All-in-one post with the previous info summarized with examples for working with userns_idmap’s.
Modified user query:
midclt call user.query '[["builtin", "=", false], ["userns_idmap", "=", null], ["local", "=", true]]' '{"select": ["username", "id", "uid", "userns_idmap"]}' | jq
Example output:
[
{
"id": 78,
"uid": 373,
"username": "etesync",
"userns_idmap": null
},
...
]
Update user userns_idmap:
midclt call user.update 78 '{"userns_idmap": "DIRECT"}'
Updated user:
[
{
"id": 78,
"uid": 373,
"username": "etesync",
"userns_idmap": "DIRECT"
}
]
Groups query:
midclt call group.query '[["builtin", "=", false], ["userns_idmap", "=", null], ["local", "=", true]]' '{"select": ["name", "id", "gid", "userns_idmap"]}' | jq
Example output:
[
{
"id": 117,
"gid": 373,
"name": "etesync",
"userns_idmap": null
},
...
]
Update group userns_idmap:
midclt call group.update 117 '{"userns_idmap": "DIRECT"}'
Updated group:
[
{
"id": 117,
"gid": 373,
"name": "etesync",
"userns_idmap": "DIRECT"
}
]
Pull in updated userns_idmap.
Restart container:
midclt call virt.instance.restart docker1 -j
Status: (none)
Total Progress: [########################################] 100.00%
Container config output for the raw.idmap:
incus config show docker1|grep raw.idmap -A 4
raw.idmap: |-
uid 568 568
uid 373 373
gid 568 568
gid 373 373
Unfortunately, I don’t think this one can be done via cloud-init since restarting via the Web UI will wipe out custom raw.idmap’s. Technically, if you didn’t interacte with the Web UI and managed it all from cloud-init and the local incus commands, it could work, but that will likely get messy quickly.
I’ll research and see what needs to happen or if a script needs to be made to call the midclt to perform these tasks.