#4292: Home storages creator job

deploy/contents/install/app/install.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2017-2024 EPAM Systems, Inc. (https://www.epam.com/)
+# Copyright 2017-2026 EPAM Systems, Inc. (https://www.epam.com/)
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -387,12 +387,15 @@ MLFLOW_KUBE_NODE_NAME=${MLFLOW_KUBE_NODE_NAME:-$KUBE_MASTER_NODE_NAME}
 print_info "-> Assigning cloud-pipeline/cp-storage-lifecycle-service to $MLFLOW_KUBE_NODE_NAME"
 kubectl label nodes "$MLFLOW_KUBE_NODE_NAME" cloud-pipeline/cp-mlflow="true" --overwrite
 
-
 # Allow to schedule Run cleanup job to the master
 CLEANUP_RUN_JOB_KUBE_NODE_NAME=${CLEANUP_RUN_JOB_KUBE_NODE_NAME:-$KUBE_MASTER_NODE_NAME}
 print_info "-> Assigning cloud-pipeline/cp-run-cleanup-job to $CLEANUP_RUN_JOB_KUBE_NODE_NAME"
 kubectl label nodes "$CLEANUP_RUN_JOB_KUBE_NODE_NAME" cloud-pipeline/cp-run-cleanup-job="true" --overwrite
 
+# Allow to schedule Home Storages Creator to the master
+HOME_DIRS_KUBE_NODE_NAME=${HOME_DIRS_KUBE_NODE_NAME:-$KUBE_MASTER_NODE_NAME}
+print_info "-> Assigning cloud-pipeline/cp-home-dirs to $HOME_DIRS_KUBE_NODE_NAME"
+kubectl label nodes "$HOME_DIRS_KUBE_NODE_NAME" cloud-pipeline/cp-home-dirs="true" --overwrite
 
 echo
 
@@ -1628,6 +1631,24 @@ if is_service_requested cp-run-cleanup-job; then
     echo
 fi
 
+# Home storages creator
+if is_service_requested cp-home-dirs; then
+    print_ok "[Starting Home Storages Creator deployment]"
+
+    print_info "-> Deleting existing instance of Home Storages Creator"
+    delete_cron_job   "cp-home-dirs" \
+                      "/opt/home_dirs"
+
+    if is_install_requested; then
+        print_info "-> Deploying cp-home-creator service"
+        # Run every hour
+        export CP_HOME_DIRS_SCHEDULE="${CP_HOME_DIRS_SCHEDULE:-0 * * * *}"
+        create_kube_resource $K8S_SPECS_HOME/cp-home-creator/cp-home-creator-dpl.yaml
+
+        CP_INSTALL_SUMMARY="$CP_INSTALL_SUMMARY\ncp-home-dirs: deployed"
+    fi
+    echo
+fi
 
 set_preferences_from_point_in_time_configuration
 import_users_from_point_in_time_configuration

deploy/contents/install/install-config

@@ -238,5 +238,23 @@ CP_MLFLOW_EXTERNAL_SUFFIX=/mlflow
 
 CP_CLEANUP_RUNS_CRON_SCHEDULE=0 0 * * *
 
+# cp-home-dirs
+CP_HOME_DIRS_SCHEDULE=0 * * * *
+CP_HOME_DIRS_FS_HOME_STORAGE_ENABLE=true
+CP_HOME_DIRS_CREATE_OBJECT_STORAGE=false
+CP_HOME_DIRS_STORAGE_OBJECT_TYPE=S3
+CP_HOME_DIRS_CREATE_BASHRC=false
+CP_HOME_DIRS_ID_ROOT_FOLDER=3247
+CP_HOME_DIRS_ID_FILE_SHARE=1
+CP_HOME_DIRS_ADDR_FILE_SHARE=fs-2a5ab373.efs.eu-central-1.amazonaws.com:/home
+CP_HOME_DIRS_SERVICE_MOUNT_CHMOD=755
+CP_HOME_DIRS_APPLY_FS_QUOTAS=false
+CP_HOME_DIRS_FS_QUOTAS_VOLUME_THRESHOLD_GB_DISABLE_MOUNT=250
+CP_HOME_DIRS_FS_QUOTAS_VOLUME_THRESHOLD_GB_READ_ONLY=300
+CP_HOME_DIRS_CREATE_OBJECT_STORAGE=false
+CP_HOME_DIRS_SERVICE_ACCOUNTS=1,2,3,10
+CP_HOME_DIRS_FS_HOME_STORAGE_PREFIX=
+CP_HOME_DIRS_CREATE_SSH_KEYS=true
+
 # Other params, specified on command line
 #

