Note
By default the site.yml playbook does not create any users on the host machine.
site.yml
This step is optional because in some scenarios users might already exist on the host machine and don’t need to be created.
The ansible/ directory contains a users.yml playbook that makes it easier to create new users on the host in batches.
ansible/
users.yml
First you need to create a new users-config.yml with the following content:
users-config.yml
users: - name: foo password: PLAIN_TEXT_PASSWORD - name: bar password: PLAIN_TEXT_PASSWORD
Replace the name and password entries by the real values.
name
password
password should correspond to the plain text value of the user password.
For more info about password hashing, please refer to the Ansible Documentation to learn how to generate the encrypted passwords.
When the user file is ready, execute the users.yml playbook with the following command:
ansible-playbook users.yml -i hosts -u ubuntu -e @users-config.yml
Warning
Passwords are sensitive data. The users.yml playbook mentioned in the previous section automatically encrypts the password from a plain text file.
For production use, you should consider protecting the passwords using the Ansible Vault.
This users.yml playbook is mostly provided as a convenience script to quickly bootstrap the host machine with a predefined set of users.
You are free to choose a different approach for managing users that suits your needs.
Users can save their files on the host machine in their home directrory. More details in User Data.
If you would like to enable quotas for users to limit how much disk space they can use, you can use the quotas.yml Ansible playbook.
quotas.yml
The playbook is heavily inspired by the excellent DigitalOcean tutorial on user quotas. Check it out for more info on user and group quotas.
It is recommended to do the initial quota setup before letting users connect to the hub.
As mentioned in the tutorial, the first step is to find the device to apply quotas to.
To do so, SSH into the machine (Requirements) and execute the following command:
cat /etc/fstab
The output will be similar to:
LABEL=cloudimg-rootfs / ext4 defaults 0 0 LABEL=UEFI /boot/efi vfat defaults 0 0
The source device for / might be different than LABEL=cloudimg-rootfs. If this is the case, copy the value somewhere so it can be used in the next step with the playbook.
/
LABEL=cloudimg-rootfs
To enable quotas on the machine, execute the quotas.yml playbook with the source device found in the previous section (if different):
# if the device is also named LABEL=cloudimg-rootfs ansible-playbook quotas.yml -i hosts -u ubuntu # if the source device is different (replace with the real value) ansible-playbook quotas.yml -i hosts -u ubuntu -e "device=UUID=aaef63c7-8c31-4329-8b7f-b90085ecccd4"
The users.yml playbook can also be used to set the user quotas. In users-config.yml you can define quotas as follows:
# default quotas for all users quota: soft: 10G hard: 12G users: - name: foo password: foo # override quota for a specific user quota: soft: 512M hard: 1G - name: bar password: bar
Then re-run the users.yml playbook as mentioned in Using the users playbook.
For example, if a user exceeds their quota when creating a file from the terminal inside the container, they will be shown the following message:
foo@549539d386e5:~/plasmabio-template-python-master$ fallocate -l 1G test.img fallocate: fallocate failed: Disk quota exceeded
On the host machine, a user can check their quota by running the following command:
foo@test-server:~$ quota -vs Disk quotas for user foo (uid 1001): Filesystem space quota limit grace files quota limit grace /dev/sda1 1024M* 512M 1024M 6days 33910 0 0
If the quota is exceeded and the user tries to create a new notebook from the interface, they will be shown an error dialog: