Merge branch 'pam_slurm' into 'master'

Pam slurm See merge request !81 Former-commit-id: 7308b61f

Merge branch 'pam_slurm' into 'master'
Pam slurm See merge request !81 Former-commit-id: 7308b61f
283d114d · Chris Hines · acf04711 · 3bbf35e1 · 283d114d · 283d114d
Commit 283d114d authored 8 years ago by Chris Hines
--- a/roles/ldapclient/tasks/configLdapClient.yml
+++ b/roles/ldapclient/tasks/configLdapClient.yml
@@ -2,7 +2,6 @@
 - name: "Copy configuration files to ldap client"
  template: src={{ item }}.j2 dest=/etc/{{ item }}
  with_items:
-    - pam_ldap.conf
    - nsswitch.conf
  become: true
  become_user: root

--- a/roles/pam_slurm/tasks/main.yml
+++ b/roles/pam_slurm/tasks/main.yml
+---
+- name: "Copy access.conf"
+  template: src=access.conf.j2 dest=/etc/security/access.conf
+  become: true
+  become_user: root
+- name: "Copy password sshd pam config"
+  template: src=sshd.j2 dest=/etc/pam.d/sshd
+  become: true
+  become_user: root
--- a/roles/pam_slurm/templates/access.conf.j2
+++ b/roles/pam_slurm/templates/access.conf.j2
+-:ALL EXCEPT root systems ec2-user debian ubuntu admin :ALL
--- a/roles/pam_slurm/templates/sshd.j2
+++ b/roles/pam_slurm/templates/sshd.j2
+#%PAM-1.0
+auth	   required	pam_sepermit.so
+auth       substack     password-auth
+auth       include      postlogin
+# Used with polkit to reauthorize users in remote sessions
+-auth      optional     pam_reauthorize.so prepare
+account    required     pam_nologin.so
+account    include      password-auth
+account    sufficient   pam_slurm.so
+account    required     pam_access.so
+password   include      password-auth
+# pam_selinux.so close should be the first session rule
+session    required     pam_selinux.so close
+session    required     pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+session    required     pam_selinux.so open env_params
+session    required     pam_namespace.so
+session    optional     pam_keyinit.so force revoke
+session    include      password-auth
+session    include      postlogin
+# Used with polkit to reauthorize users in remote sessions
+-session   optional     pam_reauthorize.so prepare
--- a/roles/slurm-common/tasks/installSlurmFromSource.yml
+++ b/roles/slurm-common/tasks/installSlurmFromSource.yml
@@ -15,14 +15,27 @@
    src: "http://consistency0/src/slurm-{{ slurm_version }}.tar.bz2"
    copy: no
    dest: /tmp
-    creates: /tmp/slurm-{{ slurm_version }}
+    creates: "{{ slurm_dir }}/bin/srun"
+- name: stat srun
+  stat: path="{{ slurm_dir }}/bin/srun"
+  register: stat_srun
+- name: configure slurm
+  command: /tmp/slurm-{{ slurm_version }}/configure --prefix={{ slurm_dir }} --with-munge={{ munge_dir }} --enable-pam 
+  args:
+    creates: "{{ slurm_dir }}/bin/srun"
+    chdir: /tmp/slurm-{{ slurm_version }}
+  when: force_slurm_recompile is defined or not stat_srun.stat.exists
 - name: build slurm
-  shell: ./configure --prefix={{ slurm_dir }} --with-munge={{ munge_dir }} && make
+  command: make
  args:
+    creates: "{{ slurm_dir }}/bin/srun"
    chdir: /tmp/slurm-{{ slurm_version }}
-    creates: /tmp/slurm-{{ slurm_version }}/src/srun/srun
+  when: force_slurm_recompile is defined or not stat_srun.stat.exists
 - name: install slurm
  shell: make install
@@ -30,6 +43,20 @@
  args:
    chdir: /tmp/slurm-{{ slurm_version }}
    creates: "{{ slurm_dir }}/bin/srun"
+  when: force_slurm_recompile is defined or not stat_srun.stat.exists
+- name: build pam_slurm
+  command: make
+  args:
+    chdir: /tmp/slurm-{{ slurm_version }}/contribs/pam
+  when: force_slurm_recompile is defined or not stat_srun.stat.exists
+- name: install pam_slurm
+  shell: make install
+  sudo: true
+  args:
+    chdir: /tmp/slurm-{{ slurm_version }}/contribs/pam
+  when: force_slurm_recompile is defined or not stat_srun.stat.exists
 - name: add slurm log rotate config
  template: src=slurmlog.j2 dest=/etc/logrotate.d/slurm mode=644