Add ansible molecule tests for no slurm, pam_slurm.so and pam_slurm_a…

…dopt.so cases
fgci-org · Sep 4, 2020 · fab4980 · fab4980
1 parent d1cd78a
commit fab4980
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 0 deletions.
diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst
@@ -0,0 +1,22 @@
+*******
+Docker driver installation guide
+*******
+
+Requirements
+============
+
+* Docker Engine
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ python3 -m pip install 'molecule[docker]'
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -0,0 +1,8 @@
+---
+- name: Converge
+  hosts: all
+  become: True
+  tasks:
+    - name: "Include ansible-role-pam"
+      include_role:
+        name: "ansible-role-pam"
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -0,0 +1,35 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: noslurm
+    image: docker.io/pycontribs/centos:8
+    pre_build_image: true
+    groups:
+      - pam
+  - name: pam-slurm
+    image: docker.io/pycontribs/centos:8
+    pre_build_image: true
+    groups:
+      - pam
+      - pam_slurm
+  - name: pam-slurm-adopt
+    image: docker.io/pycontribs/centos:8
+    pre_build_image: true
+    groups:
+      - pam
+      - pam_slurm_adopt
+provisioner:
+  name: ansible
+  inventory:
+    group_vars:
+      pam:
+        pam_enabled: True
+      pam_slurm:
+        pam_enable_slurm: True
+      pam_slurm_adopt:
+        pam_enable_slurm_adopt: True
+verifier:
+  name: ansible
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -0,0 +1,34 @@
+---
+- name: Verify pam enabled
+  hosts: all
+  tasks:
+  #- command: cat /etc/pam.d/system-auth
+  #  register: catcmd
+  #- debug:
+  #    var: catcmd.stdout_lines
+  - name: Check whether /etc/pam.d/system-auth is populated
+    command: 'grep "#%PAM-1.0" /etc/pam.d/system-auth'
+
+- name: No slurm pam tests
+  hosts: noslurm
+  tasks:
+  - name: Check that localuser.so is in /etc/pam.d/system-auth
+    command: 'grep "account     sufficient    pam_localuser.so" /etc/pam.d/system-auth'
+  - name: Check that slurm is not mentioned in /etc/pam.d/system-auth
+    command: 'grep -v slurm /etc/pam.d/system-auth'
+
+- name: Slurm pam tests
+  hosts: pam-slurm
+  tasks:
+  - name: Check that localuser.so is in /etc/pam.d/system-auth
+    command: 'grep "account     sufficient    pam_localuser.so" /etc/pam.d/system-auth'
+  - name: Check pam_slurm.so is in /etc/pam.d/system-auth
+    command: 'grep "account     required      pam_slurm.so" /etc/pam.d/system-auth'
+
+- name: Slurm adopt pam tests
+  hosts: pam-slurm-adopt
+  tasks:
+  - name: Check that localuser.so is not in /etc/pam.d/system-auth
+    command: 'grep -v "account     sufficient    pam_localuser.so" /etc/pam.d/system-auth'
+  - name: Check pam_slurm_adopt.so is in /etc/pam.d/system-auth
+    command: 'grep "\-account     sufficient    pam_slurm_adopt.so action_adopt_failure=deny action_generic_failure=deny" /etc/pam.d/system-auth'