Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2021.7.x
- Puppet >= 7.24 < 9.0.0
- , , , Debian, Ubuntu
Start using this module
Add this module to your Puppetfile:
mod 'jcpunk-weston', '0.2.0'Learn more about managing modules with a PuppetfileDocumentation
weston
Manage weston and remote desktops
Table of Contents
- Description
- Setup - The basics of getting started with weston
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
Weston itself isn't hard to manage. However, setting up workable remote desktop sessions under systemd can be tricky.
This module offers some classes to make this easier, with the complication that it is very prescriptive and opinionated about how this is done.
Setup
Setup Requirements
You will need weston in an available package repo.
Beginning with weston
To install the weston desktop, just include the weston module.
Usage
VNC Desktops
To create a VNC session include weston::vnc_server and set the following parameters:
weston::vnc_server::vnc_sessions:
userA:
comment: Sometimes you've gotta write it down
displaynumber: 1
ensure: running
enable: true
user_can_control_service: true
extra_users_can_control_service:
- userB
userB:
displaynumber: 5902
By default the service starting the VNC session is unmanaged. You can change the defaults via:
weston::vnc_server::default_vnc_service_ensure: running
weston::vnc_server::default_vnc_service_enable: true
By default users cannot manage the systemd service for their VNC session. You can grant them access to run systemctl stop/start/restart weston-vncserver@${username} one user at a time. If you would prefer to do it automatically for all users set:
weston::vnc_server::default_user_can_control_service: true
Limitations
This module expect VNC to use ports starting at 5900.
For working with VNC desktops, you'll probably want to setup a ~/.config/weston.ini with the following options:
[shell]
locking=false
as the VNC session will already be protected by PAM.
Development
See the linked repo from metadata.json
Reference
Table of Contents
Classes
weston: Install the weston desktopweston::vnc_server: Setup weston VNC sessions
Classes
weston
Simply install the weston desktop
Examples
include weston
Parameters
The following parameters are available in the weston class:
manage_packagespackage_namespackages_ensuremanage_weston_iniweston_ini_pathweston_ini_ownerweston_ini_groupweston_ini_modeweston_ini_settings
manage_packages
Data type: Boolean
Should this module even care about the packages?
Default value: true
package_names
Data type: Array[String[1]]
Packages to install
Default value: ['weston']
packages_ensure
Data type: Stdlib::Ensure::Package
What to ensure for the packages
Default value: 'present'
manage_weston_ini
Data type: Boolean
Should we write out a global weston config?
Default value: false
weston_ini_path
Data type: Stdlib::Absolutepath
Where is the global weston.ini
Default value: '/etc/xdg/weston/weston.ini'
weston_ini_owner
Data type: String
Probably root
Default value: 'root'
weston_ini_group
Data type: String
Probably root
Default value: 'root'
weston_ini_mode
Data type: String
This should be world readable
Default value: '0644'
weston_ini_settings
Data type: Hash
A hash of the settings you want. weston::weston_ini_settings: shell: 'clock-format': 'seconds-24h'
Default value: {}
weston::vnc_server
Setup weston VNC sessions
Parameters
The following parameters are available in the weston::vnc_server class:
manage_vnc_start_scriptmanage_vnc_options_filemanage_vnc_users_filemanage_vnc_polkit_filevnc_start_scriptvnc_options_filevnc_server_optionsvnc_users_filevnc_start_script_modevnc_options_file_modevnc_users_file_modemanage_vnc_servicesdefault_vnc_service_ensuredefault_vnc_service_enablemanage_systemd_unit_filesystemd_template_startswithsystemd_template_endswithvnc_polkit_filevnc_polkit_file_modedefault_user_can_control_servicedefault_extra_users_can_control_servicevnc_sessions
manage_vnc_start_script
Data type: Boolean
Do we manage the start script?
Default value: true
manage_vnc_options_file
Data type: Boolean
Do we manage the vnc options file?
Default value: true
manage_vnc_users_file
Data type: Boolean
Do we manage the vnc users file?
Default value: true
manage_vnc_polkit_file
Data type: Boolean
Do we manage the vnc polkit file?
Default value: true
vnc_start_script
Data type: Stdlib::Absolutepath
The script that starts weston in VNC mode
Default value: '/usr/libexec/weston-vnc'
vnc_options_file
Data type: Stdlib::Absolutepath
An environment file you can use to inject options
Default value: '/etc/xdg/weston/vncserver.opts'
vnc_server_options
Data type: Array[String[1]]
Extra options to set on the VNC server (ie ['--address=::1', '--disable-transport-layer-security'])
Default value: []
vnc_users_file
Data type: Stdlib::Absolutepath
A list of which users are using which VNC ports
Default value: '/etc/xdg/weston/vncserver.users'
vnc_start_script_mode
Data type: String
This should have world exec as it runs as your VNC user
Default value: '0755'
vnc_options_file_mode
Data type: String
This should have world read so your VNC user can look at it
Default value: '0644'
vnc_users_file_mode
Data type: String
This should have world read so your VNC user can look at it
Default value: '0644'
manage_vnc_services
Data type: Boolean
Should this module manage the VNC server services
Default value: true
default_vnc_service_ensure
Data type: Optional[Enum['running', 'stopped']]
What should the VNC service ensure be by default? NULL works for "no preference"
Default value: undef
default_vnc_service_enable
Data type: Optional[Boolean]
What should the VNC service enable be by default? NULL works for "no preference"
Default value: undef
manage_systemd_unit_file
Data type: Boolean
Should this module setup the systemd template unit
Default value: true
systemd_template_startswith
Data type: String
What is the 'unit name' of the service
Default value: 'weston-vncserver'
systemd_template_endswith
Data type: String
This should always be .service unless you're up to something weird
Default value: '.service'
vnc_polkit_file
Data type: Stdlib::Absolutepath
A policy kit file you can use to let users restart their own sessions via systemctl --system
Default value: '/etc/polkit-1/rules.d/25-puppet-weston-vnc_server.rules'
vnc_polkit_file_mode
Data type: String
This should have world read so unpriviledged polkit can check it
Default value: '0644'
default_user_can_control_service
Data type: Boolean
Should this module configure polkit so the VNC user can control the system service by default?
Default value: false
default_extra_users_can_control_service
Data type: Array[String[1]]
Extra users who will automatically be granted polkit rights to the system service by default
Default value: []
vnc_sessions
Data type: Hash[String, Hash[Enum['displaynumber', 'user_can_control_service', 'comment', 'ensure', 'enable', 'extra_users_can_control_service'], Variant[Array[String], String, Integer, Boolean, Undef]]]
A hash of VNC servers to setup Format: weston::vnc_server::vnc_sessions: userA: comment: Sometimes you've gotta write it down displaynumber: 1 ensure: running enable: true user_can_control_service: true extra_users_can_control_service:
- userB
userB: displaynumber: 5902 ensure: NULL enable: false user_can_control_service: false
Default value: {}
Dependencies
- puppetlabs/concat (>= 4.2.0 < 10.0.0)
- jcpunk/novnc (>= 0.1.0 < 1.0.0)
- puppetlabs/stdlib (>= 9.0.0 < 10.0.0)
- puppet/systemd (>= 8.1.0 < 9.0.0)