rpms/containers-common
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import containers-common-1-13.el9

Browse Source
This commit is contained in:
CentOS Sources 2022-01-11 11:53:06 -05:00 committed by Stepan Oksanichenko
parent e9d8bd16d3
commit 5e681030a9
5 changed files with 48 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
SOURCES/containers.conf
View File

@ -153,6 +153,7 @@ default_sysctls = [
# Logging driver for the container. Available options: k8s-file and journald. # Logging driver for the container. Available options: k8s-file and journald.
# #
#log_driver = "k8s-file" #log_driver = "k8s-file"
log_driver = "journald"
# Maximum size allowed for the container log file. Negative numbers indicate # Maximum size allowed for the container log file. Negative numbers indicate
# that no size limit is imposed. If positive, it must be >= 8192 to match or # that no size limit is imposed. If positive, it must be >= 8192 to match or
@ -341,7 +342,7 @@ default_sysctls = [
# Valid values are `journald`, `file` and `none`. # Valid values are `journald`, `file` and `none`.
# #
#events_logger = "journald" #events_logger = "journald"
events_logger = "file" events_logger = "journald"
# A is a list of directories which are used to search for helper binaries. # A is a list of directories which are used to search for helper binaries.
# #
@ -383,7 +384,7 @@ events_logger = "file"
# reserving the pods resources for the lifetime of the pod. # reserving the pods resources for the lifetime of the pod.
# #
#infra_image = "k8s.gcr.io/pause:3.4.1" #infra_image = "k8s.gcr.io/pause:3.4.1"
infra_image = "registry.access.redhat.com/ubi9/pause" infra_image = "registry.access.redhat.com/ubi8/pause"
# Specify the locking mechanism to use; valid values are "shm" and "file". # Specify the locking mechanism to use; valid values are "shm" and "file".
# Change the default only if you are sure of what you are doing, in general # Change the default only if you are sure of what you are doing, in general
@ -421,7 +422,7 @@ infra_image = "registry.access.redhat.com/ubi9/pause"
# Default options to pass to the slirp4netns binary. # Default options to pass to the slirp4netns binary.
# For example "allow_host_loopback=true" # For example "allow_host_loopback=true"
# #
#network_cmd_options = ["enable_ipv6=true",] #network_cmd_options = []
# Whether to use chroot instead of pivot_root in the runtime # Whether to use chroot instead of pivot_root in the runtime
# #
@ -451,25 +452,15 @@ runtime = "crun"
# List of the OCI runtimes that support --format=json. When json is supported # List of the OCI runtimes that support --format=json. When json is supported
# engine will use it for reporting nicer errors. # engine will use it for reporting nicer errors.
# #
#runtime_supports_json = ["crun", "runc", "kata", "runsc", "krun"] #runtime_supports_json = ["crun", "runc", "kata", "runsc"]
# List of the OCI runtimes that supports running containers with KVM Separation. # List of the OCI runtimes that supports running containers with KVM Separation.
# #
#runtime_supports_kvm = ["kata", "krun"] #runtime_supports_kvm = ["kata"]
# List of the OCI runtimes that supports running containers without cgroups. # List of the OCI runtimes that supports running containers without cgroups.
# #
#runtime_supports_nocgroups = ["crun", "krun"] #runtime_supports_nocgroups = ["crun"]
# Default location for storing temporary container image content. Can be overridden with the TMPDIR environment
# variable. If you specify "storage", then the location of the
# container/storage tmp directory will be used.
# image_copy_tmp_dir="/var/tmp"
# Number of seconds to wait without a connection
# before the `podman system service` times out and exits
#
#service_timeout = 5
# Directory for persistent engine files (database, etc) # Directory for persistent engine files (database, etc)
# By default, this will be configured relative to where the containers/storage # By default, this will be configured relative to where the containers/storage
@ -508,7 +499,7 @@ runtime = "crun"
# #
#volume_path = "/var/lib/containers/storage/volumes" #volume_path = "/var/lib/containers/storage/volumes"
# Paths to look for a valid OCI runtime (crun, runc, kata, runsc, krun, etc) # Paths to look for a valid OCI runtime (crun, runc, kata, runsc, etc)
[engine.runtimes] [engine.runtimes]
#crun = [ #crun = [
# "/usr/bin/crun", # "/usr/bin/crun",
@ -551,11 +542,6 @@ runtime = "crun"
# "/run/current-system/sw/bin/runsc", # "/run/current-system/sw/bin/runsc",
#] #]
#krun = [
# "/usr/bin/krun",
# "/usr/local/bin/krun",
#]
[engine.volume_plugins] [engine.volume_plugins]
#testplugin = "/run/podman/plugins/test.sock" #testplugin = "/run/podman/plugins/test.sock"