deploy/contents/k8s/cp-home-creator/cp-home-creator-job.yaml

@@ -0,0 +1,46 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: cp-home-dirs
+  namespace: default
+spec:
+  schedule: ${CP_HOME_DIRS_SCHEDULE}
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          namespace: default
+          labels:
+            cloud-pipeline/cp-home-dirs: "true"
+            cloud-pipeline/core-component: "CronJob"
+        spec:
+          nodeSelector:
+            cloud-pipeline/cp-home-dirs: "true"
+          tolerations:
+            - key: node-role.kubernetes.io/master
+              effect: NoSchedule
+          restartPolicy: OnFailure
+          containers:
+            - name: cp-home-dirs
+              image: ${CP_DOCKER_DIST_SRV}lifescience/cloud-pipeline:home-dirs-$CP_VERSION
+              imagePullPolicy: IfNotPresent
+              securityContext:
+                privileged: true
+              command:
+                - /bin/sh
+                - -c
+                - /create_home_dirs.sh
+              envFrom:
+                - configMapRef:
+                    name: cp-config-global
+              volumeMounts:
+                    - name: home-dirs-logs
+                      mountPath: /opt/home_dirs/logs
+          volumes:
+            - name: home-dirs-logs
+              hostPath:
+                path: /opt/home_dirs/logs
+          imagePullSecrets:
+            - name: cp-distr-docker-registry-secret

deploy/docker/build-dockers.sh

@@ -362,6 +362,11 @@ docker build    $DOCKERS_SOURCES_PATH/cp-run-cleanup-job \
                 --build-arg CP_API_DIST_URL="$CP_API_DIST_URL"
 docker push "$CP_RUN_CLEANUP_JOB_DIST_NAME"
 
+# Home Storages Creator
+CP_HOME_DIRS_DIST_NAME=${CP_HOME_DIRS_DIST_NAME:-"$CP_DIST_REPO_NAME:home-dirs-${DOCKERS_VERSION}"}
+docker build    $DOCKERS_SOURCES_PATH/cp-home-dirs-creator \
+                -t "$CP_HOME_DIRS_DIST_NAME"
+docker push "$CP_HOME_DIRS_DIST_NAME"
 
 ########################
 # Base tools dockers

deploy/docker/cp-home-dirs-creator/Dockerfile

@@ -1,4 +1,10 @@
-FROM quay.io/lifescience/cloud-pipeline:tools-base-rockylinux-8-0.17
+ARG BASE_IMG=quay.io/lifescience/cloud-pipeline:tools-base-rockylinux-8-0.17
+FROM $BASE_IMG
+
+RUN yum install -y curl openssh-clients nfs-utils
+
+RUN curl -sL "https://cloud-pipeline-oss-builds.s3.us-east-1.amazonaws.com/tools/jq/jq-1.6/jq-linux64" -o /usr/bin/jq && \
+    chmod +x /usr/bin/jq
 
