-
Notifications
You must be signed in to change notification settings - Fork 3
/
init.pp
251 lines (246 loc) · 8.89 KB
/
init.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
# @summary Manage Apptainer
#
# @example
# include ::apptainer
#
# @param install_method
# Sets how Apptainer will be installed
# @param install_setuid
# Whether to install the setuid portion of apptainer
# @param version
# Version of Apptainer to install
# @param manage_repo
# Enable repositories for apptainer packages, e.g. EPEL on RedHat
# @param remove_singularity
# Set whether to remove Singularity before installing Apptainer
# @param package_name
# Apptainer package name
# Only used when install_method=package
# @param source_dependencies
# Packages needed to build from source
# Only used when install_method=source
# @param manage_go
# Sets if golang module should be included
# Only used when install_method=source
# @param rebuild_on_go
# Sets if Apptainer should be rebuilt on updates to Go via golang module
# Only used when install_method=source and manage_go=true
# @param source_base_dir
# Base directory of where Apptainer source will be extracted
# Only used when install_method=source
# @param source_mconfig_path
# Path to source install mconfig script
# @param build_flags
# Build flags to pass to mconfig when building Apptainer
# Only used when install_method=source
# @param build_env
# Environment variables to use when building from source
# Only used when install_method=source
# @param prefix
# The --prefix value when building from source
# Only used when install_method=source
# @param localstatedir
# The --localstatedir value when building from source
# Only used when install_method=source
# @param sysconfdir
# The --sysconfdir value when building from source
# Only used when install_method=source
# @param source_exec_path
# Set PATH when building from source
# Only used when install_method=source
# @param plugins
# Hash to define apptainer::plugin resources
# @param config_path
# Path to apptainer.conf
# @param config_template
# Template used for apptainer.conf
# @param allow_setuid
# See apptainer.conf: `allow setuid`
# @param max_loop_devices
# See apptainer.conf: `max loop devices`
# @param allow_pid_ns
# See apptainer.conf: `allow pid ns`
# @param config_passwd
# See apptainer.conf: `config passwd`
# @param config_group
# See apptainer.conf: `config group`
# @param config_resolv_conf
# See apptainer.conf: `config resolv conf`
# @param mount_proc
# See apptainer.conf: `mount proc`
# @param mount_sys
# See apptainer.conf: `mount sys`
# @param mount_dev
# See apptainer.conf: `mount dev`
# @param mount_devpts
# See apptainer.conf: `mount devpts`
# @param mount_home
# See apptainer.conf: `mount home`
# @param mount_tmp
# See apptainer.conf: `mount tmp`
# @param mount_hostfs
# See apptainer.conf: `mount hostfs`
# @param bind_paths
# See apptainer.conf: `bind paths`
# @param user_bind_control
# See apptainer.conf: `user bind control`
# @param enable_fusemount
# See apptainer.conf: `enable fusemount`
# @param enable_overlay
# See apptainer.conf: `enable overlay`
# @param enable_underlay
# See apptainer.conf: `enable underlay`
# @param mount_slave
# See apptainer.conf: `mount slave`
# @param sessiondir_max_size
# See apptainer.conf: `sessiondir max size`
# @param limit_container_owners
# See apptainer.conf: `limit container owners`
# @param limit_container_groups
# See apptainer.conf: `limit container groups`
# @param limit_container_paths
# See apptainer.conf: `limit container paths`
# @param allow_containers
# See apptainer.conf: `allow containers`
# @param allow_net_users
# See apptainer.conf: `allow net users`
# @param allow_net_groups
# See apptainer.conf: `allow net groups`
# @param allow_net_networks
# See apptainer.conf: `allow net networks`
# @param always_use_nv
# See apptainer.conf: `always use nv`
# @param use_nvidia_container_cli
# See apptainer.conf: `use nvidia-container-cli`
# @param always_use_rocm
# See apptainer.conf: `always use rocm`
# @param root_default_capabilities
# See apptainer.conf: `root default capabilities`
# @param memory_fs_type
# See apptainer.conf: `memory fs type`
# @param cni_configuration_path
# See apptainer.conf: `cni configuration path`
# @param cni_plugin_path
# See apptainer.conf: `cni plugin path`
# @param binary_path
# See apptainer.conf: `binary path`
# @param mksquashfs_procs
# See apptainer.conf: `mksquashfs procs`
# @param mksquashfs_mem
# See apptainer.conf: `mksquashfs mem`
# @param shared_loop_devices
# See apptainer.conf: `shared loop devices`
# @param image_driver
# See apptainer.conf: `image driver`
# @param download_concurrency
# See apptainer.conf: `download concurrency`
# @param download_part_size
# See apptainer.conf: `download part size`
# @param download_buffer_size
# See apptainer.conf: `download buffer size`
# @param systemd_cgroups
# See apptainer.conf: `systemd cgroups`
# @param namespace_users
# List of uses to add to /etc/subuid and /etc/subgid to support user namespaces
# @param namespace_begin_id
# The beginning ID for /etc/subuid and /etc/subgid. The value is incremented
# For each user by start + namespace_id_range + 1
# @param namespace_id_range
# The range of UIDs/GIDs usable by a user in namespaces
# @param subid_template
# The template to use for /etc/subuid and /etc/subgid
#
class apptainer (
Enum['package','source'] $install_method = 'package',
Boolean $install_setuid = false,
String $version = '1.1.3',
Boolean $manage_repo = true,
Boolean $remove_singularity = false,
# Package install
String $package_name = 'apptainer',
# Source install
Array $source_dependencies = [],
Boolean $manage_go = true,
Boolean $rebuild_on_go = true,
Stdlib::Absolutepath $source_base_dir = '/opt',
Stdlib::Absolutepath $source_mconfig_path = '/usr/local/sbin/apptainer-mconfig.sh',
Hash $build_flags = {},
Hash $build_env = {},
Stdlib::Absolutepath $prefix = '/usr',
Stdlib::Absolutepath $localstatedir = '/var',
Stdlib::Absolutepath $sysconfdir = '/etc',
String $source_exec_path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin',
Hash $plugins = {},
# Config
Stdlib::Absolutepath $config_path = '/etc/apptainer/apptainer.conf',
String $config_template = 'apptainer/apptainer.conf.erb',
Enum['yes','no'] $allow_setuid = 'yes',
Integer $max_loop_devices = 256,
Enum['yes','no'] $allow_pid_ns = 'yes',
Enum['yes','no'] $config_passwd = 'yes',
Enum['yes','no'] $config_group = 'yes',
Enum['yes','no'] $config_resolv_conf = 'yes',
Enum['yes','no'] $mount_proc = 'yes',
Enum['yes','no'] $mount_sys = 'yes',
Enum['yes','no'] $mount_dev = 'yes',
Enum['yes','no'] $mount_devpts = 'yes',
Enum['yes','no'] $mount_home = 'yes',
Enum['yes','no'] $mount_tmp = 'yes',
Enum['yes','no'] $mount_hostfs = 'no',
Array[Stdlib::Absolutepath] $bind_paths = ['/etc/localtime', '/etc/hosts'],
Enum['yes','no'] $user_bind_control = 'yes',
Enum['yes','no'] $enable_fusemount = 'yes',
Enum['yes','no','try'] $enable_overlay = 'try',
Enum['yes','no','try','driver'] $enable_underlay = 'yes',
Enum['yes','no'] $mount_slave = 'yes',
Integer $sessiondir_max_size = 16,
Optional[Array] $limit_container_owners = undef,
Optional[Array] $limit_container_groups = undef,
Optional[Array] $limit_container_paths = undef,
Hash[String,Enum['yes','no']] $allow_containers = {
'sif' => 'yes',
'encrypted' => 'yes',
'squashfs' => 'yes',
'extfs' => 'yes',
'dir' => 'yes',
},
Array $allow_net_users = [],
Array $allow_net_groups = [],
Array $allow_net_networks = [],
Enum['yes','no'] $always_use_nv = 'no',
Enum['yes','no'] $use_nvidia_container_cli = 'no',
Enum['yes','no'] $always_use_rocm = 'no',
Enum['full','file','default','no'] $root_default_capabilities = 'full',
Enum['tmpfs','ramfs'] $memory_fs_type = 'tmpfs',
Optional[Stdlib::Absolutepath] $cni_configuration_path = undef,
Optional[Stdlib::Absolutepath] $cni_plugin_path = undef,
Optional[String[1]] $binary_path = undef,
Integer[0,default] $mksquashfs_procs = 0,
Optional[String[1]] $mksquashfs_mem = undef,
Enum['yes','no'] $shared_loop_devices = 'no',
Optional[String] $image_driver = undef,
Integer[0,default] $download_concurrency = 3,
Integer[0,default] $download_part_size = 5242880,
Integer[0,default] $download_buffer_size = 32768,
Enum['yes''no'] $systemd_cgroups = 'yes',
Array $namespace_users = [],
Integer $namespace_begin_id = 65537,
Integer $namespace_id_range = 65536,
String $subid_template = 'apptainer/subid.erb',
) {
if $facts['os']['family'] == 'RedHat' and $manage_repo {
include epel
Class['epel'] -> Class["apptainer::install::${install_method}"]
}
contain "apptainer::install::${install_method}"
contain apptainer::config
Class["apptainer::install::${install_method}"]
->Class['apptainer::config']
if $remove_singularity {
contain apptainer::singularity
Class['apptainer::singularity'] -> Class["apptainer::install::${install_method}"]
}
$plugins.each |$name, $plugin| {
apptainer::plugin { $name: * => $plugin }
}
}