40
SOURCES/containers.conf.5.md
View File

@ -47,7 +47,8 @@ TOML can be simplified to:
option = value option = value
## CONTAINERS TABLE ## CONTAINERS TABLE
The containers table contains settings to configure and manage the OCI runtime. The containers table contains settings pertaining to the OCI runtime that can
configure and manage the OCI runtime.
**annotations** = [] **annotations** = []
List of annotations. Specified as "key=value" pairs to be added to all containers. List of annotations. Specified as "key=value" pairs to be added to all containers.
@ -461,23 +462,11 @@ and pods are visible.
Path to the slirp4netns binary. Path to the slirp4netns binary.
**network_cmd_options**=["enable_ipv6=true",] **network_cmd_options**=[]
Default options to pass to the slirp4netns binary. Default options to pass to the slirp4netns binary.
Valid options values are: Example "allow_host_loopback=true"
- **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`, which is added to `/etc/hosts` as `host.containers.internal` for your convenience). Default is false.
- **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
- **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
- **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
- **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
- **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
- **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
- **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
- **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
Note: Rootlesskit changes the source IP address of incoming packets to a IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
- **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
**no_pivot_root**=false **no_pivot_root**=false
@ -508,31 +497,18 @@ Default OCI specific runtime in runtimes that will be used by default. Must
refer to a member of the runtimes table. Default runtime will be searched for refer to a member of the runtimes table. Default runtime will be searched for
on the system using the priority: "crun", "runc", "kata". on the system using the priority: "crun", "runc", "kata".
**runtime_supports_json**=["crun", "runc", "kata", "runsc", "krun"] **runtime_supports_json**=["crun", "runc", "kata", "runsc"]
The list of the OCI runtimes that support `--format=json`. The list of the OCI runtimes that support `--format=json`.
**runtime_supports_kvm**=["kata", "krun"] **runtime_supports_kvm**=["kata"]
The list of OCI runtimes that support running containers with KVM separation. The list of OCI runtimes that support running containers with KVM separation.
**runtime_supports_nocgroups**=["crun", "krun"] **runtime_supports_nocgroups**=["crun"]
The list of OCI runtimes that support running containers without CGroups. The list of OCI runtimes that support running containers without CGroups.
**image_copy_tmp_dir**="/var/tmp"
Default location for storing temporary container image content. Can be
overridden with the TMPDIR environment variable. If you specify "storage", then
the location of the container/storage tmp directory will be used. If set then it
is the users responsibility to cleanup storage. Configure tmpfiles.d(5) to
cleanup storage.
**service_timeout**=**5**
Number of seconds to wait without a connection before the
`podman system service` times out and exits
**static_dir**="/var/lib/containers/storage/libpod" **static_dir**="/var/lib/containers/storage/libpod"
Directory for persistent libpod files (database, etc). Directory for persistent libpod files (database, etc).
@ -647,6 +623,6 @@ is used for the storage.conf file rather than the default.
This is primarily used for testing. This is primarily used for testing.
# SEE ALSO # SEE ALSO
containers-storage.conf(5), containers-policy.json(5), containers-registries.conf(5), tmpfiles.d(5) containers-storage.conf(5), containers-policy.json(5), containers-registries.conf(5)
[toml]: https://github.com/toml-lang/toml [toml]: https://github.com/toml-lang/toml

3
SOURCES/shortnames.conf
View File

@ -1,4 +1,7 @@
[aliases] [aliases]
# almalinux
"almalinux" = "docker.io/library/almalinux"
"almalinux-minimal" = "docker.io/library/almalinux-minimal"
# centos # centos
"centos" = "quay.io/centos/centos" "centos" = "quay.io/centos/centos"
# containers # containers

