Add support for containers.conf and man page
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
parent
ae2a8235f5
commit
e5fe04695e
@ -1,9 +1,9 @@
|
||||
# The containers configuration file specifies all of the available configuration
|
||||
# command-line options/flags for container runtime tools like Podman & Buildah,
|
||||
# command-line options/flags for container engine tools like Podman & Buildah,
|
||||
# but in a TOML format that can be easily modified and versioned.
|
||||
|
||||
# Please refer to containers.conf(5) for details of all configuration options.
|
||||
# Not all container tools implement all of the options.
|
||||
# Not all container engines implement all of the options.
|
||||
# All of the options have hard coded defaults and these options will override
|
||||
# the built in defaults. Users can then override these options via the command
|
||||
# line. Container engines will read containers.conf files in up to three
|
||||
@ -16,24 +16,30 @@
|
||||
|
||||
[containers]
|
||||
|
||||
# List of additional devices. Specified as
|
||||
# List of devices. Specified as
|
||||
# "<device-on-host>:<device-on-container>:<permissions>", for example:
|
||||
# "/dev/sdc:/dev/xvdc:rwm".
|
||||
# If it is empty or commented out, only the default devices will be used
|
||||
#
|
||||
# additional_devices = []
|
||||
# devices = []
|
||||
|
||||
# List of additional volumes. Specified as
|
||||
# List of volumes. Specified as
|
||||
# "<directory-on-host>:<directory-in-container>:<options>", for example:
|
||||
# "/db:/var/lib/db:ro".
|
||||
# If it is empty or commented out, no volumes will be added
|
||||
#
|
||||
# additional_volumes = []
|
||||
# volumes = []
|
||||
|
||||
# Used to change the name of the default AppArmor profile of container engines.
|
||||
# Used to change the name of the default AppArmor profile of container engine.
|
||||
#
|
||||
# apparmor_profile = "container-default"
|
||||
|
||||
# List of annotation. Specified as
|
||||
# "key=value"
|
||||
# If it is empty or commented out, no annotations will be added
|
||||
#
|
||||
# annotations = []
|
||||
|
||||
# Default way to to create a cgroup namespace for the container
|
||||
# Options are:
|
||||
# `private` Create private Cgroup Namespace for the container.
|
||||
@ -41,11 +47,6 @@
|
||||
#
|
||||
# cgroupns = "private"
|
||||
|
||||
# Cgroup management implementation used for the runtime.
|
||||
# Valid options “systemd” or “cgroupfs”
|
||||
#
|
||||
# cgroup_manager = "systemd"
|
||||
|
||||
# List of default capabilities for containers. If it is empty or commented out,
|
||||
# the default capabilities defined in the container engine will be added.
|
||||
#
|
||||
@ -65,7 +66,7 @@
|
||||
# "SYS_CHROOT",
|
||||
# ]
|
||||
|
||||
# A list of sysctls to be set in containers by default,
|
||||
# A list of sysctls to be set in containers by default,
|
||||
# specified as "name=value",
|
||||
# for example:"net.ipv4.ping_group_range = 0 1000".
|
||||
#
|
||||
@ -142,7 +143,8 @@
|
||||
#
|
||||
# ipcns = "private"
|
||||
|
||||
# container engines use container separation using MAC(SELinux) labeling.
|
||||
# Flag tells container engine to whether to use container separation using
|
||||
# MAC(SELinux)labeling or not.
|
||||
# Flag is ignored on label disabled systems.
|
||||
#
|
||||
# label = true
|
||||
@ -166,7 +168,7 @@
|
||||
#
|
||||
# netns = "private"
|
||||
|
||||
# Create /etc/hosts for the container. By default, container engines manage
|
||||
