Commit 25aaa3b6 authored by mh's avatar mh
Browse files

move these things to the general container config for webhostings

parent 7088977a
......@@ -125,8 +125,27 @@ define webhosting::common(
} -> Podman::Container<| tag == "user_${real_uid_name}" |>
}
# we can't yet use keep-id on EL7 as we need cgroupv2 for
# that
if versioncmp($facts['os']['release']['major'],'8') < 0 {
$default_user_run_flags = {
'user' => '1000:0',
}
} else {
fail('validate to have cgroupv2')
$default_user_run_flags = {
'userns' => 'keep-id',
'user' => '1000:GID',
}
}
$default_run_flags = $default_user_run_flags + {
'security-opt-label-type' => 'httpd_container_rw_content',
'read-only' => true,
}
$configuration['containers'].each |$con_name,$vals| {
$run_flags = pick($vals['run_flags'],{})
$hosting_run_flags = pick($vals['run_flags'],{})
$con_values = ($vals - 'run_flags') + {
ensure => $ensure,
user => $real_uid_name,
......@@ -136,9 +155,7 @@ define webhosting::common(
homedir => $vhost_path,
manage_user => false,
logpath => "${vhost_path}/logs",
run_flags => $run_flags + {
'security-opt-label-type' => 'httpd_container_rw_content',
},
run_flags => $hosting_run_flags + $default_run_flags,
tag => "user_${real_uid_name}",
}
podman::container{
......
......@@ -70,23 +70,6 @@ define webhosting::container(
default => $gid,
}
}
# we can't yet use keep-id on EL7 as we need cgroupv2 for
# that
if versioncmp($facts['os']['release']['major'],'8') < 0 {
$default_user_run_flags = {
'user' => '1000:0',
}
} else {
fail('validate to have cgroupv2')
$default_user_run_flags = {
'userns' => 'keep-id',
'user' => '1000:GID',
}
}
$default_run_flags = $default_user_run_flags + {
'security-opt-label-type' => 'httpd_container_rw_content',
'read-only' => true,
}
$user_container_config = pick($configuration['container_config'],{})
webhosting::common{$name:
ensure => $ensure,
......@@ -123,7 +106,6 @@ define webhosting::container(
'security-opt-label-type' => 'socat_httpd_sidecar',
},
},
run_flags => pick($user_container_config['run_flags'],{}) + $default_run_flags,
} + $user_container_config,
},
},
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment