Merge remote-tracking branch 'origin/pamExcludeUbuntu' into centos76

5291e795 · Andreas Hamacher · 61e7f395 · 848fad4a · 5291e795 · 5291e795
Commit 5291e795 authored 4 years ago by Andreas Hamacher
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,7 +7,6 @@ variables:
 stages:
  - lint
-  - testlustre
  - extended
  #- heat_test
  - heat
@@ -16,6 +15,7 @@ stages:
  - tests
  - integration_test #https://docs.gitlab.com/ee/ci/triggers/
  - clean
+  - testlustre
 trigger_pipeline_in_Clusterbuild:
@@ -146,7 +146,7 @@ ansible_create_cluster_stage:
    - ansible-playbook -i files/inventory.$STACKNAME --key-file ../../gc_key.pem --skip-tags monitoring computenodes.yml | tee nochange.log
    - echo [ `grep changed= ./nochange.log -c` = `grep changed=0 ./nochange.log -c` ] > bashtest.sh   # a crude way to make sure all changed lines are equal to changed=0
    - bash ./bashtest.sh
-    - ansible-playbook -i files/inventory.$STACKNAME --key-file ../../gc_key.pem --skip-tags monitoring --check computenodes.yml 
+    - ansible-playbook -i files/inventory.$STACKNAME --key-file ../../gc_key.pem --skip-tags monitoring --check computenodes.yml
 tests:
  stage: tests
@@ -173,7 +173,7 @@ tests:
    - ansible -B 30 -i files/inventory.$STACKNAME --key-file ../gc_key.pem -a "systemctl is-active --quiet mariadb" SQLNodes
    - ansible -B 30 -i files/inventory.$STACKNAME --key-file ../gc_key.pem -a "systemctl is-active --quiet slurmctld" ManagementNodes
    - ansible -B 30 -i files/inventory.$STACKNAME --key-file ../gc_key.pem -a "systemctl is-active --quiet slurmdbd" ManagementNodes
    - bash -e ./tests/run_tests.sh all "files/inventory.$STACKNAME" "../gc_key.pem"
    - bash -e ./tests/run_tests.sh ComputeNodes "files/inventory.$STACKNAME" "../gc_key.pem"
@@ -184,7 +184,7 @@ tests:
    - bash -e ./tests/run_tests.sh slurm "files/inventory.$STACKNAME" "../gc_key.pem"
    - ansible -i files/inventory.$STACKNAME --key-file ../gc_key.pem -a 'sudo su - user1 -c whoami' LoginNodes,ComputeNodes  # to test ldap
    #- sshpass -p 'redhat' ssh -o StrictHostKeyChecking=no user1@server.example.com
 extended:
  stage: extended
  tags:

--- a/CICD/plays/computenodes.yml
+++ b/CICD/plays/computenodes.yml
@@ -30,7 +30,7 @@
  - vars/vars.yml
  strategy: free
  roles:
-  - { role: move_homedir, tags: [ authentication, filesystems ] }
+  - { role: move_homedir, tags: [ authentication, filesystems,narf ] }
  - { role: nfs-client, nfsMounts: "{{ computeNfsMounts }}", tags: [ filesystems ] }
  - { role: slurm-common, tags: [ slurm, slurm-common ] }
  #- { role: lmod, tags: [ other ] } # actually preffered on ubuntu but mutually exclusive with environment-modules
@@ -39,7 +39,7 @@
  - { role: set_semaphore_count, tags: [ semaphore ] }
  - { role: ldapclient, ssl: false, tags: [ ldapclient ] }
  - { role: ssh-keepalive, tags: [ ssh ] }
-  - { role: enable_sudo_group, tags: [ authentication ] }
+  - { role: enable_sudo_group, tags: [ authentication,zort ] }
 - hosts: 'VisNodes'
  gather_facts: False
@@ -94,4 +94,5 @@
 - hosts: 'LoginNodes'
  roles:
-  - { role: pam_sshd, computenodepam: false, tags: [ authentication, pamd ] }
+  - { role: pam_sshd, tags: [ authentication, pamd ], when: ansible_os_family == 'RedHat' }
--- a/roles/pam_sshd/tasks/main.yml
+++ b/roles/pam_sshd/tasks/main.yml
@@ -4,14 +4,14 @@
  become: true
  become_user: root
- name: "Copy password sshd pam config"
+- name: "Copy loginnode password sshd pam config"
  template: src=loginnodes_sshd.j2 dest=/etc/pam.d/sshd
  become: true
  become_user: root
  when: computenodepam is undefined or not computenodepam
- name: "Copy password sshd pam config"
+- name: "Copy computenode password sshd pam config"
  template: src=computenodes_sshd.j2 dest=/etc/pam.d/sshd
  become: true
  become_user: root