# Create /etc/hosts for the container. By default, container engine manage
|
||||
# /etc/hosts, automatically adding the container's own IP address.
|
||||
#
|
||||
# no_hosts = false
|
||||
@ -227,7 +229,12 @@
|
||||
#
|
||||
# network_config_dir = "/etc/cni/net.d/"
|
||||
|
||||
[libpod]
|
||||
[engine]
|
||||
|
||||
# Cgroup management implementation used for the runtime.
|
||||
# Valid options “systemd” or “cgroupfs”
|
||||
#
|
||||
# cgroup_manager = "systemd"
|
||||
|
||||
# Environment variables to pass into conmon
|
||||
#
|
||||
@ -254,7 +261,7 @@
|
||||
#
|
||||
# detach_keys = "ctrl-p,ctrl-q"
|
||||
|
||||
# Determines whether libpod will reserve ports on the host when they are
|
||||
# Determines whether engine will reserve ports on the host when they are
|
||||
# forwarded to containers. When enabled, when ports are forwarded to containers,
|
||||
# ports are held open by as long as the container is running, ensuring that
|
||||
# they cannot be reused by other programs on the host. However, this can cause
|
||||
@ -281,9 +288,9 @@
|
||||
# associated with the pod. This container does nothing other then sleep,
|
||||
# reserving the pods resources for the lifetime of the pod.
|
||||
#
|
||||
# infra_image = "k8s.gcr.io/pause:3.1"
|
||||
# infra_image = "k8s.gcr.io/pause:3.2"
|
||||
|
||||
# Specify the locking mechanism to use; valid values are "shm" and "file".
|
||||
# Specify the locking mechanism to use; valid values are "shm" and "file".
|
||||
# Change the default only if you are sure of what you are doing, in general
|
||||
# "file" is useful only on platforms where cgo is not available for using the
|
||||
# faster "shm" lock type. You may need to run "podman system renumber" after
|
||||
@ -291,8 +298,8 @@
|
||||
#
|
||||
# lock_type** = "shm"
|
||||
|
||||
# Default libpod namespace
|
||||
# If libpod is joined to a namespace, it will see only containers and pods
|
||||
# Default engine namespace
|
||||
# If engine is joined to a namespace, it will see only containers and pods
|
||||
# that were created in the same namespace, and will create new containers and
|
||||
# pods in that namespace.
|
||||
# The default namespace is "", which corresponds to no namespace. When no
|
||||
@ -310,7 +317,10 @@
|
||||
#
|
||||
# num_locks = 2048
|
||||
|
||||
# Directory for persistent libpod files (database, etc)
|
||||
# Whether to pull new image before running a container
|
||||
# pull_policy = "missing"
|
||||
|
||||
# Directory for persistent engine files (database, etc)
|
||||
# By default, this will be configured relative to where the containers/storage
|
||||
# stores containers
|
||||
# Uncomment to change location from this default
|
||||
@ -333,12 +343,20 @@
|
||||
# runtime = "runc"
|
||||
|
||||
# List of the OCI runtimes that support --format=json. When json is supported
|
||||
# libpod will use it for reporting nicer errors.
|
||||
# engine will use it for reporting nicer errors.
|
||||
#
|
||||
# runtime_supports_json = ["crun", "runc"]
|
||||
# runtime_supports_json = ["crun", "runc", "kata"]
|
||||
|
||||
# Paths to look for a valid OCI runtime (runc, runv, etc)
|
||||
[libpod.runtimes]
|
||||
# List of the OCI runtimes that supports running containers without cgroups.
|
||||
#
|
||||
# runtime_supports_nocgroups = ["crun"]
|
||||
|
||||
# List of the OCI runtimes that supports running containers with KVM Separation.
|
||||
#
|
||||
# runtime_supports_kvm = ["kata"]
|
||||
|
||||
# Paths to look for a valid OCI runtime (runc, runv, kata, etc)
|
||||
[engine.runtimes]
|
||||
# runc = [
|
||||
# "/usr/bin/runc",
|
||||
# "/usr/sbin/runc",
|
||||
@ -359,7 +377,21 @@
|
||||
# "/run/current-system/sw/bin/crun",
|
||||
# ]
|
||||
|
||||
# The [libpod.runtimes] table MUST be the last entry in this file.
|
||||
# kata = [
|
||||
# "/usr/bin/kata-runtime",
|
||||
# "/usr/sbin/kata-runtime",
|
||||
# "/usr/local/bin/kata-runtime",
|
||||
# "/usr/local/sbin/kata-runtime",
|
||||
# "/sbin/kata-runtime",
|
||||
# "/bin/kata-runtime",
|
||||
# "/usr/bin/kata-qemu",
|
||||
# "/usr/bin/kata-fc",
|
||||
# ]
|
||||
|
||||
# Number of seconds to wait for container to exit before sending kill signal.
|
||||
#stop_timeout = 10
|
||||
|
||||
# The [engine.runtimes] table MUST be the last entry in this file.
|
||||
# (Unless another table is added)
|
||||
# TOML does not provide a way to end a table other than a further table being
|
||||
# defined, so every key hereafter will be part of [runtimes] and not the main
|
||||
|
@ -46,13 +46,13 @@ TOML can be simplified to:
|
||||
The containers table contains settings pertaining to the OCI runtime that can
|
||||
configure and manage the OCI runtime.
|
||||
|
||||
**additional_devices**=[]
|
||||
List of additional devices.
|
||||
**devices**=[]
|
||||
List of devices.
|
||||
Specified as 'device-on-host:device-on-container:permissions',
|
||||
for example: "/dev/sdc:/dev/xvdc:rwm".
|
||||
|
||||
**additional_volumes**=[]
|
||||
List of additional volumes.
|
||||
**volumes**=[]
|
||||
List of volumes.
|
||||
Specified as "directory-on-host:directory-in-container:options",
|
||||
for example: "/db:/var/lib/db:ro".
|
||||
|
||||
@ -66,10 +66,6 @@ The default profile name is "container-default".
|
||||
`private` Create private Cgroup Namespace for the container.
|
||||
`host` Share host Cgroup Namespace with the container.
|
||||
|
||||
**cgroup_manager**="systemd"
|
||||
The cgroup management implementation used for the runtime. Supports `cgroupfs`
|
||||
and `systemd`.
|
||||
|
||||
**default_capabilities**=[]
|
||||
List of default capabilities for containers.
|
||||
|
||||
@ -221,8 +217,15 @@ plugins.
|
||||
**network_config_dir**="/etc/cni/net.d/"
|
||||
Path to the directory where CNI configuration files are located.
|
||||
|
||||
## LIBPOD TABLE
|
||||
The `libpod` table contains configuration options used to set up a libpod runtime.
|
||||
## ENGINE TABLE
|
||||
The `engine` table contains configuration options used to set up container engines such as Podman and Buildah.
|
||||
|
||||
**cgroup_check**=false
|
||||
CgroupCheck indicates the configuration has been rewritten after an upgrade to Fedora 31 to change the default OCI runtime for cgroupsv2.
|
||||
|
||||
**cgroup_manager**="systemd"
|
||||
The cgroup management implementation used for the runtime. Supports `cgroupfs`
|
||||
and `systemd`.
|
||||
|
||||
**conmon_env_vars**=[]
|
||||
Environment variables to pass into Conmon.
|
||||
@ -254,7 +257,7 @@ Format is a single character `[a-Z]` or a comma separated sequence of
|
||||
`a-z`, `@`, `^`, `[`, `\`, `]`, `^` or `_`
|
||||
|
||||
**enable_port_reservation**=true
|
||||
Determines whether libpod will reserve ports on the host when they are
|
||||
Determines whether the engine will reserve ports on the host when they are
|
||||
forwarded to containers. When enabled, when ports are forwarded to containers,
|
||||
they are held open by conmon as long as the container is running, ensuring that
|
||||
they cannot be reused by other programs on the host. However, this can cause
|
||||
@ -271,7 +274,7 @@ Disabling this can save memory.
|
||||
**infra_command**="/pause"
|
||||
Command to run the infra container.
|
||||
|
||||
**infra_image**="k8s.gcr.io/pause:3.1"
|
||||
**infra_image**="k8s.gcr.io/pause:3.2"
|
||||
Infra (pause) container image name for pod infra containers. When running a
|
||||
pod, we start a `pause` process in a container to hold open the namespaces
|
||||
associated with the pod. This container does nothing other then sleep,
|
||||
@ -285,7 +288,7 @@ faster "shm" lock type. You may need to run "podman system renumber" after you
|
||||
change the lock type.
|
||||
|
||||
**namespace**=""
|
||||
Default libpod namespace. If libpod is joined to a namespace, it will see
|
||||
Default engine namespace. If the engine is joined to a namespace, it will see
|
||||
only containers and pods that were created in the same namespace, and will
|
||||
create new containers and pods in that namespace. The default namespace is "",
|
||||
which corresponds to no namespace. When no namespace is set, all containers
|
||||
@ -300,21 +303,34 @@ pod consumes one lock. The default number available is 2048. If this is
|
||||
changed, a lock renumbering must be performed, using the
|
||||
`podman system renumber` command.
|
||||
|
||||
**pull_policy**="always"|"missing"|"never"
|
||||
Pull image before running or creating a container. The default is **missing**.
|
||||
|
||||
- **missing**: attempt to pull the latest image from the registries listed in registries.conf if a local image does not exist. Raise an error if the image is not in any listed registry and is not present locally.
|
||||
- **always**: pull the image from the first registry it is found in as listed in registries.conf. Raise an error if not found in the registries, even if the image is present locally.
|
||||
- **never**: do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally.
|
||||
|
||||
**runtime**="crun"
|
||||
Default OCI specific runtime in runtimes that will be used by default. Must
|
||||
refer to a member of the runtimes table.
|
||||
|
||||
**runtime_supports_json**=["crun", "runc"]
|
||||
**runtime_supports_json**=["crun", "runc", "kata"]
|
||||
The list of the OCI runtimes that support `--format=json`.
|
||||
|
||||
**runtime_supports_nocgroups**=["crun"]
|
||||
The list of OCI runtimes that support running containers without CGroups.
|
||||
|
||||
**runtime_supports_kvm**=["kata"]
|
||||
The list of OCI runtimes that support running containers with KVM separation.
|
||||
|
||||
**static_dir**="/var/lib/containers/storage/libpod"
|
||||
Directory for persistent libpod files (database, etc).
|
||||
By default this will be configured relative to where containers/storage
|
||||
stores containers.
|
||||
|
||||
**stop_timeout**=10
|
||||
Number of seconds to wait for container to exit before sending kill signal.
|
||||
|
||||
**tmp_dir**="/var/run/libpod"
|
||||
The path to a temporary directory to store per-boot container.
|
||||
Must be a tmpfs (wiped after reboot).
|
||||
|
@ -46,7 +46,7 @@ Epoch: 1
|
||||
Epoch: 2
|
||||
%endif
|
||||
Version: 0.1.42
|
||||
Release: 0.16.dev.git%{shortcommit0}%{?dist}
|
||||
Release: 1.0.dev.git%{shortcommit0}%{?dist}
|
||||
Summary: Inspect container images and repositories on registries
|
||||
License: ASL 2.0
|
||||
URL: %{git0}
|
||||
@ -434,6 +434,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
|
||||
%{_datadir}/%{name}/test
|
||||
|
||||
%changelog
|
||||
* Tue Apr 7 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:0.1.42-1
|
||||
- Update containers.conf and containers.conf.5.md to upstream
|
||||
|
||||
* Mon Apr 06 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:0.1.42-0.16.dev.git8fa3326
|
||||
- autobuilt 8fa3326
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user