in cli/src/pcluster/templates/cluster_stack.py [0:0]
def _add_head_node(self):
head_node = self.config.head_node
head_lt_security_groups = self._get_head_node_security_groups_full()
# LT network interfaces
head_lt_nw_interfaces = [
ec2.CfnLaunchTemplate.NetworkInterfaceProperty(
device_index=0,
network_interface_id=self._head_eni.ref,
)
]
for network_card in head_node.network_cards_list[1:]:
head_lt_nw_interfaces.append(
ec2.CfnLaunchTemplate.NetworkInterfaceProperty(
device_index=0 if network_card.maximum_network_interfaces() == 1 else 1,
network_card_index=network_card.network_card_index(),
groups=head_lt_security_groups,
subnet_id=head_node.networking.subnet_id,
)
)
cloudformation_url = get_service_endpoint("cloudformation", self.config.region)
# Head node Launch Template
launch_template_id = "HeadNodeLaunchTemplate"
head_node_launch_template = ec2.CfnLaunchTemplate(
self.stack,
launch_template_id,
launch_template_data=ec2.CfnLaunchTemplate.LaunchTemplateDataProperty(
instance_type=head_node.instance_type,
block_device_mappings=self._launch_template_builder.get_block_device_mappings(
head_node.local_storage.root_volume,
AWSApi.instance().ec2.describe_image(self.config.head_node_ami).device_name,
),
key_name=head_node.ssh.key_name,
network_interfaces=head_lt_nw_interfaces,
image_id=self.config.head_node_ami,
ebs_optimized=head_node.is_ebs_optimized,
iam_instance_profile=ec2.CfnLaunchTemplate.IamInstanceProfileProperty(
name=self._head_node_instance_profile
),
metadata_options=ec2.CfnLaunchTemplate.MetadataOptionsProperty(
http_tokens=get_http_tokens_setting(self.config.imds.imds_support)
),
user_data=Fn.base64(
Fn.sub(
get_user_data_content("../resources/head_node/user_data.sh"),
{
**{
"DisableMultiThreadingManually": (
"true" if head_node.disable_simultaneous_multithreading_manually else "false"
),
"CloudFormationUrl": cloudformation_url,
},
**get_common_user_data_env(head_node, self.config),
},
)
),
tag_specifications=[
ec2.CfnLaunchTemplate.TagSpecificationProperty(
resource_type="volume",
tags=get_default_volume_tags(self._stack_name, "HeadNode") + get_custom_tags(self.config),
),
],
),
)
# Metadata
head_node_launch_template.add_metadata("Comment", "AWS ParallelCluster Head Node")
# CloudFormation::Init metadata
dna_json = json.dumps(
{
"cluster": {
"stack_name": self._stack_name,
"stack_arn": self.stack.stack_id,
"raid_vol_ids": get_shared_storage_ids_by_type(self.shared_storage_infos, SharedStorageType.RAID),
"raid_shared_dir": to_comma_separated_string(
self.shared_storage_mount_dirs[SharedStorageType.RAID]
),
"raid_type": to_comma_separated_string(
self.shared_storage_attributes[SharedStorageType.RAID]["Type"]
),
"base_os": self.config.image.os,
"region": self.stack.region,
"shared_storage_type": self.config.head_node.shared_storage_type.lower(),
"default_user_home": (
self.config.deployment_settings.default_user_home.lower()
if (
self.config.deployment_settings is not None
and self.config.deployment_settings.default_user_home is not None
)
else DefaultUserHomeType.SHARED.value.lower()
),
"efs_fs_ids": get_shared_storage_ids_by_type(self.shared_storage_infos, SharedStorageType.EFS),
"efs_shared_dirs": to_comma_separated_string(self.shared_storage_mount_dirs[SharedStorageType.EFS]),
"efs_encryption_in_transits": to_comma_separated_string(
self.shared_storage_attributes[SharedStorageType.EFS]["EncryptionInTransits"],
use_lower_case=True,
),
"efs_iam_authorizations": to_comma_separated_string(
