key
452452
/usr/sbin/mungekey --verbose
453453
# Enforce correct permission on the key
454454
chmod 0600 /etc/munge/munge.key
455+
HEAD_CREATE_MUNGE_KEY
456+
end
457+
458+
enable_munge_service()
459+
share_munge_head_node()
460+
end
461+
462+
def share_munge_head_node
463+
# Share munge key
464+
bash 'share_munge_key' do
465+
user 'root'
466+
group 'root'
467+
code <<-HEAD_SHARE_MUNGE_KEY
468+
set -e
469+
mkdir /home/#{node['cfncluster']['cfn_cluster_user']}/.munge
455470
# Copy key to shared dir
456-
cp -p /etc/munge/munge.key /home/munge/.munge.key
457-
HEAD_MUNGE_KEY
471+
cp /etc/munge/munge.key /home/#{node['cfncluster']['cfn_cluster_user']}/.munge/.munge.key
472+
HEAD_SHARE_MUNGE_KEY
458473
end
459474

460475
enable_munge_service()
@@ -463,13 +478,16 @@ def setup_munge_head_node
463478
def setup_munge_compute_node
464479
# Get munge key
465480
bash 'get_munge_key' do
466-
user 'munge'
467-
group 'munge'
468-
cwd '/tmp'
481+
user 'root'
482+
group 'root'
469483
code <<-COMPUTE_MUNGE_KEY
470484
set -e
471485
# Copy munge key from shared dir
472-
cp -p /home/munge/.munge.key /etc/munge/munge.key
486+
cp /home/#{node['cfncluster']['cfn_cluster_user']}/.munge/.munge.key /etc/munge/munge.key
487+
# Set ownership on the key
488+
chown munge:munge /etc/munge/munge.key
489+
# Enforce correct permission on the key
490+
chmod 0600 /etc/munge/munge.key
473491
COMPUTE_MUNGE_KEY
474492
end
475493

recipes/munge_install.rb

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -67,11 +67,10 @@
6767

6868
# Make sure the munge user exists
6969
user 'munge' do
70-
manage_home true
70+
manage_home false
7171
comment 'munge user'
72-
home "/home/munge"
7372
system true
74-
shell '/usr/sbin/nologin'
73+
shell '/sbin/nologin'
7574
end
7675

7776
# Create required directories for munge

0 commit comments

Comments
 (0)