 ADD create_home_dirs.sh /create_home_dirs.sh
 RUN chmod +x /create_home_dirs.sh

deploy/docker/cp-home-dirs-creator/README.md

@@ -0,0 +1,81 @@
+# Home Storage Creator
+
+This component creates Cloud Pipeline **home storages** (file share and/or object storage) for users who have no default storage, assigns them as the user's default storage and sets permissions on the share.
+
+---
+## Building the image
+
+From the repository root:
+
+```bash
+docker build -t <registry>/lifescience/cloud-pipeline:home-dirs-<version> \
+  -f deploy/docker/cp-home-dirs-creator/Dockerfile \
+  deploy/docker/cp-home-dirs-creator
+```
+The image entrypoint runs `/create_home_dirs.sh` (packaged in the image build).
+
+---
+
+## Kubernetes (CronJob)
+
+The manifest `deploy/contents/k8s/cp-home-creator/cp-home-creator-dpl.yaml` defines a **CronJob** that runs **once per hour** (`schedule: "0 * * * *"`).
+
+- **Configuration:** environment variables are loaded from the ConfigMap `cp-config-global` (`envFrom`).
+
+Apply:
+
+```bash
+kubectl apply -f deploy/contents/k8s/cp-home-creator/cp-home-creator-job.yaml
+```
+
+## Parameters
+
+Variables are read from the environment (via `cp-config-global`). Names below match the script.
+
+### Required
+
+| Parameter                            | Description                                                 |
+|--------------------------------------|-------------------------------------------------------------|
+| **API_EXTERNAL** (**API**)           | Cloud Pipeline REST API base URL.                           |
+| **CP_API_JWT_ADMIN** (**API_TOKEN**) | JWT with rights to create storages and update users.        |
+| **CP_HOME_DIRS_ID_ROOT_FOLDER**      | Library folder ID root where new home storages are created. |
+
+### Optional (general)
+
+| Parameter | Default | Description                                                                                                                                                       |
+|-----------|---------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **CP_HOME_DIRS_SERVICE_ACCOUNTS** | `""` | Comma-separated user IDs to skip (service accounts).                                                                                                              |
+| **CP_HOME_DIRS_SERVICE_MOUNT_CHMOD** | `755` | `chmod` applied on the NFS-mounted home directory tree after creation.                                                                                            |
+| **CP_HOME_DIRS_FS_HOME_STORAGE_ENABLE** | `true` | If `true`, file-share home flow is used when file share settings are present; must be paired with `CP_HOME_DIRS_ID_FILE_SHARE` and `CP_HOME_DIRS_ADDR_FILE_SHARE`. |
+| **CP_HOME_DIRS_FS_HOME_STORAGE_PREFIX** | `""` | Prefix for file/object storage names/paths, e.g. `'HOME.'`                                                                                                         |
+| **CP_HOME_DIRS_CREATE_OBJECT_STORAGE** | `false` | If `true`, also creates object storage for the user.                                                                                                              |
+| **CP_HOME_DIRS_CREATE_SSH_KEYS** | `true` | If `true`, ensures users have SSH keys in metadata; if `false`, skips SSH key generation/check.                                                                   |
+| **CP_HOME_DIRS_STORAGE_OBJECT_TYPE** | `S3` | Object storage type label used in naming.                                                                                                                         |
+| **CP_HOME_DIRS_CREATE_BASHRC** | `false` | If `true`, seeds `.bashrc` from `/etc/skel` on the NFS home when missing.                                                                                         |
+
+### Optional (FS quotas)
+
+| Parameter | Default | Description |
+|-----------|---------|-------------|
+| **CP_HOME_DIRS_APPLY_FS_QUOTAS** | `false` | If `true`, applies FS quota notification thresholds on default storages. |
+| **CP_HOME_DIRS_FS_QUOTAS_VOLUME_THRESHOLD_GB_DISABLE_MOUNT** | `250` | Threshold (GB) for disable-mount notification. |
+| **CP_HOME_DIRS_FS_QUOTAS_VOLUME_THRESHOLD_GB_READ_ONLY** | `300` | Threshold (GB) for read-only notification. |
+
+### File share (NFS / EFS)
+
+When file home storage is enabled, **both** are required:
+
+| Parameter | Description |
+|-----------|-------------|
+| **CP_HOME_DIRS_ID_FILE_SHARE** | File share mount ID in Cloud Pipeline. |
+| **CP_HOME_DIRS_ADDR_FILE_SHARE** | NFS server and export root (e.g. `fs-xxxx.efs.region.amazonaws.com:/home`). Per-user path is `CP_HOME_DIRS_ADDR_FILE_SHARE/${user_name}`. |
+
+---
+
+## Overview
+
+1. Loads users without `defaultStorageId`.
+2. Skips IDs listed in `CP_HOME_DIRS_SERVICE_ACCOUNTS`.
+3. **File share path:** creates or finds the FILE_SHARE datastorage via API, grants ownership, sets default storage, updates chmod metadata, then **mounts** `CP_HOME_DIRS_ADDR_FILE_SHARE/<user>` and optional prepares the directory structure (optional `.bashrc`).
+5. **Object storage path:** if `CP_HOME_DIRS_CREATE_OBJECT_STORAGE=true`, creates object storage as configured.
+6. If `CP_HOME_DIRS_APPLY_FS_QUOTAS=true`, applies quota notification settings where applicable.