self.shared_storage_attributes[SharedStorageType.EFS]["IamAuthorizations"], use_lower_case=True
),
"efs_access_point_ids": to_comma_separated_string(
self.shared_storage_attributes[SharedStorageType.EFS]["AccessPointIds"],
use_lower_case=True,
),
"fsx_fs_ids": get_shared_storage_ids_by_type(self.shared_storage_infos, SharedStorageType.FSX),
"fsx_mount_names": to_comma_separated_string(
self.shared_storage_attributes[SharedStorageType.FSX]["MountNames"]
),
"fsx_dns_names": to_comma_separated_string(
self.shared_storage_attributes[SharedStorageType.FSX]["DNSNames"]
),
"fsx_volume_junction_paths": to_comma_separated_string(
self.shared_storage_attributes[SharedStorageType.FSX]["VolumeJunctionPaths"]
),
"fsx_fs_types": to_comma_separated_string(
self.shared_storage_attributes[SharedStorageType.FSX]["FileSystemTypes"]
),
"fsx_shared_dirs": to_comma_separated_string(self.shared_storage_mount_dirs[SharedStorageType.FSX]),
"volume": get_shared_storage_ids_by_type(self.shared_storage_infos, SharedStorageType.EBS),
"scheduler": self.config.scheduling.scheduler,
"ephemeral_dir": (
head_node.local_storage.ephemeral_volume.mount_dir
if head_node.local_storage.ephemeral_volume
else DEFAULT_EPHEMERAL_DIR
),
"ebs_shared_dirs": to_comma_separated_string(self.shared_storage_mount_dirs[SharedStorageType.EBS]),
"proxy": head_node.networking.proxy.http_proxy_address if head_node.networking.proxy else "NONE",
"node_type": "HeadNode",
"cluster_user": OS_MAPPING[self.config.image.os]["user"],
"ddb_table": self.dynamodb_table_status.ref if not self._condition_is_batch() else "NONE",
"log_group_name": (
self.log_group.log_group_name if self.config.monitoring.logs.cloud_watch.enabled else "NONE"
),
"dcv_enabled": "head_node" if self.config.is_dcv_enabled else "false",
"dcv_port": head_node.dcv.port if head_node.dcv else "NONE",
"enable_intel_hpc_platform": "true" if self.config.is_intel_hpc_platform_enabled else "false",
"cw_logging_enabled": "true" if self.config.is_cw_logging_enabled else "false",
"log_rotation_enabled": "true" if self.config.is_log_rotation_enabled else "false",
"cluster_s3_bucket": self.bucket.name,
"cluster_config_s3_key": "{0}/configs/{1}".format(
self.bucket.artifact_directory, PCLUSTER_S3_ARTIFACTS_DICT.get("config_name")
),
"cluster_config_version": self.config.config_version,
"instance_types_data_version": self.config.instance_types_data_version,
"change_set_s3_key": f"{self.bucket.artifact_directory}/configs/"
f"{PCLUSTER_S3_ARTIFACTS_DICT.get('change_set_name')}",
"instance_types_data_s3_key": f"{self.bucket.artifact_directory}/configs/"
f"{PCLUSTER_S3_ARTIFACTS_DICT.get('instance_types_data_name')}",
"custom_node_package": self.config.custom_node_package or "",
"custom_awsbatchcli_package": self.config.custom_aws_batch_cli_package or "",
"head_node_imds_secured": str(self.config.head_node.imds.secured).lower(),
"compute_node_bootstrap_timeout": get_attr(
self.config, "dev_settings.timeouts.compute_node_bootstrap_timeout", NODE_BOOTSTRAP_TIMEOUT
),
"disable_sudo_access_for_default_user": (
"true"
if self.config.deployment_settings
and self.config.deployment_settings.disable_sudo_access_default_user
else "false"
),
"launch_template_id": launch_template_id,
**(
get_slurm_specific_dna_json_for_head_node(self.config, self.scheduler_resources)
if self._condition_is_slurm()
else {}
),
**get_directory_service_dna_json_for_head_node(self.config),
},
},
indent=4,
)
