[UpdateWorkflow] Make login node use head-node-driven orchestration for the update workflow.

With this change, login nodes do not depend on cfn-hup/cfn-init anymore and mirror the same update mechanism already adopted for compute nodes.
With this change we expect the update workflow to be more resilient.

Author: gmarciani

CHANGELOG.md

@@ -9,6 +9,9 @@ This file is used to list changes made in each version of the AWS ParallelCluste
 **ENHANCEMENTS**
 - Improve resilience of EBS volume attachment during cluster creation by retrying on transient IMDS connectivity failures.
 - Further reduce transient build-image failures on RHEL and Rocky caused by out-of-sync repo mirrors by resetting metadata upon retry.
+- Improve cluster update resiliency on login nodes by reusing the head-node-driven orchestration already in place on compute nodes, 
+  removing the dependency on cfn-hup and cfn-init.
+  
 
 **BUG FIXES**
 - Fix cluster creation failure caused by Slurm accounting bootstrap failing when ClusterName is overridden 

cookbooks/aws-parallelcluster-entrypoints/libraries/update_failure_handler.rb

@@ -74,14 +74,14 @@ def cleanup_dna_files
         else
           # No marker — this is an update failure, clean up DNA files and write marker
           Chef::Log.info("#{log_prefix} Update failure detected (no marker at #{marker}), cleaning up DNA files")
-          command = "#{cookbook_virtualenv_path}/bin/python #{cluster_attributes['scripts_dir']}/share_compute_fleet_dna.py --region #{cluster_attributes['region']} --cleanup"
+          command = "#{cookbook_virtualenv_path}/bin/python #{cluster_attributes['scripts_dir']}/share_dna.py --region #{cluster_attributes['region']} --cleanup"
           command_runner.run_with_retries(command, description: "cleanup DNA files")
           ::File.write(marker, '')
         end
       rescue => e
         # If marker I/O fails, fall back to deleting DNA files
         Chef::Log.warn("#{log_prefix} Error during marker check (#{e.message}), falling back to cleaning up DNA files")
-        command = "#{cookbook_virtualenv_path}/bin/python #{cluster_attributes['scripts_dir']}/share_compute_fleet_dna.py --region #{cluster_attributes['region']} --cleanup"
+        command = "#{cookbook_virtualenv_path}/bin/python #{cluster_attributes['scripts_dir']}/share_dna.py --region #{cluster_attributes['region']} --cleanup"
         command_runner.run_with_retries(command, description: "cleanup DNA files")
       end
     end

cookbooks/aws-parallelcluster-entrypoints/spec/unit/libraries/update_failure_handler_spec.rb

@@ -144,7 +144,7 @@
       end
 
       it 'runs the cleanup command' do
-        expected_command = "#{virtualenv_path}/bin/python #{scripts_dir}/share_compute_fleet_dna.py --region #{region} --cleanup"
+        expected_command = "#{virtualenv_path}/bin/python #{scripts_dir}/share_dna.py --region #{region} --cleanup"
         expect(command_runner).to receive(:run_with_retries).with(expected_command, description: "cleanup DNA files")
         handler.cleanup_dna_files
       end
@@ -188,7 +188,7 @@
       end
 
       it 'falls back to cleaning up DNA files' do
-        expected_command = "#{virtualenv_path}/bin/python #{scripts_dir}/share_compute_fleet_dna.py --region #{region} --cleanup"
+        expected_command = "#{virtualenv_path}/bin/python #{scripts_dir}/share_dna.py --region #{region} --cleanup"
         expect(command_runner).to receive(:run_with_retries).with(expected_command, description: "cleanup DNA files")
         handler.cleanup_dna_files
       end

…configuration/share_compute_fleet_dna.py …files/cfn_hup_configuration/share_dna.pycookbooks/aws-parallelcluster-environment/files/cfn_hup_configuration/share_compute_fleet_dna.py renamed to cookbooks/aws-parallelcluster-environment/files/cfn_hup_configuration/share_dna.py cookbooks/aws-parallelcluster-environment/files/cfn_hup_configuration/share_compute_fleet_dna.py renamed to cookbooks/aws-parallelcluster-environment/files/cfn_hup_configuration/share_dna.py

@@ -24,17 +24,19 @@
 from botocore.config import Config
 from retrying import retry
 
-COMPUTE_FLEET_SHARED_LOCATION = "/opt/parallelcluster/shared/"
+SHARED_LOCATION = "/opt/parallelcluster/shared/"
 
