search

aws / aws-parallelcluster-ui

Apache License 2.0
31 stars 20 forks source link

User not set for Ubuntu #165

Closed sean-smith closed 1 year ago

sean-smith commented 1 year ago

Description

When using the "Shell" button on ubuntu the user doesn't get switched to ubuntu.

Here's the output from SSM shell:

if [ -d '/opt/parallelcluster' ]; then source /opt/parallelcluster/cfnconfig; sudo su - $cfn_cluster_user; fi; /bin/bash
$ sh: 1: source: not found

This looks to be the problem: https://stackoverflow.com/questions/13702425/source-command-not-found-in-sh-shell

This causes job submission to fail as the root user isn't supposed to run slurm jobs. I think it can be fixed by updating the following line: https://github.com/aws/aws-parallelcluster-ui/blob/1a6260ad60cd6bf5160e9b607e2dea85af9428e7/infrastructure/SSMSessionProfile-cfn.yaml#L30 and explicitly setting the shell to /bin/bash instead of /bin/dash.

BarcoMasile commented 1 year ago

Thanks for writing to us Sean! So the experience on the click of the Shell button was something that we recently worked on, with #164 . This will be available with next release of PCUI. We took the decision to remove the SSM default substack because it risked breaking customers trust for the following reason: the SSM document used to perform the script you mentioned would customize the user experience for every single SSM session that the customer initiates in that region where PCUI is deployed.

With our customers interests at heart, since there is no way as of today to specify a different SSM document to customize the SSM shell expeirience (the only way possible is through the 'SSM-SessionManagerRunShell' document), we decided to remove the SSMSessionProfile-cfn.yaml substack and let the Shell user be the default one, which is: the user gets logged in as ssm-user, which the predictable default for SSM shell session.

This way we don't interfere with what customers may already have had in their account for the region in which PCUI is deployed.

This also relates to the PCM issue number 325.

As a suggestion, you can create (or update) the SSM document named SSM-SessionManagerRunShell to perform all the needed operations/scripts to customize your Shell experience just by running from the CLI (assuming you have AWS CLI v2 and valid IAM credentials in you local shell, and assuming you have an existing SSM-SessionManagerRunShell document in your region of choice):

cat > doc-content.json << EOF
{
   "schemaVersion": "1.0",
   "description": "Parameterized document for SSM Session Manager",
   "sessionType": "Standard_Stream",
   "parameters": {
    "linuxcmd": {
      "type": "String",
      "default": "<YOUR CUSTOM LOGIC>",
     }
    },
     "inputs": {
       "s3BucketName": "",
       "s3KeyPrefix": "",
       "s3EncryptionEnabled": False,
       "cloudWatchLogGroupName": "",
       "cloudWatchEncryptionEnabled": False,
       "kmsKeyId": "",
       "runAsEnabled": False,
       "runAsDefaultUser": "",
       "shellProfile": {
         "windows": "",
         "linux": "{{ linuxcmd }}"
        }
      }
   }
EOF

aws ssm update-document --name 'SSM-SessionManagerRunShell' --content "$(cat doc-content.json)"