rpms/skopeo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add support for containers.conf and man page

Browse Source 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh 2020-04-07 08:43:18 -04:00
parent ae2a8235f5
commit e5fe04695e
No known key found for this signature in database
GPG Key ID: A2DF901DABE2C028
3 changed files with 94 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
containers.conf
View File

@ -1,9 +1,9 @@
# The containers configuration file specifies all of the available configuration # The containers configuration file specifies all of the available configuration
# command-line options/flags for container runtime tools like Podman & Buildah, # command-line options/flags for container engine tools like Podman & Buildah,
# but in a TOML format that can be easily modified and versioned. # but in a TOML format that can be easily modified and versioned.
# Please refer to containers.conf(5) for details of all configuration options. # Please refer to containers.conf(5) for details of all configuration options.
# Not all container tools implement all of the options. # Not all container engines implement all of the options.
# All of the options have hard coded defaults and these options will override # All of the options have hard coded defaults and these options will override
# the built in defaults. Users can then override these options via the command # the built in defaults. Users can then override these options via the command
# line. Container engines will read containers.conf files in up to three # line. Container engines will read containers.conf files in up to three
@ -16,24 +16,30 @@
[containers] [containers]
# List of additional devices. Specified as # List of devices. Specified as
# "<device-on-host>:<device-on-container>:<permissions>", for example: # "<device-on-host>:<device-on-container>:<permissions>", for example:
# "/dev/sdc:/dev/xvdc:rwm". # "/dev/sdc:/dev/xvdc:rwm".
# If it is empty or commented out, only the default devices will be used # If it is empty or commented out, only the default devices will be used
# #
# additional_devices = [] # devices = []
# List of additional volumes. Specified as # List of volumes. Specified as
# "<directory-on-host>:<directory-in-container>:<options>", for example: # "<directory-on-host>:<directory-in-container>:<options>", for example:
# "/db:/var/lib/db:ro". # "/db:/var/lib/db:ro".
# If it is empty or commented out, no volumes will be added # If it is empty or commented out, no volumes will be added
# #
# additional_volumes = [] # volumes = []
# Used to change the name of the default AppArmor profile of container engines. # Used to change the name of the default AppArmor profile of container engine.
# #
# apparmor_profile = "container-default" # apparmor_profile = "container-default"
# List of annotation. Specified as
# "key=value"
# If it is empty or commented out, no annotations will be added
#
# annotations = []
# Default way to to create a cgroup namespace for the container # Default way to to create a cgroup namespace for the container
# Options are: # Options are:
# `private` Create private Cgroup Namespace for the container. # `private` Create private Cgroup Namespace for the container.
@ -41,11 +47,6 @@
# #
# cgroupns = "private" # cgroupns = "private"
# Cgroup management implementation used for the runtime.
# Valid options “systemd” or “cgroupfs”
#
# cgroup_manager = "systemd"
# List of default capabilities for containers. If it is empty or commented out, # List of default capabilities for containers. If it is empty or commented out,
# the default capabilities defined in the container engine will be added. # the default capabilities defined in the container engine will be added.
# #
@ -65,7 +66,7 @@
# "SYS_CHROOT", # "SYS_CHROOT",
# ] # ]
# A list of sysctls to be set in containers by default, # A list of sysctls to be set in containers by default,
# specified as "name=value", # specified as "name=value",
# for example:"net.ipv4.ping_group_range = 0 1000". # for example:"net.ipv4.ping_group_range = 0 1000".
# #
@ -142,7 +143,8 @@
# #
# ipcns = "private" # ipcns = "private"
# container engines use container separation using MAC(SELinux) labeling. # Flag tells container engine to whether to use container separation using
# MAC(SELinux)labeling or not.
# Flag is ignored on label disabled systems. # Flag is ignored on label disabled systems.
# #
# label = true # label = true
@ -166,7 +168,7 @@
# #
# netns = "private" # netns = "private"
# Create /etc/hosts for the container. By default, container engines manage # Create /etc/hosts for the container. By default, container engine manage
# /etc/hosts, automatically adding the container's own IP address. # /etc/hosts, automatically adding the container's own IP address.
