From 30ad9fc798466f80eb562b74999e868fd296a409 Mon Sep 17 00:00:00 2001 From: Enrico Nasca Date: Thu, 21 Sep 2023 09:35:21 +0000 Subject: [PATCH] Add the pam_slurm_adopt module. --- ansible/roles/slurm_install/defaults/main.yml | 13 +++++++--- .../slurm_install/files/sshd-pam-slurm-adopt | 1 + ansible/roles/slurm_install/tasks/main.yml | 10 +++++++ .../slurm_install/tasks/slurm_pam_adopt.yml | 26 +++++++++++++++++++ .../slurm_install/templates/slurm.conf.j2 | 9 +++++-- 5 files changed, 54 insertions(+), 5 deletions(-) create mode 100644 ansible/roles/slurm_install/files/sshd-pam-slurm-adopt create mode 100644 ansible/roles/slurm_install/tasks/slurm_pam_adopt.yml diff --git a/ansible/roles/slurm_install/defaults/main.yml b/ansible/roles/slurm_install/defaults/main.yml index 8e0f2ade..45cba377 100644 --- a/ansible/roles/slurm_install/defaults/main.yml +++ b/ansible/roles/slurm_install/defaults/main.yml @@ -1,6 +1,7 @@ # Inventory group names slurm_controller_group_name: slurm_controller -slurm_worker_group_name: slurm_worker +slurm_worker_group_name: slurm_worker # includes compute and user-facing nodes +slurm_compute_group_name: slurm_compute slurm_dbd_group_name: slurm_database # The version to install. @@ -12,13 +13,19 @@ slurm_client_version_with_release: "{{ slurm_version }}-1" # URL of the archive containing the deb packages. slurm_worker_debs_url: https://github.com/IKIM-Essen/EMCP-slurm/releases/download/v21.08.5/slurm-21.08.5-ubuntu22.04-debs.zip -# Packages to install on worker nodes as a list of paths relative to the -# directory where slurm_worker_debs_url is extracted. +# Packages to install on compute and user-facing nodes as a list of paths +# relative to the directory where slurm_worker_debs_url is extracted. slurm_worker_package_paths: - slurm-21.08.5-ubuntu22.04-debs/slurmd_21.08.5-2ubuntu1_amd64.deb - slurm-21.08.5-ubuntu22.04-debs/slurm-wlm-basic-plugins_21.08.5-2ubuntu1_amd64.deb - slurm-21.08.5-ubuntu22.04-debs/slurm-client_21.08.5-2ubuntu1_amd64.deb +# Packages to install on compute nodes as a list of paths relative to the +# directory where slurm_worker_debs_url is extracted. +slurm_compute_package_paths: + - slurm-21.08.5-ubuntu22.04-debs/libslurm37_21.08.5-2ubuntu1_amd64.deb + - slurm-21.08.5-ubuntu22.04-debs/libpam-slurm-adopt_21.08.5-2ubuntu1_amd64.deb + # URI of the package repository. # The package repository can be built using the slurm_pkgbuild role. # See `man sources.list` for the supported URI schemes. diff --git a/ansible/roles/slurm_install/files/sshd-pam-slurm-adopt b/ansible/roles/slurm_install/files/sshd-pam-slurm-adopt new file mode 100644 index 00000000..16a1e09b --- /dev/null +++ b/ansible/roles/slurm_install/files/sshd-pam-slurm-adopt @@ -0,0 +1 @@ +account sufficient pam_slurm_adopt.so diff --git a/ansible/roles/slurm_install/tasks/main.yml b/ansible/roles/slurm_install/tasks/main.yml index 52c71f89..0729b34f 100644 --- a/ansible/roles/slurm_install/tasks/main.yml +++ b/ansible/roles/slurm_install/tasks/main.yml @@ -46,6 +46,16 @@ - slurm-node - slurm-worker +- name: Configure the pam_slurm_adopt module + become: true + block: + - ansible.builtin.include_tasks: slurm_pam_adopt.yml + when: inventory_hostname in groups[slurm_compute_group_name] + tags: + - slurm + - slurm-node + - slurm-pam-adopt + - name: Deploy the controller node become: true block: diff --git a/ansible/roles/slurm_install/tasks/slurm_pam_adopt.yml b/ansible/roles/slurm_install/tasks/slurm_pam_adopt.yml new file mode 100644 index 00000000..9f35d82c --- /dev/null +++ b/ansible/roles/slurm_install/tasks/slurm_pam_adopt.yml @@ -0,0 +1,26 @@ +--- +- name: Install packages for pam_slurm_adopt + ansible.builtin.apt: + name: + - "libslurm37={{ slurm_version_with_release }}" + - "libpam-slurm-adopt={{ slurm_client_version_with_release }}" + state: present + update_cache: true + +- name: Comment-out the PAM module pam_systemd as instructed by the pam_slurm_adopt guide + ansible.builtin.replace: + path: /etc/pam.d/common-session + regexp: '^(session.*pam_systemd\.so)\s*$' + replace: '# \1 # ANSIBLE-MANAGED: incompatible with pam_slurm_adopt' + owner: root + group: root + mode: "0644" + +- name: Add the PAM module pam_slurm_adopt at the bottom of the sshd stack + ansible.builtin.blockinfile: + path: /etc/pam.d/sshd + block: "{{ lookup('file', 'sshd-pam-slurm-adopt') }}" + owner: root + group: root + mode: "0644" + state: present diff --git a/ansible/roles/slurm_install/templates/slurm.conf.j2 b/ansible/roles/slurm_install/templates/slurm.conf.j2 index 4161985f..77e74096 100644 --- a/ansible/roles/slurm_install/templates/slurm.conf.j2 +++ b/ansible/roles/slurm_install/templates/slurm.conf.j2 @@ -6,7 +6,6 @@ ClusterName={{ slurm_cluster_name }} SlurmctldHost={{ hostvars[host]['ansible_hostname'] }}({{ host }}) {% endfor %} # -Epilog=/etc/slurm-llnl/epilog.sh #MailProg=/bin/mail MpiDefault=none #MpiParams=ports=#-# @@ -23,7 +22,7 @@ SlurmUser={{ slurm_user_name }} SlurmdUser={{ slurmd_user_name }} StateSaveLocation={{ slurmctld_state_save_location }} SwitchType=switch/none -TaskPlugin=task/affinity +TaskPlugin=task/affinity,task/cgroup # # # TIMERS @@ -55,6 +54,12 @@ PriorityWeightTRES=CPU=1000,Mem=2000,GRES/gpu=3000 {% endif %} # # +# PROLOG/EPILOG +Epilog=/etc/slurm/epilog.sh +# The Prolog flag "contain" is required by the pam_slurm_adopt module. +PrologFlags=contain +# +# # LOGGING AND ACCOUNTING {% if slurm_use_dbd %} AccountingStorageHost={{ slurmdbd_url }}