bootc in multi-user shared lab environments

[ktdreyer]

We have a small lab with a few bare metal hosts, and we need to configure dozens of shell accounts. I'd like to use CentOS bootc on these, rather than installing basic CentOS.

I've read https://bootc-dev.github.io/bootc/building/users-and-groups.html , but that explores options without being prescriptive. Do you mind clarifying end-to-end examples a bit further? :)

Do you recommend creating users with Anaconda+kickstart in my scenario with the traditional user stanzas?

Or is there something more modern with systemd?

Will I have to re-install the baremetal OS if I hire a new user to my team?

[ktdreyer]

I found https://docs.fedoraproject.org/en-US/bootc/authentication/ , and that's a bit more prescriptive, but it's still unclear to me what option the bootc developers prefer in my use-case. Specifically, if it means that we'd have to re-install the OS to add or remove a user account.

[cgwalters]

Will I have to re-install the baremetal OS if I hire a new user to my team?

No, definitely not. There's not one solution here, but I would call out that not all state needs to live in the container image.

In an enterprise scenario, one might use FreeIPA for example - just configuring the IPA setup in the image, but the "user state" is dynamic and fetched from the network.

At smaller scales, see also https://docs.fedoraproject.org/en-US/bootc/dynamic-reconfiguration/ - you can write any tool you want which reconciles users/groups dynamically, distinct from OS updates.

Or is there something more modern with systemd?

There is also https://www.freedesktop.org/software/systemd/man/latest/systemd-homed.service.html but it's its own giant sub-domain; I haven't tried it personally.