# #
# no_hosts = false # no_hosts = false
@ -227,7 +229,12 @@
# #
# network_config_dir = "/etc/cni/net.d/" # network_config_dir = "/etc/cni/net.d/"
[libpod] [engine]
# Cgroup management implementation used for the runtime.
# Valid options “systemd” or “cgroupfs”
#
# cgroup_manager = "systemd"
# Environment variables to pass into conmon # Environment variables to pass into conmon
# #
@ -254,7 +261,7 @@
# #
# detach_keys = "ctrl-p,ctrl-q" # detach_keys = "ctrl-p,ctrl-q"
# Determines whether libpod will reserve ports on the host when they are # Determines whether engine will reserve ports on the host when they are
# forwarded to containers. When enabled, when ports are forwarded to containers, # forwarded to containers. When enabled, when ports are forwarded to containers,
# ports are held open by as long as the container is running, ensuring that # ports are held open by as long as the container is running, ensuring that
# they cannot be reused by other programs on the host. However, this can cause # they cannot be reused by other programs on the host. However, this can cause
@ -281,9 +288,9 @@
# associated with the pod. This container does nothing other then sleep, # associated with the pod. This container does nothing other then sleep,
# reserving the pods resources for the lifetime of the pod. # reserving the pods resources for the lifetime of the pod.
# #
# infra_image = "k8s.gcr.io/pause:3.1" # infra_image = "k8s.gcr.io/pause:3.2"
# Specify the locking mechanism to use; valid values are "shm" and "file". # Specify the locking mechanism to use; valid values are "shm" and "file".
# Change the default only if you are sure of what you are doing, in general # Change the default only if you are sure of what you are doing, in general
# "file" is useful only on platforms where cgo is not available for using the # "file" is useful only on platforms where cgo is not available for using the
# faster "shm" lock type. You may need to run "podman system renumber" after # faster "shm" lock type. You may need to run "podman system renumber" after
@ -291,8 +298,8 @@
# #
# lock_type** = "shm" # lock_type** = "shm"
# Default libpod namespace # Default engine namespace
# If libpod is joined to a namespace, it will see only containers and pods # If engine is joined to a namespace, it will see only containers and pods
# that were created in the same namespace, and will create new containers and # that were created in the same namespace, and will create new containers and
# pods in that namespace. # pods in that namespace.
# The default namespace is "", which corresponds to no namespace. When no # The default namespace is "", which corresponds to no namespace. When no
@ -310,7 +317,10 @@
# #
# num_locks = 2048 # num_locks = 2048
# Directory for persistent libpod files (database, etc) # Whether to pull new image before running a container
# pull_policy = "missing"
# Directory for persistent engine files (database, etc)
# By default, this will be configured relative to where the containers/storage # By default, this will be configured relative to where the containers/storage
# stores containers # stores containers
# Uncomment to change location from this default # Uncomment to change location from this default
@ -333,12 +343,20 @@
# runtime = "runc" # runtime = "runc"
# List of the OCI runtimes that support --format=json. When json is supported # List of the OCI runtimes that support --format=json. When json is supported
# libpod will use it for reporting nicer errors. # engine will use it for reporting nicer errors.
# #
# runtime_supports_json = ["crun", "runc"] # runtime_supports_json = ["crun", "runc", "kata"]
# Paths to look for a valid OCI runtime (runc, runv, etc) # List of the OCI runtimes that supports running containers without cgroups.
[libpod.runtimes] #
# runtime_supports_nocgroups = ["crun"]
# List of the OCI runtimes that supports running containers with KVM Separation.
#
# runtime_supports_kvm = ["kata"]
# Paths to look for a valid OCI runtime (runc, runv, kata, etc)
[engine.runtimes]
# runc = [ # runc = [
# "/usr/bin/runc", # "/usr/bin/runc",
# "/usr/sbin/runc", # "/usr/sbin/runc",
@ -359,7 +377,21 @@
# "/run/current-system/sw/bin/crun", # "/run/current-system/sw/bin/crun",
# ] # ]
# The [libpod.runtimes] table MUST be the last entry in this file. # kata = [
# "/usr/bin/kata-runtime",
# "/usr/sbin/kata-runtime",
# "/usr/local/bin/kata-runtime",
# "/usr/local/sbin/kata-runtime",
# "/sbin/kata-runtime",
# "/bin/kata-runtime",
# "/usr/bin/kata-qemu",
# "/usr/bin/kata-fc",
# ]
# Number of seconds to wait for container to exit before sending kill signal.
#stop_timeout = 10
# The [engine.runtimes] table MUST be the last entry in this file.
# (Unless another table is added) # (Unless another table is added)
# TOML does not provide a way to end a table other than a further table being # TOML does not provide a way to end a table other than a further table being
# defined, so every key hereafter will be part of [runtimes] and not the main # defined, so every key hereafter will be part of [runtimes] and not the main

46
containers.conf.5.md
View File

@ -46,13 +46,13 @@ TOML can be simplified to:
The containers table contains settings pertaining to the OCI runtime that can The containers table contains settings pertaining to the OCI runtime that can
configure and manage the OCI runtime. configure and manage the OCI runtime.
**additional_devices**=[] **devices**=[]
List of additional devices. List of devices.
Specified as 'device-on-host:device-on-container:permissions', Specified as 'device-on-host:device-on-container:permissions',
for example: "/dev/sdc:/dev/xvdc:rwm". for example: "/dev/sdc:/dev/xvdc:rwm".
**additional_volumes**=[] **volumes**=[]
List of additional volumes. List of volumes.
Specified as "directory-on-host:directory-in-container:options", Specified as "directory-on-host:directory-in-container:options",
for example: "/db:/var/lib/db:ro". for example: "/db:/var/lib/db:ro".
@ -66,10 +66,6 @@ The default profile name is "container-default".
`private` Create private Cgroup Namespace for the container. `private` Create private Cgroup Namespace for the container.
`host` Share host Cgroup Namespace with the container. `host` Share host Cgroup Namespace with the container.
**cgroup_manager**="systemd"
The cgroup management implementation used for the runtime. Supports `cgroupfs`
and `systemd`.
**default_capabilities**=[] **default_capabilities**=[]
List of default capabilities for containers. List of default capabilities for containers.
@ -221,8 +217,15 @@ plugins.
**network_config_dir**="/etc/cni/net.d/" **network_config_dir**="/etc/cni/net.d/"
Path to the directory where CNI configuration files are located. Path to the directory where CNI configuration files are located.
## LIBPOD TABLE ## ENGINE TABLE
The `libpod` table contains configuration options used to set up a libpod runtime. The `engine` table contains configuration options used to set up container engines such as Podman and Buildah.
**cgroup_check**=false
CgroupCheck indicates the configuration has been rewritten after an upgrade to Fedora 31 to change the default OCI runtime for cgroupsv2.
**cgroup_manager**="systemd"
The cgroup management implementation used for the runtime. Supports `cgroupfs`
and `systemd`.
**conmon_env_vars**=[] **conmon_env_vars**=[]
Environment variables to pass into Conmon. Environment variables to pass into Conmon.
@ -254,7 +257,7 @@ Format is a single character `[a-Z]` or a comma separated sequence of
`a-z`, `@`, `^`, `[`, `\`, `]`, `^` or `_` `a-z`, `@`, `^`, `[`, `\`, `]`, `^` or `_`
**enable_port_reservation**=true **enable_port_reservation**=true
Determines whether libpod will reserve ports on the host when they are Determines whether the engine will reserve ports on the host when they are
forwarded to containers. When enabled, when ports are forwarded to containers, forwarded to containers. When enabled, when ports are forwarded to containers,
they are held open by conmon as long as the container is running, ensuring that they are held open by conmon as long as the container is running, ensuring that
they cannot be reused by other programs on the host. However, this can cause they cannot be reused by other programs on the host. However, this can cause
@ -271,10 +274,10 @@ Disabling this can save memory.
**infra_command**="/pause" **infra_command**="/pause"
Command to run the infra container. Command to run the infra container.
**infra_image**="k8s.gcr.io/pause:3.1" **infra_image**="k8s.gcr.io/pause:3.2"
Infra (pause) container image name for pod infra containers. When running a Infra (pause) container image name for pod infra containers. When running a
pod, we start a `pause` process in a container to hold open the namespaces pod, we start a `pause` process in a container to hold open the namespaces
associated with the pod. This container does nothing other then sleep, associated with the pod. This container does nothing other then sleep,
reserving the pods resources for the lifetime of the pod. reserving the pods resources for the lifetime of the pod.
**lock_type**="shm" **lock_type**="shm"
@ -285,7 +288,7 @@ faster "shm" lock type. You may need to run "podman system renumber" after you
change the lock type. change the lock type.
**namespace**="" **namespace**=""
Default libpod namespace. If libpod is joined to a namespace, it will see Default engine namespace. If the engine is joined to a namespace, it will see
only containers and pods that were created in the same namespace, and will only containers and pods that were created in the same namespace, and will
create new containers and pods in that namespace. The default namespace is "", create new containers and pods in that namespace. The default namespace is "",
which corresponds to no namespace. When no namespace is set, all containers which corresponds to no namespace. When no namespace is set, all containers
@ -300,21 +303,34 @@ pod consumes one lock. The default number available is 2048. If this is
changed, a lock renumbering must be performed, using the changed, a lock renumbering must be performed, using the
`podman system renumber` command. `podman system renumber` command.
**pull_policy**="always"|"missing"|"never"
Pull image before running or creating a container. The default is **missing**.
- **missing**: attempt to pull the latest image from the registries listed in registries.conf if a local image does not exist. Raise an error if the image is not in any listed registry and is not present locally.
- **always**: pull the image from the first registry it is found in as listed in registries.conf. Raise an error if not found in the registries, even if the image is present locally.
- **never**: do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally.
**runtime**="crun" **runtime**="crun"
Default OCI specific runtime in runtimes that will be used by default. Must Default OCI specific runtime in runtimes that will be used by default. Must
refer to a member of the runtimes table. refer to a member of the runtimes table.
**runtime_supports_json**=["crun", "runc"] **runtime_supports_json**=["crun", "runc", "kata"]
The list of the OCI runtimes that support `--format=json`. The list of the OCI runtimes that support `--format=json`.
**runtime_supports_nocgroups**=["crun"] **runtime_supports_nocgroups**=["crun"]
The list of OCI runtimes that support running containers without CGroups. The list of OCI runtimes that support running containers without CGroups.
**runtime_supports_kvm**=["kata"]
The list of OCI runtimes that support running containers with KVM separation.
**static_dir**="/var/lib/containers/storage/libpod" **static_dir**="/var/lib/containers/storage/libpod"
Directory for persistent libpod files (database, etc). Directory for persistent libpod files (database, etc).
By default this will be configured relative to where containers/storage By default this will be configured relative to where containers/storage
stores containers. stores containers.
**stop_timeout**=10
Number of seconds to wait for container to exit before sending kill signal.
**tmp_dir**="/var/run/libpod" **tmp_dir**="/var/run/libpod"
The path to a temporary directory to store per-boot container. The path to a temporary directory to store per-boot container.
Must be a tmpfs (wiped after reboot). Must be a tmpfs (wiped after reboot).

5
skopeo.spec
View File

@ -46,7 +46,7 @@ Epoch: 1
Epoch: 2 Epoch: 2
%endif %endif
Version: 0.1.42 Version: 0.1.42
Release: 0.16.dev.git%{shortcommit0}%{?dist} Release: 1.0.dev.git%{shortcommit0}%{?dist}
Summary: Inspect container images and repositories on registries Summary: Inspect container images and repositories on registries
License: ASL 2.0 License: ASL 2.0
URL: %{git0} URL: %{git0}
@ -434,6 +434,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%{_datadir}/%{name}/test %{_datadir}/%{name}/test
%changelog %changelog
* Tue Apr 7 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:0.1.42-1
- Update containers.conf and containers.conf.5.md to upstream
* Mon Apr 06 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:0.1.42-0.16.dev.git8fa3326 * Mon Apr 06 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:0.1.42-0.16.dev.git8fa3326
- autobuilt 8fa3326 - autobuilt 8fa3326