From 0fa32dbfde3c7b1b684a6fbde8a3132a36228ff8 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 26 Jan 2022 11:51:28 -0500 Subject: [PATCH] Update man pages and config files Signed-off-by: Daniel J Walsh --- .containerfile.5 | 1 + Containerfile.5.md | 6 +++++- containers-auth.json.5.md | 2 +- containers.conf | 30 ++++++++++++++++++------------ containers.conf.5.md | 27 +++++++++++++++++---------- 5 files changed, 42 insertions(+), 24 deletions(-) create mode 100644 .containerfile.5 diff --git a/.containerfile.5 b/.containerfile.5 new file mode 100644 index 0000000..f6a6334 --- /dev/null +++ b/.containerfile.5 @@ -0,0 +1 @@ +.so man5/containerfile.5 diff --git a/Containerfile.5.md b/Containerfile.5.md index de728c2..842d25d 100644 --- a/Containerfile.5.md +++ b/Containerfile.5.md @@ -114,7 +114,7 @@ Current supported mount TYPES are bind, cache, secret and tmpfs. Common Options: - · src, source: mount source spec for bind and volume. Mandatory for bind. + · src, source: mount source spec for bind and volume. Mandatory for bind. If `from` is specified, `src` is the subpath in the `from` field. · dst, destination, target: mount destination spec. @@ -126,6 +126,8 @@ Current supported mount TYPES are bind, cache, secret and tmpfs. . bind-nonrecursive: do not setup a recursive bind mount. By default it is recursive. + · from: stage or image name for the root of the source. Defaults to the build context. + Options specific to tmpfs: · tmpfs-size: Size of the tmpfs mount in bytes. Unlimited by default in Linux. @@ -146,6 +148,8 @@ Current supported mount TYPES are bind, cache, secret and tmpfs. · gid: gid for cache directory. + · from: stage name for the root of the source. Defaults to host cache directory. + **RUN Secrets** diff --git a/containers-auth.json.5.md b/containers-auth.json.5.md index 892cb70..4030a06 100644 --- a/containers-auth.json.5.md +++ b/containers-auth.json.5.md @@ -11,7 +11,7 @@ on Windows and macOS, at `$HOME/.config/containers/auth.json`. When searching for the credential for a registry, the following files will be read in sequence until the valid credential is found: first reading the primary (read/write) file, or the explicit override using an option of the calling application. -If credentials are not present, search in `${XDG\_CONFIG\_HOME}/containers/auth.json`, `$HOME/.docker/config.json`, `$HOME/.dockercfg`. +If credentials are not present, search in `${XDG_CONFIG_HOME}/containers/auth.json` (usually `~/.config/containers/auth.json`), `$HOME/.docker/config.json`, `$HOME/.dockercfg`. Except the primary (read/write) file, other files are read-only, unless the user use an option of the calling application explicitly points at it as an override. diff --git a/containers.conf b/containers.conf index 3b59787..1470e07 100644 --- a/containers.conf +++ b/containers.conf @@ -197,10 +197,6 @@ log_driver = "journald" # #prepare_volume_on_create = false -# Indicates the networking to be used for rootless containers -# -#rootless_networking = "slirp4netns" - # Path to the seccomp.json profile which is used as the default seccomp profile # for the runtime. # @@ -249,9 +245,6 @@ log_driver = "journald" # #volumes = [] -# The network table contains settings pertaining to the management of -# CNI plugins. - [secrets] #driver = "file" @@ -260,9 +253,15 @@ log_driver = "journald" [network] -# Network backend to use. Default "CNI". +# Network backend determines what network driver will be used to set up and tear down container networks. +# Valid values are "cni" and "netavark". +# The default value is empty which means that it will automatically choose CNI or netavark. If there are +# already containers/images or CNI networks preset it will choose CNI. # -#network_backend = "cni" +# Before changing this value all containers must be stopped otherwise it is likely that +# iptables rules and network interfaces might leak on the host. A reboot will fix this. +# +#network_backend = "" # Path to directory where CNI plugin binaries are located. # @@ -274,18 +273,22 @@ log_driver = "journald" # "/opt/cni/bin", #] -# The network name of the default CNI network to attach pods to. +# The network name of the default network to attach pods to. # #default_network = "podman" -# The default subnet for the default CNI network given in default_network. +# The default subnet for the default network given in default_network. # If a network with that name does not exist, a new network using that name and # this subnet will be created. # Must be a valid IPv4 CIDR prefix. # #default_subnet = "10.88.0.0/16" -# Path to the directory where CNI configuration files are located. +# Path to the directory where network configuration files are located. +# For the CNI backend the default is "/etc/cni/net.d" as root +# and "$HOME/.config/cni/net.d" as rootless. +# For the netavark backend "/etc/containers/networks" is used as root +# and "$graphroot/networks" as rootless. # #network_config_dir = "/etc/cni/net.d/" @@ -351,6 +354,9 @@ log_driver = "journald" # #env = [] +# Define where event logs will be stored, when events_logger is "file". +#events_logfile_path="" + # Selects which logging mechanism to use for container engine events. # Valid values are `journald`, `file` and `none`. # diff --git a/containers.conf.5.md b/containers.conf.5.md index 638c393..7855ce0 100644 --- a/containers.conf.5.md +++ b/containers.conf.5.md @@ -222,11 +222,6 @@ is imposed. Copy the content from the underlying image into the newly created volume when the container is created instead of when it is started. If `false`, the container engine will not copy the content until the container is started. Setting it to `true` may have negative performance implications. -**rootless_networking**="slirp4netns" - -Set type of networking rootless containers should use. Valid options are `slirp4netns` -or `cni`. - **seccomp_profile**="/usr/share/containers/seccomp.json" Path to the seccomp.json profile which is used as the default seccomp profile @@ -278,11 +273,15 @@ Options are: The `network` table contains settings pertaining to the management of CNI plugins. -**network_backend**="cni" +**network_backend**="" Network backend determines what network driver will be used to set up and tear down container networks. Valid values are "cni" and "netavark". -Changing this value may require restarting all running containers. +The default value is empty which means that it will automatically choose CNI or netavark. If there are +already containers/images or CNI networks preset it will choose CNI. + +Before changing this value all containers must be stopped otherwise it is likely that +iptables rules and network interfaces might leak on the host. A reboot will fix this. **cni_plugin_dirs**=[] @@ -301,16 +300,20 @@ cni_plugin_dirs = [ **default_network**="podman" -The network name of the default CNI network to attach pods to. +The network name of the default network to attach pods to. **default_subnet**="10.88.0.0/16" -The subnet to use for the default CNI network (named above in **default_network**). +The subnet to use for the default network (named above in **default_network**). If the default network does not exist, it will be automatically created the first time a tool is run using this subnet. **network_config_dir**="/etc/cni/net.d/" -Path to the directory where CNI configuration files are located. +Path to the directory where network configuration files are located. +For the CNI backend the default is "/etc/cni/net.d" as root +and "$HOME/.config/cni/net.d" as rootless. +For the netavark backend "/etc/containers/networks" is used as root +and "$graphroot/networks" as rootless. **volumes**=[] @@ -378,6 +381,10 @@ Environment variables to be used when running the container engine (e.g., Podman Note these environment variables will not be used within the container. Set the env section under [containers] table, if you want to set environment variables for the container. +**events_logfile_path**="" + +Define where event logs will be stored, when events_logger is "file". + **events_logger**="journald" Default method to use when logging events.