Create a new user for each rootless runner container
This commit is contained in:
parent
edfc201cc2
commit
92740834a2
|
@ -3,13 +3,7 @@ class podmanrunner::runner (
|
||||||
Integer $replicas = 2,
|
Integer $replicas = 2,
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
user { 'podmanuser':
|
$username='runneruser'
|
||||||
ensure => present,
|
|
||||||
home => '/opt/podmanuser',
|
|
||||||
shell => '/usr/sbin/nologin',
|
|
||||||
uid => '1001',
|
|
||||||
managehome => true,
|
|
||||||
}
|
|
||||||
package { 'podman':
|
package { 'podman':
|
||||||
ensure => installed,
|
ensure => installed,
|
||||||
provider => apt,
|
provider => apt,
|
||||||
|
@ -20,26 +14,37 @@ class podmanrunner::runner (
|
||||||
provider => apt,
|
provider => apt,
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/opt/podmanuser/docker-compose.yaml':
|
range(1,$replicas).each |$x| {
|
||||||
|
|
||||||
|
user { "${username}${x}":
|
||||||
|
ensure => present,
|
||||||
|
home => "/opt/${username}${x}",
|
||||||
|
shell => '/usr/sbin/nologin',
|
||||||
|
uid => "${ $x + 1001}",
|
||||||
|
managehome => true,
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "/opt/${username}${x}/docker-compose.yaml":
|
||||||
ensure => file,
|
ensure => file,
|
||||||
content => template('podmanrunner/docker-compose.yaml.erb'),
|
content => template('podmanrunner/docker-compose.yaml.erb'),
|
||||||
owner => 'podmanuser',
|
owner => "${username}${x}",
|
||||||
group => 'podmanuser',
|
group => "${username}${x}",
|
||||||
mode => '0600',
|
mode => '0600',
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/opt/podmanuser/bin':
|
file { "/opt/${username}${x}/bin":
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => '0700',
|
mode => '0700',
|
||||||
owner => 'podmanuser',
|
owner => "${username}${x}",
|
||||||
group => 'podmanuser',
|
group => "${username}${x}",
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/opt/podmanuser/bin/podman-compose':
|
file { "/opt/${username}${x}/bin/podman-compose":
|
||||||
ensure => file,
|
ensure => file,
|
||||||
mode => '500',
|
mode => '500',
|
||||||
source => 'puppet:///modules/podmanrunner/podman-compose',
|
source => 'puppet:///modules/podmanrunner/podman-compose',
|
||||||
owner => 'podmanuser',
|
owner => "${username}${x}",
|
||||||
group => 'podmanuser',
|
group => "${username}${x}",
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue