From 9e09220c44524a76ef8267abdb689966cb9a6fc5 Mon Sep 17 00:00:00 2001
From: "James C. Womack" <J.C.Womack@bristol.ac.uk>
Date: Mon, 15 Apr 2024 11:44:53 +0100
Subject: [PATCH 1/2] Set security group for Packer image build instance

Uses security group from startnode configuration.
---
 roles/packer/files/all.pkr.hcl                  | 2 ++
 roles/packer/templates/variables.pkrvars.hcl.j2 | 1 +
 2 files changed, 3 insertions(+)

diff --git a/roles/packer/files/all.pkr.hcl b/roles/packer/files/all.pkr.hcl
index 9c6960f6..dac2b0ea 100644
--- a/roles/packer/files/all.pkr.hcl
+++ b/roles/packer/files/all.pkr.hcl
@@ -20,6 +20,7 @@ variable "oracle_key_file" {}
 
 variable "openstack_network" {}
 variable "openstack_ceph_network" {}
+variable "openstack_security_group" {}
 
 variable "destination_image_name" {}
 variable "cluster" {}
@@ -117,6 +118,7 @@ source "openstack" "openstack" {
     source_image_name = "Rocky-8.8"
     ssh_username = var.ssh_username
     networks = [var.openstack_network, var.openstack_ceph_network]
+    security_groups = [var.openstack_security_group]
     image_tags = ["compute"]
     metadata = {"cluster": var.cluster}
 }
diff --git a/roles/packer/templates/variables.pkrvars.hcl.j2 b/roles/packer/templates/variables.pkrvars.hcl.j2
index 1039acdd..9977a2ed 100644
--- a/roles/packer/templates/variables.pkrvars.hcl.j2
+++ b/roles/packer/templates/variables.pkrvars.hcl.j2
@@ -25,3 +25,4 @@ oracle_key_file = "/home/slurm/.oci/oci_api_key.pem"
 
 openstack_network = "{%- if startnode_config.network_id is defined -%}{{ startnode_config.network_id }}{%- endif -%}"
 openstack_ceph_network = "{%- if startnode_config.ceph_network is defined -%}{{ startnode_config.ceph_network }}{%- endif -%}"
+openstack_security_group = "{%- if startnode_config.security_group is defined -%}{{ startnode_config.security_group }}{%- endif -%}"

From 2e35b30133d16800d91cfaee6f5652cc5fa04eb1 Mon Sep 17 00:00:00 2001
From: "James C. Womack" <J.C.Womack@bristol.ac.uk>
Date: Thu, 25 Apr 2024 13:15:16 +0100
Subject: [PATCH 2/2] Explicitly install authselect package

This appears to not always be present on Rocky 8 images.
---
 roles/sssd/tasks/main.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/sssd/tasks/main.yml b/roles/sssd/tasks/main.yml
index 7c99b118..4ed28011 100644
--- a/roles/sssd/tasks/main.yml
+++ b/roles/sssd/tasks/main.yml
@@ -16,6 +16,11 @@
 - name: Update CA trust anchors
   ansible.builtin.command: update-ca-trust  # noqa no-changed-when
 
+- name: Install authselect
+  ansible.builtin.package:
+    name: authselect
+    state: present
+
 - name: Enable SSSD auth in PAM
   ansible.builtin.command: authselect select sssd --force  # noqa no-changed-when