From 22d8d4282dcb493f14e169f8c53668df7ee0c06a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 10 Jun 2021 06:54:57 -0400 Subject: [PATCH] Sort containers.conf and containers.conf.5.md Remove cgroup_check which is no longer needed. Fixes: https://github.com/containers/common/issues/372 Signed-off-by: Daniel J Walsh --- common/docs/containers.conf.5.md | 28 +++--- common/pkg/config/containers.conf | 144 +++++++++++++++--------------- 2 files changed, 84 insertions(+), 88 deletions(-) diff --git a/common/docs/containers.conf.5.md b/common/docs/containers.conf.5.md index 7f6fe4dd02..1ca1661bd9 100644 --- a/common/docs/containers.conf.5.md +++ b/common/docs/containers.conf.5.md @@ -302,10 +302,6 @@ The `engine` table contains configuration options used to set up container engin Name of destination for accessing the Podman service. See SERVICE DESTINATION TABLE below. -**cgroup_check**=false - -CgroupCheck indicates the configuration has been rewritten after an upgrade to Fedora 31 to change the default OCI runtime for cgroupsv2. - **cgroup_manager**="systemd" The cgroup management implementation used for the runtime. Supports `cgroupfs` @@ -463,14 +459,14 @@ on the system using the priority: "crun", "runc", "kata". The list of the OCI runtimes that support `--format=json`. -**runtime_supports_nocgroups**=["crun"] - -The list of OCI runtimes that support running containers without CGroups. - **runtime_supports_kvm**=["kata"] The list of OCI runtimes that support running containers with KVM separation. +**runtime_supports_nocgroups**=["crun"] + +The list of OCI runtimes that support running containers without CGroups. + **static_dir**="/var/lib/containers/storage/libpod" Directory for persistent libpod files (database, etc). @@ -486,6 +482,14 @@ Number of seconds to wait for container to exit before sending kill signal. The path to a temporary directory to store per-boot container. Must be a tmpfs (wiped after reboot). +**volume_path**="/var/lib/containers/storage/volumes" + +Directory where named volumes will be created in using the default volume +driver. +By default this will be configured relative to where containers/storage store +containers. This convention is followed by the default volume driver, but may +not be by other drivers. + ## SERVICE DESTINATION TABLE The `service_destinations` table contains configuration options used to set up remote connections to the podman service for the podman API. @@ -504,14 +508,6 @@ URI to access the Podman service Path to file containing ssh identity key -**volume_path**="/var/lib/containers/storage/volumes" - -Directory where named volumes will be created in using the default volume -driver. -By default this will be configured relative to where containers/storage store -containers. This convention is followed by the default volume driver, but may -not be by other drivers. - **[engine.volume_plugins]** A table of all the enabled volume plugins on the system. Volume plugins can be diff --git a/common/pkg/config/containers.conf b/common/pkg/config/containers.conf index 5ee613ef86..f2ef01f91b 100644 --- a/common/pkg/config/containers.conf +++ b/common/pkg/config/containers.conf @@ -16,30 +16,16 @@ [containers] -# List of devices. Specified as -# "::", for example: -# "/dev/sdc:/dev/xvdc:rwm". -# If it is empty or commented out, only the default devices will be used -# -# devices = [] - -# List of volumes. Specified as -# "::", for example: -# "/db:/var/lib/db:ro". -# If it is empty or commented out, no volumes will be added -# -# volumes = [] - -# Used to change the name of the default AppArmor profile of container engine. -# -# apparmor_profile = "container-default" - # List of annotation. Specified as # "key=value" # If it is empty or commented out, no annotations will be added # # annotations = [] +# Used to change the name of the default AppArmor profile of container engine. +# +# apparmor_profile = "container-default" + # Default way to to create a cgroup namespace for the container # Options are: # `private` Create private Cgroup Namespace for the container. @@ -93,6 +79,13 @@ default_sysctls = [ # "nofile=1280:2560", # ] +# List of devices. Specified as +# "::", for example: +# "/dev/sdc:/dev/xvdc:rwm". +# If it is empty or commented out, only the default devices will be used +# +# devices = [] + # List of default DNS options to be added to /etc/resolv.conf inside of the container. # # dns_options = [] @@ -185,10 +178,6 @@ default_sysctls = [ # # no_hosts = false -# Maximum number of processes allowed in a container. -# -# pids_limit = 2048 - # Default way to to create a PID namespace for the container # Options are: # `private` Create private PID Namespace for the container. @@ -196,6 +185,10 @@ default_sysctls = [ # # pidns = "private" +# Maximum number of processes allowed in a container. +# +# pids_limit = 2048 + # Indicates the networking to be used for rootless containers # rootless_networking="slirp4netns" @@ -220,13 +213,6 @@ default_sysctls = [ # # umask="0022" -# Default way to to create a UTS namespace for the container -# Options are: -# `private` Create private