diff --git a/containers-registries.conf.5.md b/containers-registries.conf.5.md index 928387b..75d639c 100644 --- a/containers-registries.conf.5.md +++ b/containers-registries.conf.5.md @@ -43,6 +43,8 @@ also include wildcarded subdomains in the format `*.example.com`. The wildcard should only be present at the beginning as shown in the formats above. Other cases will not work. For example, `*.example.com` is valid but `example.*.com`, `*.example.com/foo` and `*.example.com:5000/foo/bar:baz` are not. +Note that `*` matches an arbitary number of subdomains. `*.example.com` will hence +match `bar.example.com`, `foo.bar.example.com` and so on. As a special case, the `prefix` field can be missing; if so, it defaults to the value of the `location` field (described below). @@ -104,20 +106,26 @@ contacted and contains the image will be used (and if none of the mirrors contai the primary location specified by the `registry.location` field, or using the unmodified user-specified reference, is tried last). -Each TOML table in the `mirror` array can contain the following fields, with the same semantics -as if specified in the `[[registry]]` TOML table directly: -- `location` -- `insecure` +Each TOML table in the `mirror` array can contain the following fields: +- `location`: same semantics +as specified in the `[[registry]]` TOML table +- `insecure`: same semantics +as specified in the `[[registry]]` TOML table +- `pull-from-mirror`: `all`, `digest-only` or `tag-only`. If "digest-only", mirrors will only be used for digest pulls. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Restricting mirrors to pulls by digest avoids that issue. If "tag-only", mirrors will only be used for tag pulls. For a more up-to-date and expensive mirror that it is less likely to be out of sync if tags move, it should not be unnecessarily used for digest references. Default is "all" (or left empty), mirrors will be used for both digest pulls and tag pulls unless the mirror-by-digest-only is set for the primary registry. +Note that this per-mirror setting is allowed only when `mirror-by-digest-only` is not configured for the primary registry. `mirror-by-digest-only` : `true` or `false`. If `true`, mirrors will only be used during pulling if the image reference includes a digest. +Note that if all mirrors are configured to be digest-only, images referenced by a tag will only use the primary +registry. +If all mirrors are configured to be tag-only, images referenced by a digest will only use the primary +registry. + Referencing an image by digest ensures that the same is always used (whereas referencing an image by a tag may cause different registries to return different images if the tag mapping is out of sync). -Note that if this is `true`, images referenced by a tag will only use the primary -registry, failing if that registry is not accessible. *Note*: Redirection and mirrors are currently processed only when reading images, not when pushing to a registry; that may change in the future. diff --git a/containers.conf b/containers.conf index e989d42..edfb446 100644 --- a/containers.conf +++ b/containers.conf @@ -627,6 +627,15 @@ log_driver = "journald" # #user = "core" +# Host directories to be mounted as volumes into the VM by default. +# Environment variables like $HOME as well as complete paths are supported for +# the source and destination. An optional third field `:ro` can be used to +# tell the container engines to mount the volume readonly. +# +# volumes = [ +# "$HOME:$HOME", +#] + # The [machine] table MUST be the last entry in this file. # (Unless another table is added) # TOML does not provide a way to end a table other than a further table being diff --git a/containers.conf.5.md b/containers.conf.5.md index 3ef98df..affcc45 100644 --- a/containers.conf.5.md +++ b/containers.conf.5.md @@ -590,7 +590,7 @@ Number of seconds to wait for container to exit before sending kill signal. **exit_command_delay**=300 -Number of seconds to wait for the API process for the exec call before sending exit command mimicing the Docker behavior of 5 minutes (in seconds). +Number of seconds to wait for the API process for the exec call before sending exit command mimicking the Docker behavior of 5 minutes (in seconds). **tmp_dir**="/run/libpod" @@ -681,6 +681,13 @@ Memory in MB a machine is created with. Username to use and create on the podman machine OS for rootless container access. The default value is `user`. On Linux/Mac the default is`core`. +**volumes**=["$HOME:$HOME"] + +Host directories to be mounted as volumes into the VM by default. +Environment variables like $HOME as well as complete paths are supported for +the source and destination. An optional third field `:ro` can be used to +tell the container engines to mount the volume readonly. + # FILES **containers.conf** diff --git a/shortnames.conf b/shortnames.conf index 51b0e50..56f772d 100644 --- a/shortnames.conf +++ b/shortnames.conf @@ -10,11 +10,12 @@ "skopeo" = "quay.io/skopeo/stable" "buildah" = "quay.io/buildah/stable" "podman" = "quay.io/podman/stable" + "hello" = "quay.io/podman/hello" + "hello-world" = "quay.io/podman/hello" # docker "alpine" = "docker.io/library/alpine" "docker" = "docker.io/library/docker" "registry" = "docker.io/library/registry" - "hello-world" = "docker.io/library/hello-world" "swarm" = "docker.io/library/swarm" # Fedora "fedora-minimal" = "registry.fedoraproject.org/fedora-minimal"