Defined Type: quadlets::user

Defined in:

manifests/user.pp

Summary

Generate and manage podman quadlet user

Overview

Examples:

Run a CentOS user Container maning user, specifying home dir

quadlets::user { 'steve':
  user                => 'steve'
  create_dir          => true,
  manage_user         => true,
  manage_linger       => true,
  homedir             => '/nfs/home/steve',
}
quadlets::quadlet{ 'centos.container':
  ensure              => present,
  user                => 'steve',
  homedir             => '/nfs/home/steve',
  unit_entry          => {
   'Description'      => 'Trivial Container that will be very lazy',
  },
  service_entry       => {
    'TimeoutStartSec' => '900',
  },
  container_entry     => {
    'Image'           => 'quay.io/centos/centos:latest',
    'Exec'            => 'sh -c "sleep inf"'
  },
  install_entry       => {
    'WantedBy'        => 'default.target'
  },
  active              => true,
}

Specify subordinate start and size

quadlets::user { 'quark':
   name   => 'quark',
   subuid => [10000, 15000],
   subgid => [10000, 15000],
}

Parameters:

• user (Optional[String[1]]) (defaults to: $name) —

  Specify username

• group (Optional[String[1]]) (defaults to: undef) —

  Specify group ownership of quadlet directories, if ‘undef` it will be set equal to the username.

• homedir (Optional[Stdlib::Unixpath]) (defaults to: undef) —

  Home directory, if ‘undef` `/home/$user` will be used.

• create_dir (Boolean) (defaults to: true) —

  If true the directory for podlets will be created at ‘$homedir/.config/containers/systemd`.

• create_system_dir (Boolean) (defaults to: true) —

  If true the directory ‘/etc/containers/systemd/user/$user` will be created.

• manage_user (Boolean) (defaults to: true) —

  If true the user and group will be created.

• manage_linger (Boolean) (defaults to: true) —

  If true ‘systemd –user` will be started for user.

• subuid (Optional[Tuple[Integer[1],Integer[1]]]) (defaults to: undef) —

  If defined as a pair of integers the user will have a subordintate user ID and a subordinate user ID count specified in ‘/etc/subuid`. Only one range per user is supported,

• subgid (Optional[Tuple[Integer[1],Integer[1]]]) (defaults to: undef) —

  If defined as a pair of integers the user’s group will have a subordintate group ID and a subordinate group ID count specified in ‘/etc/subgid`. Only one range per group is supported,

• authentications (Optional[Hash[String[1],Quadlets::Auth]]) (defaults to: undef) —

  if defined, a file ~/.config/containers/auth.json is created with the specified authentications (the directory has to exist, eg. use create_dir => true)

• user_additional_params (Hash[Pattern[/\A(?!ensure$|gid$|home$|managehome$)[a-z_]+\z/],Any]) (defaults to: {}) —

  Define additional parameters to be used to create the user.

# File 'manifests/user.pp', line 50

define quadlets::user (
  Optional[String[1]] $user = $name,
  Optional[String[1]] $group = undef,
  Optional[Stdlib::Unixpath] $homedir = undef,
  Boolean $create_dir = true,
  Boolean $create_system_dir = true,
  Boolean $manage_user = true,
  Boolean $manage_linger = true,
  Optional[Tuple[Integer[1],Integer[1]]] $subuid = undef,
  Optional[Tuple[Integer[1],Integer[1]]] $subgid = undef,
  Optional[Hash[String[1],Quadlets::Auth]] $authentications = undef,
  Hash[Pattern[/\A(?!ensure$|gid$|home$|managehome$)[a-z_]+\z/],Any] $user_additional_params = {},
) {
  include quadlets

  $_group = pick($group, $user)
  $_user_homedir = pick($homedir, "/home/${user}")

  if $create_system_dir {
    file { "${quadlets::quadlet_system_user_dir}/${user}":
      ensure => directory,
      owner  => root,
      group  => root,
    }
  }

  if $create_dir {
    $components = split($quadlets::quadlet_user_dir, '/')
    $dirs = $components.reduce([]) |$accum, $part| {
      $accum + [$accum ? {
          []      => "${_user_homedir}/${part}",
          default => "${accum[-1]}/${part}"
        },
      ]
    }
    file { $dirs:
      ensure => directory,
      owner  => $user,
      group  => $_group,
    }
  }
  if $manage_user {
    group { $_group: }

    user { $user:
      * => {
        ensure     => present,
        gid        => $_group,
        home       => $_user_homedir,
        managehome => true,
      } + $user_additional_params,
    }
  }
  if $manage_linger {
    loginctl_user { $user:
      linger => enabled,
    }
  }

  #
  # Manage subordinate users
  #
  if $subuid {
    augeas { "subuid_${user}":
      incl    => '/etc/subuid',
      lens    => 'Subids.lns',
      context => '/files/etc/subuid',
      changes => [
        "set ${user}/start ${subuid[0]}",
        "set ${user}/count ${subuid[1]}",
        "rm ${user}[2]",
        "rm ${user}[2]",
        "rm ${user}[2]",
      ],
    }
    if $manage_user {
      User[$user] -> Augeas["subuid_${user}"]
    }
  }
  if $subgid {
    augeas { "subgid_${_group}":
      incl    => '/etc/subgid',
      lens    => 'Subids.lns',
      context => '/files/etc/subgid',
      changes => [
        "set ${_group}/start ${subgid[0]}",
        "set ${_group}/count ${subgid[1]}",
        "rm ${_group}[2]",
        "rm ${_group}[2]",
        "rm ${_group}[2]",
      ],
    }
    if $manage_user {
      Group[$_group] -> Augeas["subgid_${_group}"]
    }
  }

  #
  # Manage authentications:
  #
  if $authentications {
    $_authentications = $authentications.reduce({}) | Hash $memo, Tuple[String[1],Quadlets::Auth] $v | {
      $memo + { $v[0] => { 'auth' => String(Binary("${v[1]['username']}:${v[1]['password']}",'%s')) } }
    }

    file { "${_user_homedir}/.config/containers/auth.json":
      ensure  => 'file',
      owner   => $user,
      group   => $_group,
      mode    => '0600',
      content => stdlib::to_json({ 'auths' => $_authentications }),
    }
  }
}