add openssh, fixed slurm script

roles/openssh/handlers/main.yml

+---
+  - name: restart openssh 
+    service: name={{ sshd_name }} enabled=yes state=restarted
+    sudo: true

roles/openssh/tasks/installSsh.yml

+- name: install deps
+  apt: name={{ item }} state=installed update_cache=yes
+  sudo: true
+  with_items:
+    - gcc 
+    - make 
+    - libssl-dev
+    - zlib1g-dev
+    - libpam0g-dev
+  when: ansible_os_family == "Debian"
+
+- name: get ssh source 
+  shell: wget http://mirror.aarnet.edu.au/pub/OpenBSD/OpenSSH/portable/openssh-{{ ssh_version }}.tar.gz
+  args:
+    chdir: /tmp
+    creates: /tmp/openssh-{{ ssh_version }}.tar.gz
+
+- name: untar ssh 
+  shell: tar zxf /tmp/openssh-{{ ssh_version }}.tar.gz 
+  args:
+    chdir: /tmp
+
+- name: build ssh 
+  shell: ./configure --prefix={{ ssh_dir }} --with-ipv4-default --with-md5-passwords --with-pam && make
+  args:
+    chdir: /tmp/openssh-{{ ssh_version }}
+    creates: /tmp/openssh-{{ ssh_version }}/ssh
+
+- name: install ssh 
+  shell: make install
+  sudo: true
+  args:
+    chdir: /tmp/openssh-{{ ssh_version }}
+    creates: "{{ ssh_dir }}/bin/ssh"
+
+- name: copy init script
+  template: dest=/etc/init.d/{{ sshd_name }} src=ssh.initd.centos.j2 mode=755
+  sudo: true   
+  when: ansible_os_family == "RedHat"
+
+- name: copy config script
+  template: dest={{ ssh_dir }}/etc/sshd_config src=sshd_config_centos.j2 mode=644
+  notify: restart openssh 
+  sudo: true   
+  when: ansible_os_family == "RedHat"
+
+- name: copy init script
+  template: dest=/etc/init.d/{{ sshd_name }} src=ssh.initd.debian.j2 mode=755
+  sudo: true   
+  when: ansible_os_family == "Debian"
+
+- name: copy config script
+  template: dest={{ ssh_dir }}/etc/sshd_config src=sshd_config_debian.j2 mode=644
+  notify: restart openssh 
+  sudo: true   
+  when: ansible_os_family == "Debian"
+
+