-COMPUTE_FLEET_SHARED_DNA_LOCATION = COMPUTE_FLEET_SHARED_LOCATION + "dna/"
+SHARED_DNA_LOCATION = SHARED_LOCATION + "dna/"
 
-COMPUTE_FLEET_LAUNCH_TEMPLATE_CONFIG = COMPUTE_FLEET_SHARED_LOCATION + "launch-templates-config.json"
+LAUNCH_TEMPLATE_CONFIG = SHARED_LOCATION + "launch-templates-config.json"
+
+CLUSTER_CONFIG_PATH = SHARED_LOCATION + "cluster-config.yaml"
 
 logger = logging.getLogger(__name__)
 logging.basicConfig(level=logging.INFO)
 
 
-def get_compute_launch_template_ids(lt_config_file_name):
+def get_launch_template_ids(lt_config_file_name):
     """
     Load launch-templates-config.json.
 
@@ -53,25 +55,13 @@ def get_compute_launch_template_ids(lt_config_file_name):
                         }
                     }
                 }
-            },
-            "queue2": {
-                "ComputeResources": {
-                    "queue2-i1": {
-                        "LaunchTemplate": {
-                            "Version": "1",
-                            "LogicalId": "LaunchTemplate012345678901234",
-                            "Id": "lt-01234567890123456"
-                        }
-                    }
-                }
             }
         }
      }
-
     """
     lt_config = None
     try:
-        logger.info("Getting LaunchTemplate ID and versions from %s", lt_config_file_name)
+        logger.info("Getting LaunchTemplate IDs and versions from %s", lt_config_file_name)
         with open(lt_config_file_name, "r", encoding="utf-8") as file:
             lt_config = json.loads(file.read())
     except Exception as err:
@@ -80,15 +70,78 @@ def get_compute_launch_template_ids(lt_config_file_name):
     return lt_config
 
 
-def share_compute_fleet_dna(args):
-    """Create dna.json for each queue in cluster."""
-    lt_config = get_compute_launch_template_ids(COMPUTE_FLEET_LAUNCH_TEMPLATE_CONFIG)
+def get_login_pool_names(cluster_config_path):
+    """
+    Read login pool names from cluster-config.yaml.
+
+    Login launch templates are not listed in launch-templates-config.json because doing so
+    would introduce a circular CloudFormation dependency between the head node launch
+    template and the LoginNodes nested stack. Pool names are read from cluster-config.yaml
+    and the corresponding launch templates are resolved at runtime by name.
+    """
+    pool_names = []
+    try:
+        logger.info("Reading login pool names from %s", cluster_config_path)
+        with open(cluster_config_path, "r", encoding="utf-8") as file:
+            cluster_config = yaml.safe_load(file)
+        login_nodes = (cluster_config or {}).get("LoginNodes") or {}
+        for pool in login_nodes.get("Pools") or []:
+            name = pool.get("Name")
+            if name:
+                pool_names.append(name)
+    except Exception as err:
+        logger.warning("Unable to read login pool names from %s due to %s", cluster_config_path, err)
+    return pool_names
+
+
+def share_dna_files(args):
+    """Create dna.json for each compute resource and login pool in the cluster."""
+    lt_config = get_launch_template_ids(LAUNCH_TEMPLATE_CONFIG)
     if lt_config:
+        # Compute fleet
         all_queues = lt_config.get("Queues")
         for _, queues in all_queues.items():
             compute_resources = queues.get("ComputeResources")
             for _, compute_res in compute_resources.items():
-                get_latest_dna_data(compute_res, COMPUTE_FLEET_SHARED_DNA_LOCATION, args)
+                get_latest_dna_data(compute_res, SHARED_DNA_LOCATION, args)
+
+    # Login nodes: launch templates are resolved at runtime by name
+    # ({stack_name}-{pool_name}) to avoid a circular CloudFormation dependency between the
+    # head node launch template and the LoginNodes nested stack.
+    if args.stack_name:
+        for pool_name in get_login_pool_names(args.cluster_config or CLUSTER_CONFIG_PATH):
+            share_login_pool_dna(args.stack_name, pool_name, SHARED_DNA_LOCATION, args)
+
+
+def share_login_pool_dna(stack_name, pool_name, output_location, args):
+    """Fetch the latest UserData for a login pool launch template and write its dna.json to shared storage."""
+    lt_name = f"{stack_name}-{pool_name}"
+    user_data = get_user_data_by_name(lt_name, args.region)
+    if not user_data:
+        return
+
+    write_directives = get_write_directives_section(user_data)
+    if not write_directives:
+        return
+
+    # The LogicalId used in the dna.json filename must match the launch_template_id baked into
+    # the login node's own dna.json (read from UserData), since the login node looks up the
+    # file by that name. Extract it from the UserData itself.
+    logical_id = None
+    for entry in write_directives:
+        if entry.get("path") in ["/tmp/dna.json"]:  # nosec B108
+            try:
+                dna = json.loads(entry["content"])
+                logical_id = dna.get("cluster", {}).get("launch_template_id")
+            except Exception as err:  # noqa: BLE001
+                logger.warning("Unable to extract launch_template_id from dna.json for %s: %s", lt_name, err)
+            break
+
+    if not logical_id:
+        logger.warning("Skipping login pool %s: launch_template_id missing from UserData dna.json", pool_name)
+        return
+
+    write_dna_files(write_directives, output_location + logical_id)
 
