Skip to content
Snippets Groups Projects

Add role to restrict user access to nodes via pam_slurm.

1 file
+ 46
0
Compare changes
  • Side-by-side
  • Inline
+ 46
0
 
---
 
# restrict user access to nodes
 
- name: Get version and release for slurm-pam pkg
 
shell: rpm -q --qf "%{VERSION}-%{RELEASE}\n" slurm-client
 
register: ver
 
 
- debug:
 
var: ver
 
 
- name: Install slurm-pam package
 
yum:
 
name: "slurm-pam-{{ ver.stdout }}"
 
state: present
 
 
- name: Create new pam file wihtout pam_systemd.so
 
shell: grep -v pam_systemd.so < /etc/pam.d/password-auth > /etc/pam.d/password-auth-no-systemd
 
 
- name: Update sshd pam file
 
blockinfile:
 
path: /etc/pam.d/sshd
 
insertbefore: "^account.+password-auth$"
 
backup: yes
 
marker: "# {mark} PAM config for Slurm"
 
marker_begin: "BEGIN account"
 
marker_end: "END account"
 
block: |
 
"-account sufficient pam_slurm_adopt.so"
 
"account required pam_access.so"
 
 
- name: Update sshd pam file
 
blockinfile:
 
path: /etc/pam.d/sshd
 
insertbefore: "^session.+postlogin$"
 
backup: yes
 
marker: "# {mark} - PAM config for Slurm"
 
marker_begin: "BEGIN session"
 
marker_end: "END session"
 
block: |
 
"session include password-auth-no-systemd"
 
 
- name: Update secure access config for the node
 
lineinfile:
 
dest: /etc/security/access.conf
 
line: "-:ALL EXCEPT root mhanby_ cmcclung_ (sysadmins) (atlab):ALL"
 
owner: root
 
mode: 0644
Loading