roles/openssh/tasks/main.yml

+---
+- include: installSsh.yml
+

roles/openssh/templates/ssh.initd.centos.j2

+#!/bin/bash
+#
+# sshd		Start up the OpenSSH server daemon
+#
+# chkconfig: 2345 55 25
+# description: SSH is a protocol for secure remote shell access. \
+#              This service starts up the OpenSSH server daemon.
+#
+# processname: sshd
+# config: /etc/ssh/ssh_host_key
+# config: /etc/ssh/ssh_host_key.pub
+# config: /etc/ssh/ssh_random_seed
+# config: /etc/ssh/sshd_config
+# pidfile: /var/run/sshd.pid
+
+### BEGIN INIT INFO
+# Provides: sshd
+# Required-Start: $local_fs $network $syslog
+# Required-Stop: $local_fs $syslog
+# Should-Start: $syslog
+# Should-Stop: $network $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start up the OpenSSH server daemon
+# Description:       SSH is a protocol for secure remote shell access.
+#		     This service starts up the OpenSSH server daemon.
+### END INIT INFO
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+# pull in sysconfig settings
+[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
+[ -f /etc/profile.d/modules.sh ] && . /etc/profile.d/modules.sh
+module load openssh
+RETVAL=0
+prog="ssh"
+lockfile=${SSH_HOME}/var/lock/subsys/${prog}
+
+# Some functions to make the below more readable
+KEYGEN=${SSH_HOME}/bin/ssh-keygen
+SSHD=${SSH_HOME}/sbin/sshd
+SSHD_CONFIG=${SSH_HOME}/etc/sshd_config
+RSA1_KEY=${SSH_HOME}/etc/ssh_host_key
+RSA_KEY=${SSH_HOME}/etc/ssh_host_rsa_key
+DSA_KEY=${SSH_HOME}/etc/ssh_host_dsa_key
+PID_FILE=/var/run/sshd.pid
+##PID_FILE=${SSH_HOME}/var/run/sshd.pid
+SSHD_LOG="${SSH_HOME}/var/log/sshd.log"
+OPTIONS="-E ${SSHD_LOG} -f ${SSHD_CONFIG}"
+runlevel=$(set -- $(runlevel); eval "echo \$$#" )
+
+[ -f ${SSHD_LOG} ] || touch ${SSHD_LOG}
+
+fips_enabled() {
+	if [ -r /proc/sys/crypto/fips_enabled ]; then
+		cat /proc/sys/crypto/fips_enabled
+	else
+		echo 0
+	fi
+}
+
+do_rsa1_keygen() {
+	if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then
+		echo -n $"Generating SSH1 RSA host key: "
+		rm -f $RSA1_KEY
+		if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
+			chmod 600 $RSA1_KEY
+			chmod 644 $RSA1_KEY.pub
+			if [ -x /sbin/restorecon ]; then
+			    /sbin/restorecon $RSA1_KEY.pub
+			fi
+			success $"RSA1 key generation"
+			echo
+		else
+			failure $"RSA1 key generation"
+			echo
+			exit 1
+		fi
+	fi
+}
+
+do_rsa_keygen() {
+	if [ ! -s $RSA_KEY ]; then
+		echo -n $"Generating SSH2 RSA host key: "
+		rm -f $RSA_KEY
+		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
+			chmod 600 $RSA_KEY
+			chmod 644 $RSA_KEY.pub
+			if [ -x /sbin/restorecon ]; then
+			    /sbin/restorecon $RSA_KEY.pub
+			fi
+			success $"RSA key generation"
