| 192 |
- |
1 |
# This file is is the configuration file for all tools
|
| 209 |
- |
2 |
# that use the containers/storage library. The storage.conf file
|
|
|
3 |
# overrides all other storage.conf files. Container engines using the
|
|
|
4 |
# container/storage library do not inherit fields from other storage.conf
|
|
|
5 |
# files.
|
|
|
6 |
#
|
|
|
7 |
# Note: The storage.conf file overrides other storage.conf files based on this precedence:
|
|
|
8 |
# /usr/containers/storage.conf
|
|
|
9 |
# /etc/containers/storage.conf
|
|
|
10 |
# $HOME/.config/containers/storage.conf
|
|
|
11 |
# $XDG_CONFIG_HOME/containers/storage.conf (If XDG_CONFIG_HOME is set)
|
| 192 |
- |
12 |
# See man 5 containers-storage.conf for more information
|
|
|
13 |
# The "container storage" table contains all of the server options.
|
|
|
14 |
[storage]
|
|
|
15 |
|
| 197 |
- |
16 |
# Default Storage Driver, Must be set for proper operation.
|
| 192 |
- |
17 |
driver = "overlay"
|
|
|
18 |
|
|
|
19 |
# Temporary storage location
|
| 197 |
- |
20 |
runroot = "/run/containers/storage"
|
| 192 |
- |
21 |
|
|
|
22 |
# Primary Read/Write location of container storage
|
| 209 |
- |
23 |
# When changing the graphroot location on an SELINUX system, you must
|
|
|
24 |
# ensure the labeling matches the default locations labels with the
|
|
|
25 |
# following commands:
|
|
|
26 |
# semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH
|
|
|
27 |
# restorecon -R -v /NEWSTORAGEPATH
|
| 192 |
- |
28 |
graphroot = "/var/lib/containers/storage"
|
|
|
29 |
|
| 209 |
- |
30 |
|
| 192 |
- |
31 |
# Storage path for rootless users
|
|
|
32 |
#
|
|
|
33 |
# rootless_storage_path = "$HOME/.local/share/containers/storage"
|
|
|
34 |
|
|
|
35 |
[storage.options]
|
|
|
36 |
# Storage options to be passed to underlying storage drivers
|
|
|
37 |
|
|
|
38 |
# AdditionalImageStores is used to pass paths to additional Read/Only image stores
|
|
|
39 |
# Must be comma separated list.
|
|
|
40 |
additionalimagestores = [
|
|
|
41 |
]
|
|
|
42 |
|
|
|
43 |
# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
|
|
|
44 |
# a container, to the UIDs/GIDs as they should appear outside of the container,
|
|
|
45 |
# and the length of the range of UIDs/GIDs. Additional mapped sets can be
|
|
|
46 |
# listed and will be heeded by libraries, but there are limits to the number of
|
|
|
47 |
# mappings which the kernel will allow when you later attempt to run a
|
|
|
48 |
# container.
|
|
|
49 |
#
|
|
|
50 |
# remap-uids = 0:1668442479:65536
|
|
|
51 |
# remap-gids = 0:1668442479:65536
|
|
|
52 |
|
|
|
53 |
# Remap-User/Group is a user name which can be used to look up one or more UID/GID
|
|
|
54 |
# ranges in the /etc/subuid or /etc/subgid file. Mappings are set up starting
|
|
|
55 |
# with an in-container ID of 0 and then a host-level ID taken from the lowest
|
|
|
56 |
# range that matches the specified name, and using the length of that range.
|
|
|
57 |
# Additional ranges are then assigned, using the ranges which specify the
|
|
|
58 |
# lowest host-level IDs first, to the lowest not-yet-mapped in-container ID,
|
|
|
59 |
# until all of the entries have been used for maps.
|
|
|
60 |
#
|
|
|
61 |
# remap-user = "containers"
|
|
|
62 |
# remap-group = "containers"
|
|
|
63 |
|
|
|
64 |
# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
|
|
|
65 |
# ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned
|
|
|
66 |
# to containers configured to create automatically a user namespace. Containers
|
|
|
67 |
# configured to automatically create a user namespace can still overlap with containers
|
|
|
68 |
# having an explicit mapping set.
|
|
|
69 |
# This setting is ignored when running as rootless.
|
|
|
70 |
# root-auto-userns-user = "storage"
|
|
|
71 |
#
|
|
|
72 |
# Auto-userns-min-size is the minimum size for a user namespace created automatically.
|
|
|
73 |
# auto-userns-min-size=1024
|
|
|
74 |
#
|
|
|
75 |
# Auto-userns-max-size is the minimum size for a user namespace created automatically.
|
|
|
76 |
# auto-userns-max-size=65536
|
|
|
77 |
|
|
|
78 |
[storage.options.overlay]
|
|
|
79 |
# ignore_chown_errors can be set to allow a non privileged user running with
|
|
|
80 |
# a single UID within a user namespace to run containers. The user can pull
|
|
|
81 |
# and use any image even those with multiple uids. Note multiple UIDs will be
|
|
|
82 |
# squashed down to the default uid in the container. These images will have no
|
|
|
83 |
# separation between the users in the container. Only supported for the overlay
|
|
|
84 |
# and vfs drivers.
|
|
|
85 |
#ignore_chown_errors = "false"