cfn_init = {
"configSets": {
"deployFiles": ["deployConfigFiles"],
"default": [
"chefPrepEnv",
"shellRunPreInstall",
"chefConfig",
"shellRunPostInstall",
"chefFinalize",
],
"update": ["deployConfigFiles", "chefUpdate"],
},
"deployConfigFiles": {
"files": {
# A nosec comment is appended to the following line in order to disable the B108 check.
# The file is needed by the product
# [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
"/tmp/dna.json": { # nosec B108
"content": dna_json,
"mode": "000644",
"owner": "root",
"group": "root",
"encoding": "plain",
},
# A nosec comment is appended to the following line in order to disable the B108 check.
# The file is needed by the product
# [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
"/tmp/extra.json": { # nosec B108
"mode": "000644",
"owner": "root",
"group": "root",
"content": self.config.extra_chef_attributes,
},
# A nosec comment is appended to the following line in order to disable the B108 check.
# The file is needed by the product
# [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
"/tmp/wait_condition_handle.txt": { # nosec B108
"mode": "000600",
"owner": "root",
"group": "root",
"content": self.wait_condition_handle.ref,
},
},
"commands": {
"mkdir": {"command": "mkdir -p /etc/chef/ohai/hints"},
"touch": {"command": "touch /etc/chef/ohai/hints/ec2.json"},
"jq": {
"command": (
'jq -s ".[0] * .[1]" /tmp/dna.json /tmp/extra.json > /etc/chef/dna.json '
'|| ( echo "jq not installed"; cp /tmp/dna.json /etc/chef/dna.json )'
)
},
},
},
"chefPrepEnv": {
"commands": {
"chef": {
"command": (
"cinc-client --local-mode --config /etc/chef/client.rb --log_level info "
"--logfile /var/log/chef-client.log --force-formatter --no-color "
"--chef-zero-port 8889 --json-attributes /etc/chef/dna.json "
"--override-runlist aws-parallelcluster-entrypoints::init"
),
"cwd": "/etc/chef",
}
}
},
"shellRunPreInstall": {
"commands": {"runpreinstall": {"command": "/opt/parallelcluster/scripts/fetch_and_run -preinstall"}}
},
"chefConfig": {
"commands": {
"chef": {
"command": (
"cinc-client --local-mode --config /etc/chef/client.rb --log_level info "
"--logfile /var/log/chef-client.log --force-formatter --no-color "
"--chef-zero-port 8889 --json-attributes /etc/chef/dna.json "
"--override-runlist aws-parallelcluster-entrypoints::config"
),
"cwd": "/etc/chef",
}
}
},
"shellRunPostInstall": {
"commands": {"runpostinstall": {"command": "/opt/parallelcluster/scripts/fetch_and_run -postinstall"}}
},
"chefFinalize": {
"commands": {
"chef": {
"command": (
"cinc-client --local-mode --config /etc/chef/client.rb --log_level info "
"--logfile /var/log/chef-client.log --force-formatter --no-color "
"--chef-zero-port 8889 --json-attributes /etc/chef/dna.json "
"--override-runlist aws-parallelcluster-entrypoints::finalize"
),
"cwd": "/etc/chef",
},
"bootstrap": {
"command": (
"[ ! -f /opt/parallelcluster/.bootstrapped ] && echo ${cookbook_version} "
"| tee /opt/parallelcluster/.bootstrapped || exit 0"
) # TODO check
},
}
},
"chefUpdate": {
"commands": {
"chef": {
"command": (
". /etc/parallelcluster/pcluster_cookbook_environment.sh; "
"cinc-client --local-mode --config /etc/chef/client.rb --log_level info"
" --logfile /var/log/chef-client.log --force-formatter --no-color"
" --chef-zero-port 8889 --json-attributes /etc/chef/dna.json"
" --override-runlist aws-parallelcluster-entrypoints::update &&"
" /opt/parallelcluster/scripts/fetch_and_run -postupdate &&"
f" $CFN_BOOTSTRAP_VIRTUALENV_PATH/cfn-signal --exit-code=0 --reason='Update complete'"
f" --region {self.stack.region} --url {cloudformation_url}"
f" '{self.wait_condition_handle.ref}' ||"
f" $CFN_BOOTSTRAP_VIRTUALENV_PATH/cfn-signal --exit-code=1 --reason='Update failed'"
f" --region {self.stack.region} --url {cloudformation_url}"
f" '{self.wait_condition_handle.ref}'"
),
"cwd": "/etc/chef",
}
}
},
}
if not self._condition_is_batch():
cfn_init["deployConfigFiles"]["files"]["/opt/parallelcluster/shared/launch-templates-config.json"] = {
"mode": "000644",
"owner": "root",
"group": "root",
"content": self._get_launch_templates_config(),
}
head_node_launch_template.add_metadata("AWS::CloudFormation::Init", cfn_init)
head_node_instance = ec2.CfnInstance(
self.stack,
"HeadNode",
launch_template=ec2.CfnInstance.LaunchTemplateSpecificationProperty(
launch_template_id=head_node_launch_template.ref,
version=head_node_launch_template.attr_latest_version_number,
),
tags=get_default_instance_tags(
self._stack_name, self.config, head_node, "HeadNode", self.shared_storage_infos
)
+ get_custom_tags(self.config),
)
if not self._condition_is_batch():
head_node_instance.node.add_dependency(self.compute_fleet_resources)
return head_node_instance