7
SOURCES/update.sh
View File

@ -23,18 +23,21 @@ $2 = $3" $1
spectool -f -g containers-common.spec spectool -f -g containers-common.spec
ensure storage.conf driver \"overlay\" ensure storage.conf driver \"overlay\"
ensure storage.conf mountopt \"nodev,metacopy=on\" ensure storage.conf mountopt \"nodev,metacopy=on\"
ensure containers.conf events_logger \"file\"
if pwd | grep rhel-8 > /dev/null if pwd | grep rhel-8 > /dev/null
then then
ensure registries.conf unqualified-search-registries [\"registry.fedoraproject.org\",\ \"registry.access.redhat.com\",\ \"registry.centos.org\",\ \"docker.io\"] ensure registries.conf unqualified-search-registries [\"registry.fedoraproject.org\",\ \"registry.access.redhat.com\",\ \"registry.centos.org\",\ \"docker.io\"]
ensure registries.conf short-name-mode \"permissive\" ensure registries.conf short-name-mode \"permissive\"
ensure containers.conf infra_image \"registry.access.redhat.com/ubi8/pause\" ensure containers.conf infra_image \"registry.access.redhat.com/ubi8/pause\"
ensure containers.conf runtime \"runc\" ensure containers.conf runtime \"runc\"
ensure containers.conf events_logger \"file\"
ensure containers.conf log_driver \"k8s-file\"
else else
ensure registries.conf unqualified-search-registries [\"registry.fedoraproject.org\",\ \"registry.access.redhat.com\",\ \"registry.centos.org\",\ \"quay.io\",\ \"docker.io\"] ensure registries.conf unqualified-search-registries [\"registry.fedoraproject.org\",\ \"registry.access.redhat.com\",\ \"registry.centos.org\",\ \"quay.io\",\ \"docker.io\"]
ensure registries.conf short-name-mode \"enforcing\" ensure registries.conf short-name-mode \"enforcing\"
ensure containers.conf infra_image \"registry.access.redhat.com/ubi9/pause\" ensure containers.conf infra_image \"registry.access.redhat.com/ubi8/pause\"
ensure containers.conf runtime \"crun\" ensure containers.conf runtime \"crun\"
ensure containers.conf events_logger \"journald\"
ensure containers.conf log_driver \"journald\"
fi fi
[ `grep "keyctl" seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \ [ `grep "keyctl" seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \
"keyctl",' seccomp.json "keyctl",' seccomp.json

28
SPECS/containers-common.spec
View File

@ -4,16 +4,15 @@
# pick the oldest version on c/image, c/common, c/storage vendored in # pick the oldest version on c/image, c/common, c/storage vendored in
# podman/skopeo/podman. # podman/skopeo/podman.
%global skopeo_branch main %global skopeo_branch main
%global podman_branch main
%global image_branch v5.16.0 %global image_branch v5.16.0
%global common_branch v0.46.0 %global common_branch v0.44.3
%global storage_branch v1.36.0 %global storage_branch v1.36.0
%global shortnames_branch main %global shortnames_branch main
Epoch: 2 Epoch: 2
Name: containers-common Name: containers-common
Version: 1 Version: 1
Release: 8%{?dist} Release: 13%{?dist}
Summary: Common configuration and documentation for containers Summary: Common configuration and documentation for containers
License: ASL 2.0 License: ASL 2.0
BuildArch: noarch BuildArch: noarch
@ -37,7 +36,7 @@ Source4: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs
#Source5: https://raw.githubusercontent.com/containers/image/%%{image_branch}/registries.conf #Source5: https://raw.githubusercontent.com/containers/image/%%{image_branch}/registries.conf
Source5: registries.conf Source5: registries.conf
Source6: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-policy.json.5.md Source6: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-policy.json.5.md
Source7: https://raw.githubusercontent.com/containers/common/main/pkg/seccomp/seccomp.json Source7: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/seccomp/seccomp.json
Source8: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers-mounts.conf.5.md Source8: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers-mounts.conf.5.md
Source9: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-signature.5.md Source9: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-signature.5.md
Source10: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-transports.5.md Source10: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-transports.5.md
@ -161,6 +160,27 @@ EOF
%{_datadir}/rhel/secrets/* %{_datadir}/rhel/secrets/*
%changelog %changelog
* Tue Nov 30 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-13
- use log_driver = "journald" and events_logger = "journald" for RHEL9
- Related: #2000051
* Tue Nov 16 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-12
- consume seccomp.json from the oldest vendored version of c/common,
not main branch
- Related: #2000051
* Fri Nov 12 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-11
- use ubi8/pause as ubi9/pause is not available yet
- Related: #2000051
* Wed Nov 10 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-10
- update vendored components
- Related: #2000051
* Tue Nov 02 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-9
- make log_driver = "k8s-file" default in containers.conf
- Related: #2000051
* Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-8 * Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 2:1-8
- perform only sanity/installability tests for now - perform only sanity/installability tests for now
- Related: #2000051 - Related: #2000051