+			echo
+		else
+			failure $"RSA key generation"
+			echo
+			exit 1
+		fi
+	fi
+}
+
+do_dsa_keygen() {
+	if [ ! -s $DSA_KEY -a `fips_enabled` -eq 0 ]; then
+		echo -n $"Generating SSH2 DSA host key: "
+		rm -f $DSA_KEY
+		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
+			chmod 600 $DSA_KEY
+			chmod 644 $DSA_KEY.pub
+			if [ -x /sbin/restorecon ]; then
+			    /sbin/restorecon $DSA_KEY.pub
+			fi
+			success $"DSA key generation"
+			echo
+		else
+			failure $"DSA key generation"
+			echo
+			exit 1
+		fi
+	fi
+}
+
+do_restart_sanity_check()
+{
+	$SSHD -t
+	RETVAL=$?
+	if [ $RETVAL -ne  0 ]; then
+		failure $"Configuration file or keys are invalid"
+		echo
+	fi
+}
+
+start()
+{
+	[ -x $SSHD ] || exit 5
+	[ -f ${SSHD_CONFIG} ] || exit 6
+	# Create keys if necessary
+	if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
+		do_rsa_keygen
+		if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
+			do_rsa1_keygen
+			do_dsa_keygen
+		fi
+	fi
+
+	echo -n $"Starting $prog: "
+	$SSHD $OPTIONS && success || failure
+	RETVAL=$?
+        echo "return $RETVAL"
+	[ $RETVAL -eq 0 ] && touch $lockfile
+	echo "Start OK"
+        sleep 2
+        cp -f /var/run/sshd.pid ${PID_FILE}; cp -f /var/run/sshd.pid.ori /var/run/sshd.pid
+	return $RETVAL
+}
+
+stop()
+{
+	echo -n $"Stopping $prog: "
+	killproc -p $PID_FILE $SSHD
+	RETVAL=$?
+	# if we are in halt or reboot runlevel kill all running sessions
+	# so the TCP connections are closed cleanly
+	if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
+	    trap '' TERM
+	    killall $prog 2>/dev/null
+	    trap TERM
+	fi
+	[ $RETVAL -eq 0 ] && rm -f $lockfile
+	echo
+}
+
+reload()
+{
+	echo -n $"Reloading $prog: "
+	killproc -p $PID_FILE $SSHD -HUP
+	RETVAL=$?
+	echo
+}
+
+restart() {
+	stop
+	start
+}
+
+force_reload() {
+	restart
+}
+
+rh_status() {
+	status -p $PID_FILE openssh-daemon
+}
+
+rh_status_q() {
+	rh_status >/dev/null 2>&1
+}
+
+case "$1" in
+	start)
+		rh_status_q && exit 0
+		start
+		;;
+	stop)
+		if ! rh_status_q; then
+			rm -f $lockfile
+			exit 0
+		fi
+		stop
+		;;
+	restart)
+		restart
+		;;
+	reload)
+		rh_status_q || exit 7
+		reload
+		;;
+	force-reload)
+		force_reload
+		;;
+	condrestart|try-restart)
+		rh_status_q || exit 0
+		if [ -f $lockfile ] ; then
+			do_restart_sanity_check
+			if [ $RETVAL -eq 0 ] ; then
+				stop
+				# avoid race
+				sleep 3
+				start
+			else
+				RETVAL=6
+			fi
+		fi
+		;;
+	status)
+		rh_status
+		RETVAL=$?
+		if [ $RETVAL -eq 3 -a -f $lockfile ] ; then
+			RETVAL=2
+		fi
+		;;
+	*)
+		echo $"Usage: $0 {start|stop|restart|reload|force-reload|condrestart|try-restart|status}"
+		RETVAL=2
+esac
+exit $RETVAL

