Puppet Class: apptainer

Defined in:
manifests/init.pp

Summary

Manage Apptainer

Overview

Examples:

include ::apptainer

Parameters:

  • install_method (Enum['package','source','os']) (defaults to: 'package')

    Sets how Apptainer will be installed, package will install the upstream package source from source os will install from standard OS repositories for example from EPEL on RedHat family.

  • install_setuid (Boolean) (defaults to: false)

    Whether to install the setuid portion of apptainer

  • version (String) (defaults to: '1.1.3')

    Version of Apptainer to install

  • manage_repo (Boolean) (defaults to: true)

    Enable repositories for apptainer packages, e.g. EPEL on RedHat

  • remove_singularity (Boolean) (defaults to: false)

    Set whether to remove Singularity before installing Apptainer

  • package_name (String) (defaults to: 'apptainer')

    Apptainer package name Only used when install_method=package

  • source_dependencies (Array) (defaults to: [])

    Packages needed to build from source Only used when install_method=source

  • manage_go (Boolean) (defaults to: true)

    Sets if golang module should be included Only used when install_method=source

  • rebuild_on_go (Boolean) (defaults to: true)

    Sets if Apptainer should be rebuilt on updates to Go via golang module Only used when install_method=source and manage_go=true

  • source_base_dir (Stdlib::Absolutepath) (defaults to: '/opt')

    Base directory of where Apptainer source will be extracted Only used when install_method=source

  • source_mconfig_path (Stdlib::Absolutepath) (defaults to: '/usr/local/sbin/apptainer-mconfig.sh')

    Path to source install mconfig script

  • build_flags (Hash) (defaults to: {})

    Build flags to pass to mconfig when building Apptainer Only used when install_method=source

  • build_env (Hash) (defaults to: {})

    Environment variables to use when building from source Only used when install_method=source

  • prefix (Stdlib::Absolutepath) (defaults to: '/usr')

    The –prefix value when building from source Only used when install_method=source

  • localstatedir (Stdlib::Absolutepath) (defaults to: '/var')

    The –localstatedir value when building from source Only used when install_method=source

  • sysconfdir (Stdlib::Absolutepath) (defaults to: '/etc')

    The –sysconfdir value when building from source Only used when install_method=source

  • source_exec_path (String) (defaults to: '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin')

    Set PATH when building from source Only used when install_method=source

  • plugins (Hash) (defaults to: {})

    Hash to define apptainer::plugin resources

  • config_path (Stdlib::Absolutepath) (defaults to: '/etc/apptainer/apptainer.conf')

    Path to apptainer.conf

  • config_template (String) (defaults to: 'apptainer/apptainer.conf.erb')

    Template used for apptainer.conf

  • allow_setuid (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: allow setuid

  • max_loop_devices (Integer) (defaults to: 256)

    See apptainer.conf: max loop devices

  • allow_pid_ns (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: allow pid ns

  • config_passwd (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: config passwd

  • config_group (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: config group

  • config_resolv_conf (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: config resolv conf

  • mount_proc (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: mount proc

  • mount_sys (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: mount sys

  • mount_dev (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: mount dev

  • mount_devpts (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: mount devpts

  • mount_home (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: mount home

  • mount_tmp (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: mount tmp

  • mount_hostfs (Enum['yes','no']) (defaults to: 'no')

    See apptainer.conf: mount hostfs

  • bind_paths (Array[Stdlib::Absolutepath]) (defaults to: ['/etc/localtime', '/etc/hosts'])

    See apptainer.conf: bind paths

  • user_bind_control (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: user bind control

  • enable_fusemount (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: enable fusemount

  • enable_overlay (Enum['yes','no','try']) (defaults to: 'try')

    See apptainer.conf: enable overlay

  • enable_underlay (Enum['yes','no','try','driver']) (defaults to: 'yes')

    See apptainer.conf: enable underlay

  • mount_slave (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: mount slave

  • sessiondir_max_size (Integer) (defaults to: 16)

    See apptainer.conf: sessiondir max size

  • limit_container_owners (Optional[Array]) (defaults to: undef)

    See apptainer.conf: limit container owners

  • limit_container_groups (Optional[Array]) (defaults to: undef)

    See apptainer.conf: limit container groups

  • limit_container_paths (Optional[Array]) (defaults to: undef)

    See apptainer.conf: limit container paths

  • allow_containers (Hash[String,Enum['yes','no']]) (defaults to: { 'sif' => 'yes', 'encrypted' => 'yes', 'squashfs' => 'yes', 'extfs' => 'yes', 'dir' => 'yes', })

    See apptainer.conf: allow containers

  • allow_net_users (Array) (defaults to: [])

    See apptainer.conf: allow net users

  • allow_net_groups (Array) (defaults to: [])

    See apptainer.conf: allow net groups

  • allow_net_networks (Array) (defaults to: [])

    See apptainer.conf: allow net networks

  • always_use_nv (Enum['yes','no']) (defaults to: 'no')

    See apptainer.conf: always use nv

  • use_nvidia_container_cli (Enum['yes','no']) (defaults to: 'no')

    See apptainer.conf: use nvidia-container-cli

  • always_use_rocm (Enum['yes','no']) (defaults to: 'no')

    See apptainer.conf: always use rocm

  • root_default_capabilities (Enum['full','file','default','no']) (defaults to: 'full')

    See apptainer.conf: root default capabilities

  • memory_fs_type (Enum['tmpfs','ramfs']) (defaults to: 'tmpfs')

    See apptainer.conf: memory fs type

  • cni_configuration_path (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    See apptainer.conf: cni configuration path

  • cni_plugin_path (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    See apptainer.conf: cni plugin path

  • binary_path (Optional[String[1]]) (defaults to: undef)

    See apptainer.conf: binary path

  • mksquashfs_procs (Integer[0,default]) (defaults to: 0)

    See apptainer.conf: mksquashfs procs

  • mksquashfs_mem (Optional[String[1]]) (defaults to: undef)

    See apptainer.conf: mksquashfs mem

  • shared_loop_devices (Enum['yes','no']) (defaults to: 'no')

    See apptainer.conf: shared loop devices

  • image_driver (Optional[String]) (defaults to: undef)

    See apptainer.conf: image driver

  • download_concurrency (Integer[0,default]) (defaults to: 3)

    See apptainer.conf: download concurrency

  • download_part_size (Integer[0,default]) (defaults to: 5242880)

    See apptainer.conf: download part size

  • download_buffer_size (Integer[0,default]) (defaults to: 32768)

    See apptainer.conf: download buffer size

  • systemd_cgroups (Enum['yes','no']) (defaults to: 'yes')

    See apptainer.conf: systemd cgroups

  • namespace_users (Array) (defaults to: [])

    List of uses to add to /etc/subuid and /etc/subgid to support user namespaces

  • namespace_begin_id (Integer) (defaults to: 65537)

    The beginning ID for /etc/subuid and /etc/subgid. The value is incremented For each user by start + namespace_id_range + 1

  • namespace_id_range (Integer) (defaults to: 65536)

    The range of UIDs/GIDs usable by a user in namespaces

  • subid_template (String) (defaults to: 'apptainer/subid.erb')

    The template to use for /etc/subuid and /etc/subgid



156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
 
# File 'manifests/init.pp', line 156

class apptainer (
  Enum['package','source','os'] $install_method = 'package',
  Boolean $install_setuid = false,
  String $version = '1.1.3',
  Boolean $manage_repo = true,
  Boolean $remove_singularity = false,
  # Package install
  String $package_name = 'apptainer',
  # Source install
  Array $source_dependencies = [],
  Boolean $manage_go = true,
  Boolean $rebuild_on_go = true,
  Stdlib::Absolutepath $source_base_dir = '/opt',
  Stdlib::Absolutepath $source_mconfig_path = '/usr/local/sbin/apptainer-mconfig.sh',
  Hash $build_flags = {},
  Hash $build_env = {},
  Stdlib::Absolutepath $prefix = '/usr',
  Stdlib::Absolutepath $localstatedir = '/var',
  Stdlib::Absolutepath $sysconfdir = '/etc',
  String $source_exec_path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin',
  Hash $plugins = {},
  # Config
  Stdlib::Absolutepath $config_path = '/etc/apptainer/apptainer.conf',
  String $config_template = 'apptainer/apptainer.conf.erb',
  Enum['yes','no'] $allow_setuid  = 'yes',
  Integer $max_loop_devices = 256,
  Enum['yes','no'] $allow_pid_ns = 'yes',
  Enum['yes','no'] $config_passwd = 'yes',
  Enum['yes','no'] $config_group = 'yes',
  Enum['yes','no'] $config_resolv_conf = 'yes',
  Enum['yes','no'] $mount_proc = 'yes',
  Enum['yes','no'] $mount_sys = 'yes',
  Enum['yes','no'] $mount_dev = 'yes',
  Enum['yes','no'] $mount_devpts = 'yes',
  Enum['yes','no'] $mount_home = 'yes',
  Enum['yes','no'] $mount_tmp = 'yes',
  Enum['yes','no'] $mount_hostfs = 'no',
  Array[Stdlib::Absolutepath] $bind_paths = ['/etc/localtime', '/etc/hosts'],
  Enum['yes','no'] $user_bind_control = 'yes',
  Enum['yes','no'] $enable_fusemount = 'yes',
  Enum['yes','no','try'] $enable_overlay = 'try',
  Enum['yes','no','try','driver'] $enable_underlay = 'yes',
  Enum['yes','no'] $mount_slave = 'yes',
  Integer $sessiondir_max_size = 16,
  Optional[Array] $limit_container_owners = undef,
  Optional[Array] $limit_container_groups = undef,
  Optional[Array] $limit_container_paths = undef,
  Hash[String,Enum['yes','no']] $allow_containers = {
    'sif' => 'yes',
    'encrypted' => 'yes',
    'squashfs' => 'yes',
    'extfs' => 'yes',
    'dir' => 'yes',
  },
  Array $allow_net_users = [],
  Array $allow_net_groups = [],
  Array $allow_net_networks = [],
  Enum['yes','no'] $always_use_nv = 'no',
  Enum['yes','no'] $use_nvidia_container_cli = 'no',
  Enum['yes','no'] $always_use_rocm = 'no',
  Enum['full','file','default','no'] $root_default_capabilities = 'full',
  Enum['tmpfs','ramfs'] $memory_fs_type = 'tmpfs',
  Optional[Stdlib::Absolutepath] $cni_configuration_path = undef,
  Optional[Stdlib::Absolutepath] $cni_plugin_path = undef,
  Optional[String[1]] $binary_path = undef,
  Integer[0,default] $mksquashfs_procs = 0,
  Optional[String[1]] $mksquashfs_mem = undef,
  Enum['yes','no'] $shared_loop_devices = 'no',
  Optional[String] $image_driver = undef,
  Integer[0,default] $download_concurrency = 3,
  Integer[0,default] $download_part_size = 5242880,
  Integer[0,default] $download_buffer_size = 32768,
  Enum['yes','no'] $systemd_cgroups = 'yes',
  Array $namespace_users = [],
  Integer $namespace_begin_id = 65537,
  Integer $namespace_id_range = 65536,
  String $subid_template = 'apptainer/subid.erb',
) {

  if $facts['os']['family'] == 'RedHat' and $manage_repo {
    include epel
    Class['epel'] -> Class["apptainer::install::${install_method}"]
  }

  contain "apptainer::install::${install_method}"
  contain apptainer::config

  Class["apptainer::install::${install_method}"]
  ->Class['apptainer::config']

  if $remove_singularity {
    contain apptainer::singularity
    Class['apptainer::singularity'] -> Class["apptainer::install::${install_method}"]
  }

  $plugins.each |$name, $plugin| {
    apptainer::plugin { $name: * => $plugin }
  }
}