From 9d23a94c962b46a33b3373275d758ff955df74cd Mon Sep 17 00:00:00 2001 From: Trey Dockendorf Date: Tue, 8 Nov 2022 13:29:26 -0500 Subject: [PATCH] Parameter changes to account for apptainer.conf changes --- manifests/init.pp | 24 +++------- templates/apptainer.conf.erb | 85 ++++++++++-------------------------- 2 files changed, 30 insertions(+), 79 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 55bf6dc..833069f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -122,22 +122,12 @@ # See apptainer.conf: `cni configuration path` # @param cni_plugin_path # See apptainer.conf: `cni plugin path` -# @param cryptsetup_path -# See apptainer.conf: `cryptsetup path` -# @param go_path -# See apptainer.conf: `go path` -# @param ldconfig_path -# See apptainer.conf: `ldconfig path` -# @param mksquashfs_path -# See apptainer.conf: `mksquashfs path` +# @param binary_path +# See apptainer.conf: `binary path` # @param mksquashfs_procs # See apptainer.conf: `mksquashfs procs` # @param mksquashfs_mem # See apptainer.conf: `mksquashfs mem` -# @param nvidia_container_cli_path -# See apptainer.conf: `nvidia-container-cli path` -# @param unsquashfs_path -# See apptainer.conf: `unsquashfs path` # @param shared_loop_devices # See apptainer.conf: `shared loop devices` # @param image_driver @@ -148,6 +138,8 @@ # See apptainer.conf: `download part size` # @param download_buffer_size # See apptainer.conf: `download buffer size` +# @param systemd_cgroups +# See apptainer.conf: `systemd cgroups` # @param namespace_users # List of uses to add to /etc/subuid and /etc/subgid to support user namespaces # @param namespace_begin_id @@ -222,19 +214,15 @@ Enum['tmpfs','ramfs'] $memory_fs_type = 'tmpfs', Optional[Stdlib::Absolutepath] $cni_configuration_path = undef, Optional[Stdlib::Absolutepath] $cni_plugin_path = undef, - Stdlib::Absolutepath $cryptsetup_path = '/usr/sbin/cryptsetup', - Optional[Stdlib::Absolutepath] $go_path = undef, - Stdlib::Absolutepath $ldconfig_path = '/usr/sbin/ldconfig', - Optional[Stdlib::Absolutepath] $mksquashfs_path = undef, + Optional[String[1]] $binary_path = undef, Integer[0,default] $mksquashfs_procs = 0, Optional[String[1]] $mksquashfs_mem = undef, - Optional[Stdlib::Absolutepath] $nvidia_container_cli_path = undef, - Optional[Stdlib::Absolutepath] $unsquashfs_path = undef, Enum['yes','no'] $shared_loop_devices = 'no', Optional[String] $image_driver = undef, Integer[0,default] $download_concurrency = 3, Integer[0,default] $download_part_size = 5242880, Integer[0,default] $download_buffer_size = 32768, + Enum['yes''no'] $systemd_cgroups = 'yes', Array $namespace_users = [], Integer $namespace_begin_id = 65537, Integer $namespace_id_range = 65536, diff --git a/templates/apptainer.conf.erb b/templates/apptainer.conf.erb index adfd482..af0bcef 100644 --- a/templates/apptainer.conf.erb +++ b/templates/apptainer.conf.erb @@ -148,9 +148,10 @@ mount slave = <%= scope['apptainer::mount_slave'] %> # SESSIONDIR MAXSIZE: [STRING] # DEFAULT: 16 -# This specifies how large the default sessiondir should be (in MB) and it will -# only affect users who use the "--contain" options and don't also specify a -# location to do default read/writes to (e.g. "--workdir" or "--home"). +# This specifies how large the default sessiondir should be (in MB). It will +# affect users who use the "--contain" options and don't also specify a +# location to do default read/writes to (e.g. "--workdir" or "--home") and +# it will also affect users of "--writable-tmpfs". sessiondir max size = <%= scope['apptainer::sessiondir_max_size'] %> # LIMIT CONTAINER OWNERS: [STRING] @@ -276,7 +277,7 @@ memory fs type = <%= scope['apptainer::memory_fs_type'] %> # CNI CONFIGURATION PATH: [STRING] # DEFAULT: Undefined -# Defines path from where CNI configuration files are stored +# Defines path where CNI configuration files are stored #cni configuration path = <%- if scope['apptainer::cni_configuration_path'] -%> cni configuration path = <%= scope['apptainer::cni_configuration_path'] %> @@ -284,48 +285,25 @@ cni configuration path = <%= scope['apptainer::cni_configuration_path'] %> # CNI PLUGIN PATH: [STRING] # DEFAULT: Undefined -# Defines path from where CNI executable plugins are stored +# Defines path where CNI executable plugins are stored #cni plugin path = <%- if scope['apptainer::cni_plugin_path'] -%> cni plugin path = <%= scope['apptainer::cni_plugin_path'] %> <%- end -%> -# CRYPTSETUP PATH: [STRING] -# DEFAULT: Undefined -# Path to the cryptsetup executable, used to work with encrypted containers. -# Must be set to build or run encrypted containers. -# Executable must be owned by root for security reasons. -# cryptsetup path = -cryptsetup path = <%= scope['apptainer::cryptsetup_path'] %> - -# GO PATH: [STRING] -# DEFAULT: Undefined -# Path to the go executable, used to compile plugins. -# If not set, Apptainer will search $PATH, /usr/local/sbin, /usr/local/bin, -# /usr/sbin, /usr/bin, /sbin, /bin. -# go path = -<%- if scope['apptainer::go_path'] -%> -go path = <%= scope['apptainer::go_path'] %> -<%- end -%> - -# LDCONFIG PATH: [STRING] -# DEFAULT: Undefined -# Path to the ldconfig executable, used to find GPU libraries. -# Must be set to use --nv / --nvccli. -# When run as root, executable must be owned by root for security reasons. -# ldconfig path = -ldconfig path = <%= scope['apptainer::ldconfig_path'] %> - -# MKSQUASHFS PATH: [STRING] -# DEFAULT: Undefined -# Path to the mksquashfs executable, used to create SIF and SquashFS containers. -# If not set, Apptainer will search $PATH, /usr/local/sbin, /usr/local/bin, -# /usr/sbin, /usr/bin, /sbin, /bin. -# mksquashfs path = -<%- if scope['apptainer::mksquashfs_path'] -%> -mksquashfs path = <%= scope['apptainer::mksquashfs_path'] %> -<%- end -%> +# BINARY PATH: [STRING] +# DEFAULT: $PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +# Colon-separated list of directories to search for many binaries. May include +# "$PATH:", which will be replaced by the user's PATH when not running a binary +# that may be run with elevated privileges from the setuid program flow. The +# internal bin ${prefix}/libexec/apptainer/bin is always included, either at the +# beginning of "$PATH:" if it is present or at the very beginning if "$PATH:" is +# not present. +# binary path = +<%- if scope['apptainer::binary_path'] -%> +binary path = <%= scope['apptainer::binary_path'] %> +<% end -%> # MKSQUASHFS PROCS: [UINT] # DEFAULT: 0 (All CPUs) @@ -348,27 +326,6 @@ mksquashfs mem = <%= scope['apptainer::mksquashfs_mem'] %> <%- end -%> -# NVIDIA-CONTAINER-CLI PATH: [STRING] -# DEFAULT: Undefined -# Path to the nvidia-container-cli executable, used to find GPU libraries. -# Must be set to use --nvccli. -# When run as root, executable must be owned by root for security reasons -# nvidia-container-cli path = -<%- if scope['apptainer::nvidia_container_cli_path'] -%> -nvidia-container-cli path = <%= scope['apptainer::nvidia_container_cli_path'] %> -<%- end -%> - - -# UNSQUASHFS PATH: [STRING] -# DEFAULT: Undefined -# Path to the unsquashfs executable, used to extract SIF and SquashFS containers -# If not set, Apptainer will search $PATH, /usr/local/sbin, /usr/local/bin, -# /usr/sbin, /usr/bin, /sbin, /bin. -# unsquashfs path = -<%- if scope['apptainer::unsquashfs_path'] -%> -unsquashfs path = <%= scope['apptainer::unsquashfs_path'] %> -<%- end -%> - # SHARED LOOP DEVICES: [BOOL] # DEFAULT: no # Allow to share same images associated with loop devices to minimize loop @@ -404,3 +361,9 @@ download part size = <%= scope['apptainer::download_part_size'] %> # This option specifies the transfer buffer size when concurrent downloads # are enabled. download buffer size = <%= scope['apptainer::download_buffer_size'] %> + +# SYSTEMD CGROUPS: [BOOL] +# DEFAULT: yes +# Whether to use systemd to manage container cgroups. Required for rootless cgroups +# functionality. 'no' will manage cgroups directly via cgroupfs. +systemd cgroups = <%= scope['apptainer::systemd_cgroups'] %>