UTS Namespace for the container. -# `host` Share host UTS Namespace with the container. -# -# utsns = "private" - # Default way to to create a User namespace for the container # Options are: # `auto` Create unique User Namespace for the container. @@ -240,6 +226,20 @@ default_sysctls = [ # # userns_size=65536 +# Default way to to create a UTS namespace for the container +# Options are: +# `private` Create private UTS Namespace for the container. +# `host` Share host UTS Namespace with the container. +# +# utsns = "private" + +# List of volumes. Specified as +# "::", for example: +# "/db:/var/lib/db:ro". +# If it is empty or commented out, no volumes will be added +# +# volumes = [] + # The network table contains settings pertaining to the management of # CNI plugins. @@ -263,14 +263,8 @@ default_sysctls = [ # network_config_dir = "/etc/cni/net.d/" [engine] -# Maximum number of image layers to be copied (pulled/pushed) simultaneously. -# Not setting this field, or setting it to zero, will fall back to containers/image defaults. -# image_parallel_copies=0 - -# Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building -# container images. By default image pulled and pushed match the format of the -# source image. Building/committing defaults to OCI. -# image_default_format = "" +# Index to the active service +# active_service = production # Cgroup management implementation used for the runtime. # Valid options "systemd" or "cgroupfs" @@ -328,10 +322,19 @@ default_sysctls = [ # "/usr/share/containers/oci/hooks.d", # ] +# Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building +# container images. By default image pulled and pushed match the format of the +# source image. Building/committing defaults to OCI. +# image_default_format = "" + # Default transport method for pulling and pushing for images # # image_default_transport = "docker://" +# Maximum number of image layers to be copied (pulled/pushed) simultaneously. +# Not setting this field, or setting it to zero, will fall back to containers/image defaults. +# image_parallel_copies=0 + # Default command to run the infra container # # infra_command = "/pause" @@ -398,24 +401,6 @@ default_sysctls = [ # `podman --remote=true` for access to the remote Podman service. # remote = false -# Directory for persistent engine files (database, etc) -# By default, this will be configured relative to where the containers/storage -# stores containers -# Uncomment to change location from this default -# -# static_dir = "/var/lib/containers/storage/libpod" - -# Directory for temporary files. Must be tmpfs (wiped after reboot) -# -# tmp_dir = "/run/libpod" - -# Directory for libpod named volumes. -# By default, this will be configured relative to where containers/storage -# stores containers. -# Uncomment to change location from this default. -# -# volume_path = "/var/lib/containers/storage/volumes" - # Default OCI runtime # # runtime = "crun" @@ -425,20 +410,24 @@ default_sysctls = [ # # runtime_supports_json = ["crun", "runc", "kata", "runsc"] -# List of the OCI runtimes that supports running containers without cgroups. -# -# runtime_supports_nocgroups = ["crun"] - # List of the OCI runtimes that supports running containers with KVM Separation. # # runtime_supports_kvm = ["kata"] +# List of the OCI runtimes that supports running containers without cgroups. +# +# runtime_supports_nocgroups = ["crun"] + +# Directory for persistent engine files (database, etc) +# By default, this will be configured relative to where the containers/storage +# stores containers +# Uncomment to change location from this default +# +# static_dir = "/var/lib/containers/storage/libpod" + # Number of seconds to wait for container to exit before sending kill signal. # stop_timeout = 10 -# Index to the active service -# active_service = production - # map of service destinations # [service_destinations] # [service_destinations.production] @@ -452,6 +441,17 @@ default_sysctls = [ # Path to file containing ssh identity key # identity = "~/.ssh/id_rsa" +# Directory for temporary files. Must be tmpfs (wiped after reboot) +# +# tmp_dir = "/run/libpod" + +# Directory for libpod named volumes. +# By default, this will be configured relative to where containers/storage +# stores containers. +# Uncomment to change location from this default. +# +# volume_path = "/var/lib/containers/storage/volumes" + # Paths to look for a valid OCI runtime (crun, runc, kata, runsc, etc) [engine.runtimes] # crun = [ @@ -464,16 +464,6 @@ default_sysctls = [ # "/run/current-system/sw/bin/crun", # ] -# runc = [ -# "/usr/bin/runc", -# "/usr/sbin/runc", -# "/usr/local/bin/runc", -# "/usr/local/sbin/runc", -# "/sbin/runc", -# "/bin/runc", -# "/usr/lib/cri-o-runc/sbin/runc", -# ] - # kata = [ # "/usr/bin/kata-runtime", # "/usr/sbin/kata-runtime", @@ -485,6 +475,16 @@ default_sysctls = [ # "/usr/bin/kata-fc", # ] +# runc = [ +# "/usr/bin/runc", +# "/usr/sbin/runc", +# "/usr/local/bin/runc", +# "/usr/local/sbin/runc", +# "/sbin/runc", +# "/bin/runc", +# "/usr/lib/cri-o-runc/sbin/runc", +# ] + # runsc = [ # "/usr/bin/runsc", # "/usr/sbin/runsc",