roles/openssh/templates/ssh.initd.debian.j2

+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides:		sshd
+# Required-Start:	$remote_fs $syslog
+# Required-Stop:	$remote_fs $syslog
+# Default-Start:	2 3 4 5
+# Default-Stop:		
+# Short-Description:	OpenBSD Secure Shell server
+### END INIT INFO
+
+set -e
+
+# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon
+
+test -x /usr/sbin/sshd || exit 0
+( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
+
+umask 022
+
+if test -f /etc/default/ssh; then
+    . /etc/default/ssh
+fi
+
+. /lib/lsb/init-functions
+
+SSH_HOME="{{ ssh_dir }}"
+SSHD_LOG_DIR="${SSH_HOME}/var/log"
+SSHD_LOG="${SSHD_LOG_DIR}/sshd.log"
+PID_DIR="{{ ssh_pid_dir }}"
+###PID_DIR="${SSH_HOME}/var/run"
+PID_FILE=${PID_DIR}/sshd.pid
+SSHD_CONFIG=${SSH_HOME}/etc/sshd_config
+SSHD="${SSH_HOME}/sbin/sshd"
+SSHD_OPTS="-f ${SSHD_CONFIG}"
+
+if [ ! -d ${PID_DIR} ]; then
+    mkdir -p ${PID_DIR}
+fi
+
+if [ ! -d ${SSH_LOG_DIR} ]; then
+    mkdir -p ${SSH_LOG_DIR} 
+fi
+
+if [ ! -f ${SSH_LOG} ]; then
+    touch ${SSH_LOG} 
+fi
+
+if [ -n "$2" ]; then
+    SSHD_OPTS="$SSHD_OPTS $2"
+fi
+
+# Are we running from init?
+run_by_init() {
+    ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ]
+}
+
+check_for_upstart() {
+    if init_is_upstart; then
+	exit $1
+    fi
+}
+
+check_for_no_start() {
+    # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
+    if [ -e /etc/ssh/sshd_not_to_be_run ]; then 
+	if [ "$1" = log_end_msg ]; then
+	    log_end_msg 0 || true
+	fi
+	if ! run_by_init; then
+	    log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)" || true
+	fi
+	exit 0
+    fi
+}
+
+check_dev_null() {
+    if [ ! -c /dev/null ]; then
+	if [ "$1" = log_end_msg ]; then
+	    log_end_msg 1 || true
+	fi
+	if ! run_by_init; then
+	    log_action_msg "/dev/null is not a character device!" || true
+	fi
+	exit 1
+    fi
+}
+
+check_privsep_dir() {
+    # Create the PrivSep empty dir if necessary
+    if [ ! -d /var/run/sshd ]; then
+	mkdir /var/run/sshd
+	chmod 0755 /var/run/sshd
+    fi
+}
+
+check_config() {
+    if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
+	/usr/sbin/sshd $SSHD_OPTS -t || exit 1
+    fi
+}
+
+export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
+
+case "$1" in
+  start)
+	check_for_upstart 1
+	check_privsep_dir
+	check_for_no_start
+	check_dev_null
+	log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd" || true
+	if start-stop-daemon --start --quiet --oknodo --pidfile ${PID_FILE} --exec ${SSHD} -- $SSHD_OPTS; then
+	    log_end_msg 0 || true
+	else
+	    log_end_msg 1 || true
+	fi
+	;;
+  stop)
+	check_for_upstart 0
+	log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd" || true
+	if start-stop-daemon --stop --quiet --oknodo --pidfile ${PID_FILE}; then
+	    log_end_msg 0 || true
+	else
+	    log_end_msg 1 || true
+	fi
+	;;
+
+  reload|force-reload)
+	check_for_upstart 1
+	check_for_no_start
+	check_config
+	log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd" || true
+	if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile ${PID_FILE} --exec ${SSHD}; then
+	    log_end_msg 0 || true
+	else
+	    log_end_msg 1 || true
+	fi
+	;;
+
+  restart)
+	check_for_upstart 1
+	check_privsep_dir
+	check_config
+	log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true
+	start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile ${PID_FILE} 
+	check_for_no_start log_end_msg
+	check_dev_null log_end_msg
+	if start-stop-daemon --start --quiet --oknodo --pidfile ${PID_FILE} --exec ${SSHD} -- $SSHD_OPTS; then
+	    log_end_msg 0 || true
+	else
+	    log_end_msg 1 || true
+	fi
+	;;
+
+  try-restart)
+	check_for_upstart 1
+	check_privsep_dir
+	check_config
+	log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true
+	RET=0
+	start-stop-daemon --stop --quiet --retry 30 --pidfile ${PID_FILE} || RET="$?"
+	case $RET in
+	    0)
+		# old daemon stopped
+		check_for_no_start log_end_msg
+		check_dev_null log_end_msg
+		if start-stop-daemon --start --quiet --oknodo --pidfile ${PID_FILE} --exec ${SSHD} -- $SSHD_OPTS; then
+		    log_end_msg 0 || true
+		else
+		    log_end_msg 1 || true
+		fi
+		;;
+	    1)
+		# daemon not running
+		log_progress_msg "(not running)" || true
+		log_end_msg 0 || true
+		;;
+	    *)
+		# failed to stop
+		log_progress_msg "(failed to stop)" || true
+		log_end_msg 1 || true
+		;;
+	esac
+	;;
+
+  status)
+	check_for_upstart 1
+	status_of_proc -p ${PID_FILE} ${SSHD} sshd && exit 0 || exit $?
+	;;
+
+  *)
+	log_action_msg "Usage: $0 {start|stop|reload|force-reload|restart|try-restart|status}" || true
+	exit 1
+esac
+
+exit 0

roles/openssh/templates/sshd_config_centos.j2

+#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options change a
+# default value.
+
+Port {{ ssh_port }} 
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# Disable legacy (protocol version 1) support in the server for new
+# installations. In future the default will change to require explicit
+# activation of protocol 1
+Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+SyslogFacility AUTHPRIV
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+#AuthorizedKeysFile	.ssh/authorized_keys
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandRunAs nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+PasswordAuthentication no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+#KerberosUseKuserok yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPIAuthentication yes
+#GSSAPICleanupCredentials yes
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+UsePAM yes
+
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#ShowPatchLevel no
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem sftp	/usr/libexec/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	ForceCommand cvs server

