From 3bbf35e1dd7cd179610304d09d504fa166b82afe Mon Sep 17 00:00:00 2001
From: Chris Hines <chris.hines@monash.edu>
Date: Thu, 11 Aug 2016 22:27:18 +0000
Subject: [PATCH] compile and install the pam_slurm module

Former-commit-id: 3fd2afd6c30e51d657ac5aebd619d7614e7318c2
---
 roles/pam_slurm/tasks/main.yml                | 11 +++++++
 roles/pam_slurm/templates/access.conf.j2      |  1 +
 roles/pam_slurm/templates/sshd.j2             | 22 +++++++++++++
 .../tasks/installSlurmFromSource.yml          | 33 +++++++++++++++++--
 4 files changed, 64 insertions(+), 3 deletions(-)
 create mode 100644 roles/pam_slurm/tasks/main.yml
 create mode 100644 roles/pam_slurm/templates/access.conf.j2
 create mode 100644 roles/pam_slurm/templates/sshd.j2

diff --git a/roles/pam_slurm/tasks/main.yml b/roles/pam_slurm/tasks/main.yml
new file mode 100644
index 00000000..8a13ab12
--- /dev/null
+++ b/roles/pam_slurm/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: "Copy access.conf"
+  template: src=access.conf.j2 dest=/etc/security/access.conf
+  become: true
+  become_user: root
+
+- name: "Copy password sshd pam config"
+  template: src=sshd.j2 dest=/etc/pam.d/sshd
+  become: true
+  become_user: root
+
diff --git a/roles/pam_slurm/templates/access.conf.j2 b/roles/pam_slurm/templates/access.conf.j2
new file mode 100644
index 00000000..684f5e79
--- /dev/null
+++ b/roles/pam_slurm/templates/access.conf.j2
@@ -0,0 +1 @@
+-:ALL EXCEPT root systems ec2-user debian ubuntu admin :ALL
diff --git a/roles/pam_slurm/templates/sshd.j2 b/roles/pam_slurm/templates/sshd.j2
new file mode 100644
index 00000000..a1218458
--- /dev/null
+++ b/roles/pam_slurm/templates/sshd.j2
@@ -0,0 +1,22 @@
+#%PAM-1.0
+auth	   required	pam_sepermit.so
+auth       substack     password-auth
+auth       include      postlogin
+# Used with polkit to reauthorize users in remote sessions
+-auth      optional     pam_reauthorize.so prepare
+account    required     pam_nologin.so
+account    include      password-auth
+account    sufficient   pam_slurm.so
+account    required     pam_access.so
+password   include      password-auth
+# pam_selinux.so close should be the first session rule
+session    required     pam_selinux.so close
+session    required     pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+session    required     pam_selinux.so open env_params
+session    required     pam_namespace.so
+session    optional     pam_keyinit.so force revoke
+session    include      password-auth
+session    include      postlogin
+# Used with polkit to reauthorize users in remote sessions
+-session   optional     pam_reauthorize.so prepare
diff --git a/roles/slurm-common/tasks/installSlurmFromSource.yml b/roles/slurm-common/tasks/installSlurmFromSource.yml
index be136da9..167994b2 100644
--- a/roles/slurm-common/tasks/installSlurmFromSource.yml
+++ b/roles/slurm-common/tasks/installSlurmFromSource.yml
@@ -15,14 +15,27 @@
     src: "http://consistency0/src/slurm-{{ slurm_version }}.tar.bz2"
     copy: no
     dest: /tmp
-    creates: /tmp/slurm-{{ slurm_version }}
+    creates: "{{ slurm_dir }}/bin/srun"
+
+- name: stat srun
+  stat: path="{{ slurm_dir }}/bin/srun"
+  register: stat_srun
+
+
 
+- name: configure slurm
+  command: /tmp/slurm-{{ slurm_version }}/configure --prefix={{ slurm_dir }} --with-munge={{ munge_dir }} --enable-pam 
+  args:
+    creates: "{{ slurm_dir }}/bin/srun"
+    chdir: /tmp/slurm-{{ slurm_version }}
+  when: force_slurm_recompile is defined or not stat_srun.stat.exists
 
 - name: build slurm
-  shell: ./configure --prefix={{ slurm_dir }} --with-munge={{ munge_dir }} && make
+  command: make
   args:
+    creates: "{{ slurm_dir }}/bin/srun"
     chdir: /tmp/slurm-{{ slurm_version }}
-    creates: /tmp/slurm-{{ slurm_version }}/src/srun/srun
+  when: force_slurm_recompile is defined or not stat_srun.stat.exists
 
 - name: install slurm
   shell: make install
@@ -30,6 +43,20 @@
   args:
     chdir: /tmp/slurm-{{ slurm_version }}
     creates: "{{ slurm_dir }}/bin/srun"
+  when: force_slurm_recompile is defined or not stat_srun.stat.exists
+
+- name: build pam_slurm
+  command: make
+  args:
+    chdir: /tmp/slurm-{{ slurm_version }}/contribs/pam
+  when: force_slurm_recompile is defined or not stat_srun.stat.exists
+
+- name: install pam_slurm
+  shell: make install
+  sudo: true
+  args:
+    chdir: /tmp/slurm-{{ slurm_version }}/contribs/pam
+  when: force_slurm_recompile is defined or not stat_srun.stat.exists
 
 - name: add slurm log rotate config
   template: src=slurmlog.j2 dest=/etc/logrotate.d/slurm mode=644
-- 
GitLab