DLPX-86523 CIS: /home filesystem and mount options

[justsanjeev]

Problem

CIS is looking or a single home directory filesystem mounted at the /home location, currently we have the home dataset is mounted on /export/home

Due to that we see the below issues in the CIS Report

• (1.45) 7402 Status of the '/home' partition in the '/etc/fstab' file
• (1.46) 13248 Status of Mount Partition '/home' using mount command
• (1.47) 7403 Status of the 'nodev' mount option setting for the '/home partition' defined in the '/etc/ fstab' file
• (1.48) 14601 Status of the 'nodev' option for '/home' partition using 'mount' command

Solution

Mounting the home dataset to `/home`.

• Upgrade scripts are modified to mount the data set to a new mount path.
• Ansible scripts modified for new home mount path.

Testing Done

Build: git ab-pre-push : appliance-build-orchestrator-pre-push/12448/ - ✅

With current Build's AMI [ami-04ca90fb823528076], A fresh engine is created successfully, https://cis-dev.dlpxdc.co/ - 🟢

Scan Results:

• (1.45) 7402 Status of the '/home' partition in the '/etc/fstab' file - ✅ - Page 33 in attached report

• (1.46) 13248 Status of Mount Partition '/home' using mount command - ✅ - Page 33 in attached report

• (1.47) 7403 Status of the 'nodev' mount option setting for the '/home partition' defined in the '/etc/ fstab' file - ✅ Page 34 in attached report

• (1.48) 14601 Status of the 'nodev' option for '/home' partition using 'mount' command - ✅ - Page 34 in attached report

Additionally we had to make changes to below repos to support this change

• delphix-platform -> delphix-platform
• dlpx-app-gate -> dlpx-app-gate

Scan Reports before & after Change

• Scan Report After Change

• The report before this change (The initial report (before our change) is also present in : https://perforce.atlassian.net/browse/CP-9773)

Clarification

• The dx-integration-test failed , since the pre_chckin was failed, the pre-checkin requires a minor fin in qa-infra
• After above said fix , the pre-checkin : pre-checkin - 🟢
• Additional Upgrade : We a rebuild to validate upgrade and the upgrade was successful in the re verification as well. blackbox-chained/8284/ - 🟢

Additional Details:

Earlier review session I was suggested to remove lines

• https://github.com/delphix/appliance-build/pull/756/files#diff-19dc47250a3e0892ef8e82e6a276b6c88a62b1dade2ee06e8f257109e72fe3d7R90-R92
• https://github.com/delphix/appliance-build/pull/756/files#diff-203852fe3ced2c760ad56ce84f1c641d4c7883ee4525ccf406798f32605d505cR37-R39 .

After removing these lines, we began seeing failures during first boot on a fresh engine: split-precommit-dxostest-sr001.dlpxdc.co ( Engine from previous build)

2025-10-09T14:50:50.506928+00:00 ip-10-110-207-64 export-home[6830]: /home is mounted. Proceeding with /export/home cleanup.
2025-10-09T14:50:50.507320+00:00 ip-10-110-207-64 export-home[6830]: /export/home exists. Attempting to remove it...
2025-10-09T14:50:50.511575+00:00 ip-10-110-207-64 export-home[6830]: /export/home is not empty. Please clean it manually before running this script.
2025-10-09T14:50:50.518441+00:00 ip-10-110-207-64 systemd[1]: delphix-platform.service: Main process exited, code=exited, status=1/FAILURE

Although /export/home is not mounted, the directory exists because of how the Linux build server is configured — its default home directory is /export/home. During the build process(appliance-build), AWS CLI creates cache files under /export/home/delphix/.cache, making the directory non-empty. This causes the cleanup logic to fail.

Example from the engine:

delphix@ip-10-110-228-175:/var/log$ mount | grep home
rpool/ROOT/delphix.2swC2jH/home on /home type zfs (rw,nosuid,nodev,relatime,xattr,noacl,casesensitive,x-systemd.before=zfs-import-cache.service)
delphix@ip-10-110-228-175:/var/log$ 

delphix@ip-10-110-228-175:/var/log$ ls -ltr /export/
total 2
drwxr-xr-x 3 root root 3 Oct  6 08:26 home
delphix@ip-10-110-228-175:/var/log$ 

delphix@ip-10-110-228-175:/var/log$ ls -la /export/home/delphix/
total 5
drwxr-xr-x 3 root root 3 Oct  6 08:26 .
drwxr-xr-x 3 root root 3 Oct  6 08:26 ..
drwxr-xr-x 3 root root 3 Oct  6 08:26 .cache
delphix@ip-10-110-228-175:/var/log$ 

Because /export/home is not empty, the script exits with failure and causes the delphix-platform.service to stop.