roles/openssh/templates/sshd_config_debian.j2

+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port {{ ssh_port }} 
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 1024
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin without-password
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+Banner /etc/ssh/sshd_banner
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes

roles/openssh/vars/readme.txt

+ssh_version: "6.8p1"
+ssh_dir: "/opt/openssh-{{ ssh_version }}"
+ssh_port: "22"
+ssh_pid_dir: "/var/run"
+sshd_name: "ssh"
+

roles/slurm-from-source/tasks/main.yml

@@ -35,6 +35,7 @@
 
 - name: create state directory
   file: path={{ slurmstatedir }} state=directory owner=slurm group=slurm mode=750
+
   sudo: true
   when: slurmstatedir is defined 
 
@@ -65,6 +66,8 @@
     - bzip2-devel
     - hwloc
     - hwloc-devel
+    - lua
+    - lua-devel
   sudo: true
   when: ansible_os_family == "RedHat"
 
@@ -131,7 +134,7 @@
   template: src=slurm.conf.j2 dest={{ slurm_dir }}/etc/slurm.conf
   sudo: true
   notify: restart slurm
-  when: slurm_use_vpn==False and slurm_gres_list is defined
+  when: slurm_use_vpn==False
 
 - name: install slurm.conf
   template: src=slurm-vpn.conf.j2 dest={{ slurm_dir }}/etc/slurm.conf
@@ -143,6 +146,13 @@
   sudo: true
   when: ansible_os_family == 'RedHat' 
 
+- name: setup plugin
+  template: src=job_submit.lua.j2 dest={{ slurm_dir }}/etc/job_submit.lua
+  delegate_to: "{{ slurmctrl }}"
+  run_once: true
+  sudo: true
+  when: slurm_lua 
+
 - include: installCgroup.yml
 - include: installNhc.yml
 

roles/slurm-from-source/templates/gres.conf.j2

 {% for gr in slurm_gres_list %}
-Name={{ gr.name }} Type={{ slurm_generic_resource.stdout }} File={{ gr.file }}
+Name={{ gr.name }} File={{ gr.file }}
 {% endfor %}

roles/slurm-from-source/templates/job_submit.lua.j2

+--[[
+
+ Example lua script demonstrating the SLURM job_submit/lua interface.
+ This is only an example, not meant for use in its current form.
+
+ Leave the function names, arguments, local varialbes and setmetatable
+ set up logic in each function unchanged. Change only the logic after
+ the lSUCCESSine containing "*** YOUR LOGIC GOES BELOW ***".
+
+ For use, this script should be copied into a file name "job_submit.lua"
+ in the same directory as the SLURM configuration file, slurm.conf.
+
+--]]
+
+function slurm_job_submit(job_desc, part_list, submit_uid)
+
+      if (job_desc.gres and string.find(job_desc.gres,"gpu")) then
+         slurm.log_info("generic resource GPU")
+         job_desc.partition = "vis" 
+         return slurm.SUCCESS
+      end
+end
+
+function slurm_job_modify(job_desc, job_rec, part_list, modify_uid)
+	return slurm.SUCCESS
+end
+
+
+log_msg = slurm.log_info
+log_verbose = slurm.log_verbose
+log_debug = slurm.log_debug
+log_err = slurm.error
+log_user = slurm.log_user 
+
+return slurm.SUCCESS

roles/slurm-from-source/templates/slurm.conf.j2

@@ -46,7 +46,9 @@ ReturnToService=1
 TaskPlugin=task/cgroup
 #TaskPlugin=task/affinity
 #TaskPlugin=task/affinity,task/cgroup
-#JobSubmitPlugins=lua
+{% if slurm_lua %}
+JobSubmitPlugins=lua
+{% endif %}
 OverTimeLimit=1
 CompleteWait=10
 