 
 # FIXME: Fix Code Duplication
@@ -136,6 +189,30 @@ def get_user_data(lt_id, lt_version, region_name):
     return decoded_data
 
 
+@retry(stop_max_attempt_number=5, wait_fixed=3000)
+def get_user_data_by_name(lt_name, region_name):
+    """Get UserData for the latest version of a Launch Template, looked up by name."""
+    decoded_data = None
+    try:
+        proxy_config = parse_proxy_config()
+        ec2_client = boto3.client("ec2", region_name=region_name, config=proxy_config)
+        logger.info("Running EC2 DescribeLaunchTemplateVersions API for %s ($Latest)", lt_name)
+        response = ec2_client.describe_launch_template_versions(
+            LaunchTemplateName=lt_name,
+            Versions=["$Latest"],
+        ).get("LaunchTemplateVersions")
+        if response:
+            decoded_data = base64.b64decode(response[0]["LaunchTemplateData"]["UserData"], validate=True).decode(
+                "utf-8"
+            )
+    except Exception as err:
+        if hasattr(err, "message"):
+            err = err.message
+        logger.error("Unable to get UserData for launch template %s.\nException: %s", lt_name, err)
+
+    return decoded_data
+
+
 def get_write_directives_section(user_data):
     """Get write_files section from cloud-config section of MIME formatted UserData."""
     write_directives_section = None
@@ -203,7 +280,9 @@ def cleanup(directory_loc):
 def _parse_cli_args():
     """Parse command line args."""
     parser = argparse.ArgumentParser(
-        description="Get latest User Data from ComputeFleet Launch Templates.", exit_on_error=False
+        description="Get latest UserData from ComputeFleet and LoginNodes Launch Templates and "
+        "share dna.json for each in shared storage.",
+        exit_on_error=False,
     )
 
     parser.add_argument(
@@ -223,6 +302,29 @@ def _parse_cli_args():
         help="Cleanup DNA files created",
     )
 
+    parser.add_argument(
+        "-s",
+        "--stack-name",
+        required=False,
+        type=str,
+        default=None,
+        help=(
+            "CloudFormation stack name of the cluster. Required to resolve LoginNodes pool launch "
+            "templates at runtime via DescribeLaunchTemplateVersions."
+        ),
+    )
+
+    parser.add_argument(
+        "--cluster-config",
+        required=False,
+        type=str,
+        default=None,
+        help=(
+            "Path to cluster-config.yaml. Used to read LoginNodes pool names. "
+            f"Defaults to {CLUSTER_CONFIG_PATH}."
+        ),
+    )
+
     args = parser.parse_args()
 
     return args
@@ -232,14 +334,14 @@ def main():
     try:
         args = _parse_cli_args()
         if args.cleanup:
-            cleanup(COMPUTE_FLEET_SHARED_DNA_LOCATION)
+            cleanup(SHARED_DNA_LOCATION)
         else:
-            share_compute_fleet_dna(args)
+            share_dna_files(args)
     except Exception as err:
         if hasattr(err, "message"):
             err = err.message
         logger.exception(
-            "Encountered exception when fetching latest dna.json for ComputeFleet, exiting gracefully: %s", err
+            "Encountered exception when fetching latest dna.json, exiting gracefully: %s", err
         )
         raise SystemExit(0)
 

cookbooks/aws-parallelcluster-environment/files/cloudwatch/cloudwatch_agent_config.json

@@ -72,7 +72,6 @@
       "platforms": {{ default_platforms | tojson}},
       "node_roles": [
         "HeadNode",
-        "LoginNode",
         "ExternalSlurmDbd"
       ],
       "feature_conditions": []
@@ -541,7 +540,8 @@
       ],
       "platforms": {{ default_platforms | tojson}},
       "node_roles": [
-        "ComputeFleet"
+        "ComputeFleet",
+        "LoginNode"
       ],
       "feature_conditions": []
     }

cookbooks/aws-parallelcluster-environment/recipes/finalize/finalize_check_update_systemd_service.rb

@@ -15,7 +15,7 @@
 # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
 # limitations under the License.
 
