github.com/openshift/installer@v1.4.17/images/libvirt/README.md (about) 1 # Libvirt Installer for CI 2 3 This image enables launching a libvirt cluster for CI testing through two primary mechanisms: 4 1. Targeting a libvirt service running on a remote host 5 2. Launching a libvirt VM nested in a GCE instance 6 7 This image contains [`nss_wrapper`](https://cwrap.org/nss_wrapper.html) to execute `ssh` commands as 8 a mock user to interact with the remote libvirt API or GCE instance from an OpenShift container. 9 10 OpenShift containers run with an arbitrary uid, but SSH requires a valid user. `nss_wrapper` 11 allows for the container's user ID to be mapped to a username inside of a container. 12 13 ### Example Usage 14 15 You can override the container's current user ID and group ID by providing `NSS_WRAPPER_GROUP` 16 and `NSS_WRAPPER_PASSWD` for the mock files, as well as `NSS_USERNAME`, `NSS_UID`, `NSS_GROUPNAME`, 17 and/or `NSS_GID`. In OpenShift CI, `NSS_USERNAME` and `NSS_GROUPNAME` are set. 18 The random UID assigned to the container is the UID that the mock username is mapped to. 19 20 ```console 21 $ podman run --rm \ 22 > -e NSS_WRAPPER_GROUP=/tmp/group \ 23 > -e NSS_WRAPPER_PASSWD=/tmp/passwd \ 24 > -e NSS_UID=1000 \ 25 > -e NSS_GID=1000 \ 26 > -e NSS_USERNAME=testuser \ 27 > -e NSS_GROUPNAME=testuser \ 28 > nss_wrapper_img mock-nss.sh id testuser 29 uid=1000(testuser) gid=1000(testuser) groups=1000(testuser) 30 ``` 31 32 Or, in an OpenShift container: 33 34 ```yaml 35 containers: 36 - name: setup 37 image: nss-wrapper-image 38 env: 39 - name: NSS_WRAPPER_PASSWD 40 value: /tmp/passwd 41 - name: NSS_WRAPPER_GROUP 42 value: /tmp/group 43 - name: NSS_USERNAME 44 value: mockuser 45 - name: NSS_GROUPNAME 46 value: mockuser 47 command: 48 - /bin/sh 49 - -c 50 - | 51 #!/bin/sh 52 mock-nss.sh openshift-install <args> 53 ```