Remove some of the excessive rabbitmq bundle logging

By removing the pam-systemd optinal session line we get rid of the
following line:
pam_systemd(su:session): Failed to connect to system bus: No such file or directory

It is useless inside a container anyway since the pam_systemd module
registers user sessions.

By adding a sufficient pam_succeed_if call fo when the user belongs to the
rabbitmq group we get rid of the following spurious log:
Oct 23 13:52:52 overcloud-controller-0 su: pam_unix(su:session): session opened for user rabbitmq by (uid=0)
Oct 23 13:52:54 overcloud-controller-0 su: pam_unix(su:session): session closed for user rabbitmq

We do not need this inside a container anyway. In the future (w/
pam_unix 1.2.0 and onwards we will be able to use the quiet option
instead).

NB: cherry-pick not %100 clean due to slightly changed diff context

Depends-On: Ic0789da4645a4ee186d82ad7d943de78d4d5c443

Change-Id: Icd199ca4ce4848c971488d8ab69e668add86b150
Related-Bug: #1806451
(cherry picked from commit 44985bd42d)

manifests/profile/pacemaker/rabbitmq_bundle.pp

@@ -118,6 +118,20 @@ class tripleo::profile::pacemaker::rabbitmq_bundle (
     replace => true,
     require => Class['::rabbitmq'],
   }
+  file_line { 'rabbitmq-pamd-systemd':
+    ensure            => absent,
+    path              => '/etc/pam.d/system-auth',
+    match             => '^-session\s+optional\s+pam_systemd.so',
+    match_for_absence => true,
+  }
+  # Note that once we move to RHEL8 where pam_unix.so supports the quiet option
+  # we can just add quiet to the pam_unix option for the session module and remove this one
+  file_line { 'rabbitmq-pamd-succeed':
+    ensure => present,
+    path   => '/etc/pam.d/system-auth',
+    line   => 'session     sufficient    pam_succeed_if.so quiet_success user ingroup rabbitmq',
+    after  => '^session.*pam_limits.so'
+  }
 
   if $step >= 1 and $pacemaker_master and hiera('stack_action') == 'UPDATE' {
     tripleo::pacemaker::resource_restart_flag { 'rabbitmq-clone':