-return unless node['cluster']['node_type'] == 'ComputeFleet'
+return unless %w(ComputeFleet LoginNode).include?(node['cluster']['node_type'])
 
 service 'pcluster-check-update.timer' do
   action [:enable, :start]

cookbooks/aws-parallelcluster-environment/recipes/init/mount_internal_use_efs.rb

@@ -87,7 +87,6 @@
 node['cluster']['internal_shared_dirs'].each do |dir|
   # Don't mount the login nodes shared dir to compute nodes
   next if node['cluster']['node_type'] == 'ComputeFleet' && dir == node['cluster']['shared_dir_login_nodes']
-  next if node['cluster']['node_type'] == 'LoginNode' && dir == node['cluster']['shared_dir_compute']
   internal_shared_dir_array.push(dir)
   internal_efs_fs_id_array.push(initial_efs_fs_id_array[0])
   internal_efs_encryption_array.push(initial_efs_encryption_array[0])

cookbooks/aws-parallelcluster-environment/resources/cfn_hup_configuration.rb

@@ -76,8 +76,8 @@
 action :extra_configuration do
   case node['cluster']['node_type']
   when 'HeadNode'
-    cookbook_file "#{node['cluster']['scripts_dir']}/share_compute_fleet_dna.py" do
-      source 'cfn_hup_configuration/share_compute_fleet_dna.py'
+    cookbook_file "#{node['cluster']['scripts_dir']}/share_dna.py" do
+      source 'cfn_hup_configuration/share_dna.py'
       owner 'root'
       group 'root'
       mode '0700'
@@ -86,9 +86,9 @@
 
     directory "#{node['cluster']['shared_dir']}/dna"
 
-  when 'ComputeFleet'
+  when 'ComputeFleet', 'LoginNode'
     template "#{node['cluster']['scripts_dir']}/cfn-hup-update-action.sh" do
-      source "cfn_hup_configuration/#{node['cluster']['node_type']}/cfn-hup-update-action.sh.erb"
+      source 'cfn_hup_configuration/ComputeFleet/cfn-hup-update-action.sh.erb'
       owner 'root'
       group 'root'
       mode '0700'

cookbooks/aws-parallelcluster-environment/spec/unit/recipes/finalize_check_update_systemd_service_spec.rb

@@ -25,7 +25,7 @@
             runner.converge(described_recipe)
           end
 
-          if node_type == 'ComputeFleet'
+          if %w(ComputeFleet LoginNode).include?(node_type)
             it 'enables and starts the pcluster-check-update.timer service' do
               is_expected.to enable_service('pcluster-check-update.timer')
               is_expected.to start_service('pcluster-check-update.timer')

cookbooks/aws-parallelcluster-environment/spec/unit/resources/cfn_hup_configuration_spec.rb

@@ -87,10 +87,10 @@ def self.configure(chef_run)
              })
           end
 
-          if %(ComputeFleet).include?(node_type)
+          if %w(ComputeFleet LoginNode).include?(node_type)
             it "creates the file #{SCRIPT_DIR}/cfn-hup-update-action.sh" do
               is_expected.to create_template("#{SCRIPT_DIR}/cfn-hup-update-action.sh")
-                .with(source: "cfn_hup_configuration/#{node_type}/cfn-hup-update-action.sh.erb")
+                .with(source: 'cfn_hup_configuration/ComputeFleet/cfn-hup-update-action.sh.erb')
                 .with(user: "root")
                 .with(group: "root")
                 .with(mode: "0700")
@@ -100,9 +100,9 @@ def self.configure(chef_run)
                                })
             end
           elsif node_type == 'HeadNode'
-            it "creates #{SCRIPT_DIR}/share_compute_fleet_dna.py" do
-              is_expected.to create_if_missing_cookbook_file("#{SCRIPT_DIR}/share_compute_fleet_dna.py")
-                .with(source: 'cfn_hup_configuration/share_compute_fleet_dna.py')
+            it "creates #{SCRIPT_DIR}/share_dna.py" do
+              is_expected.to create_if_missing_cookbook_file("#{SCRIPT_DIR}/share_dna.py")
+                .with(source: 'cfn_hup_configuration/share_dna.py')
                 .with(user: 'root')
                 .with(group: 'root')
                 .with(mode: '0700')