Skip to content
Snippets Groups Projects
Commit 2ee3e4e7 authored by Chris Hines's avatar Chris Hines
Browse files

combine pam_slurm and pam_sshd so we have only one slightly less confusing role

Former-commit-id: 976f3bc1
parent 4653139b
No related branches found
No related tags found
No related merge requests found
---
- name: "Copy access.conf"
template: src=access.conf.j2 dest=/etc/security/access.conf
become: true
become_user: root
- name: "Copy password sshd pam config"
template: src=sshd.j2 dest=/etc/pam.d/sshd
become: true
become_user: root
Install an sshd PAM config definition
we leverage pam_access to ensure that the ec2-user and members of the systems group and always login
we use nologin on the login nodes during maintaince to retrict user login
we use pam_slurm_adopt on the compute nodes so that only users with running jobs can login a given node.
default is to configure as a login node. Use the variable computenodepam to config as a compute node (i.e. enable pam_slurm_adopt)
---
- name: "Copy access.conf"
template: src=access.conf.j2 dest=/etc/security/access.conf
become: true
become_user: root
- name: "Copy password sshd pam config"
template: src=sshd.j2 dest=/etc/pam.d/sshd
template: src=loginnodes_sshd.j2 dest=/etc/pam.d/sshd
become: true
become_user: root
when: comptenodepam is undefined
- name: "Copy password sshd pam config"
template: src=computenodes_sshd.j2 dest=/etc/pam.d/sshd
become: true
become_user: root
when: comptenodepam is undefined
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment