Skip to content

Instantly share code, notes, and snippets.

@sean-smith
Last active May 9, 2022 21:25
Show Gist options
  • Save sean-smith/f77f00843e52040f3f1d2a4e8d4e44ca to your computer and use it in GitHub Desktop.
Save sean-smith/f77f00843e52040f3f1d2a4e8d4e44ca to your computer and use it in GitHub Desktop.
How to setup a multi-user AWS ParallelCluster Environment

Multi-User AWS ParallelCluster

In this example we're going to setup an HPC environment with AWS ParallelCluster and connect it to Microsoft AD, an AWS service that allows you to create managed Active Directory user pools. You can read more about it in the AD Tutorial.

You have three different options for AD provider, we're going to go with Microsoft AD due to the regional availibility. This allows us to use it in the same region (Ohio) as our hpc6a.48xlarge instances.

Type Description
Simple AD Open AD protocol, supported in only a few regions.
Microsoft AD Microsoft version, supported in more regions.
AD Connector Used to bridge on-prem AD.

The AD Integration feature was released with AWS ParallelCluster 3.1.1

Setup

  1. Setup Active Directory by launching the stack: CFN Stack in the same region as your cluster.

When it completes you'll see the following the in the stack's Output tab:

image

  1. Install AWS ParallelCluster:

Pcluster Manager (Reccomended) https://github.com/aws-samples/pcluster-manager

CLI

pip install aws-parallelcluster
  1. Setup a cluster configuration, for the DirectoryService section, reference the Outputs from the CloudFormation stack you created above to fill in the following:

Note: The IP addresses for the AD domain need to be in the format ldaps://172.31.32.51,ldaps://172.31.67.56

Pcluster Manager

image

OR

Pcluster Config

DirectoryService:
  DomainName: dc=corp,dc=pcluster,dc=com
  DomainAddr: ldaps://172.31.32.51,ldaps://172.31.67.56
  PasswordSecretArn: arn:aws:secretsmanager:us-east-1:822857487308:secret:ADSecretPassword-pcluster-ad-SmxXwL
  DomainReadOnlyUser: cn=ReadOnlyUser,ou=Users,ou=CORP,dc=corp,dc=pcluster,dc=com

Create User

To create a user we'll need to join an instance joined to the admin domain. This can't be done on the cluster. Luckily the stack we created in Part 1 created a t2.micro instance and stopped it.

  1. Click the EC2 Link to see it. The instance is tagged with aws:cloudformation:logical-id=AdDomainAdminNode if you don't see it.

  2. Next click on the instance checkbox > Actions > Start instance:

image

  1. Once the instance starts RUNNING you can connect to it via Connect button on the upper right.
  2. Select Session Manager and click Connect.

image

  1. Now, once you're on the instance, you'll create the user. First set the admin password from part 1:
ADMIN_PW=[admin password from part 1]
  1. Now create the user, note --display-name= sets the username and username needs to be at the end also.
echo $ADMIN_PW | adcli create-user -x -U Admin --domain=corp.pcluster.com --display-name=username username
  1. Now to set the user's password, run the following command locally where username and password are the values you want to set (Note: Admin box doesn't have permissions to do this):

    DIRECTORY_ID="d-abcdef01234567890"
    export AWS_DEFAULT_REGION=us-east-1
    aws ds reset-user-password \
      --directory-id $DIRECTORY_ID \
      --user-name "username" \
      --new-password "ro-p@ssw0rd" \
      --region 'us-east-1'

    You can find the directory by going to the Cloudformation stack created in Part 1 > Resources > Directory and copy the Physical ID.

    image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment