Background:
I am upgrading our lxc puppet module to support the emerging unprivileged LXC technology.
The code that creates the container is executed unless the following test if the container exists succeeds: lxc-info -n ${lxcname} >/dev/null. If executed as root, the lxc-info checks for the name among the root containers. If invoked by a normal user, it checks against the list of unprivileged containers stored for this particular user.
I want to create a resource along the lines of (code not tested yet):
#Creation of the container ${name}
exec { "lxc-create of ${hostname}":
command => "lxc-create -t download -n ${name} -- -d ubuntu -r ${release} -a amd64",
user => $user,
group => $group,
timeout => 0,
unless => "lxc-info -n ${name}" #Should be executed as user ${user}, not root!
}
I can fix this problem if I change the last parameter to
unless => "su -l ${user} -c 'lxc-info -n ${name}'"
but it just don't look elegant. Is there any built-in solution in puppet to make a check as other user?
As Felix said, the unless uses the same user as the main command.
From the documentation:
This has now been clarified in the documentation: https://github.com/puppetlabs/puppet/pull/3800/files