singularity for cobald

roles/singularity/tasks/main.yml

@@ -0,0 +1,18 @@
+- yum:
+    name: singularity
+    state: present
+
+- name: "enable user namespaces for singularity fakeroot function"
+  sysctl:
+    name: user.max_user_namespaces
+    value: "15000"
+    sysctl_file: /etc/sysctl.d/90-max_net_namespaces.conf
+
+- name: "enable user {{unpriv_user}} for fakeroot access"
+  lineinfile:
+    line: "{{unpriv_user}}:4294836224:65536"
+    dest: "{{item}}"
+  with_items: ["/etc/subuid", "/etc/subgid"]
+# the task above idempotentially does the same as:
+#- shell:
+#    command: singularity config fakeroot --add thoto