@@ -69,6 +71,9 @@ SchedulerType={{ slurmschedulertype }}
 #SchedulerPort=
 #SchedulerRootFilter=
 SelectType={{ slurmselecttype }}
+{% if slurmselecttype.find("cons_res") > 0 %}
+SelectTypeParameters=CR_Core_Memory
+{% endif %}
 FastSchedule={{ slurmfastschedule }}
 #PriorityType=priority/multifactor
 #PriorityFlags=Ticket_Based
@@ -141,7 +146,7 @@ MpiParams=ports=12000-12999
 {% endfor %}
 {% endfor %}
 {% for node in nodelist|unique %}
-NodeName={{ node }} Procs={{ hostvars[node]['ansible_processor_vcpus'] }} RealMemory={{ hostvars[node].ansible_memory_mb.real.total }} Sockets={{ hostvars[node]['ansible_processor_vcpus'] }} CoresPerSocket=1 ThreadsPerCore={{ hostvars[node].ansible_processor_threads_per_core }} {% if hostvars[node].ansible_hostname.find('vis') != -1 %}Gres=gpu{% if hostvars[node].ansible_hostname.find('k1') > 0 %}:k1{% endif %}{% if hostvars[node].ansible_hostname.find('k2') > 0 %}:k2{% endif %}:1{% endif %} {% if hostvars[node]['ansible_processor_vcpus'] == 1 %}Weight=1{% endif %}{% if hostvars[node]['ansible_processor_vcpus'] > 1 and hostvars[node]['ansible_processor_vcpus'] <= 16 %}Weight=3{% endif %}{% if hostvars[node]['ansible_processor_vcpus'] > 16 and hostvars[node]['ansible_processor_vcpus'] <= 20 %}Weight=5{% endif %}{% if hostvars[node]['ansible_processor_vcpus'] > 20 and hostvars[node]['ansible_processor_vcpus'] <= 40 %}Weight=7{% endif %}{% if hostvars[node]['ansible_processor_vcpus'] > 40 and hostvars[node]['ansible_processor_vcpus'] <= 64 %}Weight=8{% endif %}{% if hostvars[node]['ansible_processor_vcpus'] > 64 and hostvars[node]['ansible_processor_vcpus'] <= 128 %}Weight=9{% endif %}{% if hostvars[node]['ansible_processor_vcpus'] > 128 %}Weight=10{% endif %} Feature=stage1 State=UNKNOWN  
+NodeName={{ node }} Procs={{ hostvars[node]['ansible_processor_vcpus'] }} RealMemory={{ hostvars[node].ansible_memory_mb.real.total }} Sockets={{ hostvars[node]['ansible_processor_vcpus'] }} CoresPerSocket=1 ThreadsPerCore={{ hostvars[node].ansible_processor_threads_per_core }} {% if hostvars[node].ansible_hostname.find('vis') != -1 %}Gres=gpu:1{% endif %} {% if hostvars[node]['ansible_processor_vcpus'] == 1 %}Weight=1{% endif %}{% if hostvars[node]['ansible_processor_vcpus'] > 1 and hostvars[node]['ansible_processor_vcpus'] <= 16 %}Weight=3{% endif %}{% if hostvars[node]['ansible_processor_vcpus'] > 16 and hostvars[node]['ansible_processor_vcpus'] <= 20 %}Weight=5{% endif %}{% if hostvars[node]['ansible_processor_vcpus'] > 20 and hostvars[node]['ansible_processor_vcpus'] <= 40 %}Weight=7{% endif %}{% if hostvars[node]['ansible_processor_vcpus'] > 40 and hostvars[node]['ansible_processor_vcpus'] <= 64 %}Weight=8{% endif %}{% if hostvars[node]['ansible_processor_vcpus'] > 64 and hostvars[node]['ansible_processor_vcpus'] <= 128 %}Weight=9{% endif %}{% if hostvars[node]['ansible_processor_vcpus'] > 128 %}Weight=10{% endif %} Feature=stage1 State=UNKNOWN  
 {% endfor %}
 
 {% for queue in slurmqueues %}