Defined Type: quadlets::user

Defined in:
manifests/user.pp

Summary

Generate and manage podman quadlet user

Overview

Examples:

Run a CentOS user Container maning user, specifying home dir

quadlets::user { 'steve':
  user                => 'steve'
  create_dir          => true,
  manage_user         => true,
  manage_linger       => true,
  homedir             => '/nfs/home/steve',
}
quadlets::quadlet{ 'centos.container':
  ensure              => present,
  user                => 'steve',
  homedir             => '/nfs/home/steve',
  unit_entry          => {
   'Description'      => 'Trivial Container that will be very lazy',
  },
  service_entry       => {
    'TimeoutStartSec' => '900',
  },
  container_entry     => {
    'Image'           => 'quay.io/centos/centos:latest',
    'Exec'            => 'sh -c "sleep inf"'
  },
  install_entry       => {
    'WantedBy'        => 'default.target'
  },
  active              => true,
}

Specify subordinate start and size

quadlets::user { 'quark':
   name   => 'quark',
   subuid => [10000, 15000],
   subgid => [10000, 15000],
}

Parameters:

  • user (Optional[String[1]]) (defaults to: $name)

    Specify username

  • group (Optional[String[1]]) (defaults to: undef)

    Specify group ownership of quadlet directories, if ‘undef` it will be set equal to the username.

  • homedir (Optional[Stdlib::Unixpath]) (defaults to: undef)

    Home directory, if ‘undef` `/home/$user` will be used.

  • create_dir (Boolean) (defaults to: true)

    If true the directory for containers will be created at ‘$homedir/.config/containers/systemd`.

  • manage_user (Boolean) (defaults to: true)

    If true the user and group will be created.

  • manage_linger (Boolean) (defaults to: true)

    If true ‘systemd –user` will be started for user.

  • subuid (Optional[Tuple[Integer[1],Integer[1]]]) (defaults to: undef)

    If defined as a pair of integers the user will have a subordintate user ID and a subordinate user ID count specified in ‘/etc/subuid`. Only one range per user is supported,

  • subgid (Optional[Tuple[Integer[1],Integer[1]]]) (defaults to: undef)

    If defined as a pair of integers the user’s group will have a subordintate group ID and a subordinate group ID count specified in ‘/etc/subgid`. Only one range per group is supported,



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
# File 'manifests/user.pp', line 47

define quadlets::user (
  Optional[String[1]] $user = $name,
  Optional[String[1]] $group = undef,
  Optional[Stdlib::Unixpath] $homedir = undef,
  Boolean $create_dir = true,
  Boolean $manage_user = true,
  Boolean $manage_linger = true,
  Optional[Tuple[Integer[1],Integer[1]]] $subuid = undef,
  Optional[Tuple[Integer[1],Integer[1]]] $subgid = undef,
) {
  include quadlets

  $_group = pick($group, $user)
  $_user_homedir = pick($homedir, "/home/${user}")

  if $create_dir {
    $components = split($quadlets::quadlet_user_dir, '/')
    $dirs = $components.reduce([]) |$accum, $part| {
      $accum + [$accum ? {
          []      => "${_user_homedir}/${part}",
          default => "${accum[-1]}/${part}"
        }
      ]
    }
    file { $dirs:
      ensure => directory,
      owner  => $user,
      group  => $_group,
    }
  }
  if $manage_user {
    group { $_group: }

    user { $user:
      ensure     => present,
      gid        => $_group,
      home       => $_user_homedir,
      managehome => true,
    }
  }
  if $manage_linger {
    loginctl_user { $user:
      linger => enabled,
    }
  }

  #
  # Manage subordinate users
  #
  if $subuid {
    augeas { "subuid_${user}":
      incl    => '/etc/subuid',
      lens    => 'Subids.lns',
      context => '/files/etc/subuid',
      changes => [
        "set ${user}/start ${subuid[0]}",
        "set ${user}/count ${subuid[1]}",
        "rm ${user}[2]",
        "rm ${user}[2]",
        "rm ${user}[2]",
      ],
    }
    if $manage_user {
      User[$user] -> Augeas["subuid_${user}"]
    }
  }
  if $subgid {
    augeas { "subgid_${_group}":
      incl    => '/etc/subgid',
      lens    => 'Subids.lns',
      context => '/files/etc/subgid',
      changes => [
        "set ${_group}/start ${subgid[0]}",
        "set ${_group}/count ${subgid[1]}",
        "rm ${_group}[2]",
        "rm ${_group}[2]",
        "rm ${_group}[2]",
      ],
    }
    if $manage_user {
      Group[$_group] -> Augeas["subgid_${_group}"]
    }
  }
}