|
|
|
86 |
|
| 203 |
- |
87 |
# Inodes is used to set a maximum inodes of the container image.
|
|
|
88 |
# inodes = ""
|
|
|
89 |
|
| 192 |
- |
90 |
# Path to an helper program to use for mounting the file system instead of mounting it
|
|
|
91 |
# directly.
|
|
|
92 |
#mount_program = "/usr/bin/fuse-overlayfs"
|
|
|
93 |
|
|
|
94 |
# mountopt specifies comma separated list of extra mount options
|
|
|
95 |
mountopt = "nodev,metacopy=on"
|
|
|
96 |
|
|
|
97 |
# Set to skip a PRIVATE bind mount on the storage home directory.
|
|
|
98 |
# skip_mount_home = "false"
|
|
|
99 |
|
|
|
100 |
# Size is used to set a maximum size of the container image.
|
|
|
101 |
# size = ""
|
|
|
102 |
|
| 197 |
- |
103 |
# ForceMask specifies the permissions mask that is used for new files and
|
|
|
104 |
# directories.
|
|
|
105 |
#
|
|
|
106 |
# The values "shared" and "private" are accepted.
|
|
|
107 |
# Octal permission masks are also accepted.
|
|
|
108 |
#
|
|
|
109 |
# "": No value specified.
|
|
|
110 |
# All files/directories, get set with the permissions identified within the
|
|
|
111 |
# image.
|
|
|
112 |
# "private": it is equivalent to 0700.
|
|
|
113 |
# All files/directories get set with 0700 permissions. The owner has rwx
|
|
|
114 |
# access to the files. No other users on the system can access the files.
|
|
|
115 |
# This setting could be used with networked based homedirs.
|
|
|
116 |
# "shared": it is equivalent to 0755.
|
|
|
117 |
# The owner has rwx access to the files and everyone else can read, access
|
|
|
118 |
# and execute them. This setting is useful for sharing containers storage
|
|
|
119 |
# with other users. For instance have a storage owned by root but shared
|
|
|
120 |
# to rootless users as an additional store.
|
|
|
121 |
# NOTE: All files within the image are made readable and executable by any
|
|
|
122 |
# user on the system. Even /etc/shadow within your image is now readable by
|
|
|
123 |
# any user.
|
|
|
124 |
#
|
|
|
125 |
# OCTAL: Users can experiment with other OCTAL Permissions.
|
|
|
126 |
#
|
|
|
127 |
# Note: The force_mask Flag is an experimental feature, it could change in the
|
|
|
128 |
# future. When "force_mask" is set the original permission mask is stored in
|
|
|
129 |
# the "user.containers.override_stat" xattr and the "mount_program" option must
|
|
|
130 |
# be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
|
|
|
131 |
# extended attribute permissions to processes within containers rather then the
|
|
|
132 |
# "force_mask" permissions.
|
|
|
133 |
#
|
|
|
134 |
# force_mask = ""
|
|
|
135 |
|
| 192 |
- |
136 |
[storage.options.thinpool]
|
|
|
137 |
# Storage Options for thinpool
|
|
|
138 |
|
|
|
139 |
# autoextend_percent determines the amount by which pool needs to be
|
|
|
140 |
# grown. This is specified in terms of % of pool size. So a value of 20 means
|
|
|
141 |
# that when threshold is hit, pool will be grown by 20% of existing
|
|
|
142 |
# pool size.
|
|
|
143 |
# autoextend_percent = "20"
|
|
|
144 |
|
|
|
145 |
# autoextend_threshold determines the pool extension threshold in terms
|
|
|
146 |
# of percentage of pool size. For example, if threshold is 60, that means when
|
|
|
147 |
# pool is 60% full, threshold has been hit.
|
|
|
148 |
# autoextend_threshold = "80"
|
|
|
149 |
|
|
|
150 |
# basesize specifies the size to use when creating the base device, which
|
|
|
151 |
# limits the size of images and containers.
|
|
|
152 |
# basesize = "10G"
|
|
|
153 |
|
|
|
154 |
# blocksize specifies a custom blocksize to use for the thin pool.
|
|
|
155 |
# blocksize="64k"
|
|
|
156 |
|
|
|
157 |
# directlvm_device specifies a custom block storage device to use for the
|
|
|
158 |
# thin pool. Required if you setup devicemapper.
|
|
|
159 |
# directlvm_device = ""
|
|
|
160 |
|
|
|
161 |
# directlvm_device_force wipes device even if device already has a filesystem.
|
|
|
162 |
# directlvm_device_force = "True"
|
|
|
163 |
|
|
|
164 |
# fs specifies the filesystem type to use for the base device.
|
|
|
165 |
# fs="xfs"
|
|
|
166 |
|
|
|
167 |
# log_level sets the log level of devicemapper.
|
|
|
168 |
# 0: LogLevelSuppress 0 (Default)
|
|
|
169 |
# 2: LogLevelFatal
|
|
|
170 |
# 3: LogLevelErr
|
|
|
171 |
# 4: LogLevelWarn
|
|
|
172 |
# 5: LogLevelNotice
|
|
|
173 |
# 6: LogLevelInfo
|
|
|
174 |
# 7: LogLevelDebug
|
|
|
175 |
# log_level = "7"
|
|
|
176 |
|
|
|
177 |
# min_free_space specifies the min free space percent in a thin pool require for
|
|
|
178 |
# new device creation to succeed. Valid values are from 0% - 99%.
|
|
|
179 |
# Value 0% disables
|
|
|
180 |
# min_free_space = "10%"
|
|
|
181 |
|
|
|
182 |
# mkfsarg specifies extra mkfs arguments to be used when creating the base
|
|
|
183 |
# device.
|
|
|
184 |
# mkfsarg = ""
|
|
|
185 |
|
|
|
186 |
# metadata_size is used to set the `pvcreate --metadatasize` options when
|
|
|
187 |
# creating thin devices. Default is 128k
|
|
|
188 |
# metadata_size = ""
|
|
|
189 |
|
|
|
190 |
# Size is used to set a maximum size of the container image.
|
|
|
191 |
# size = ""
|
|
|
192 |
|
|
|
193 |
# use_deferred_removal marks devicemapper block device for deferred removal.
|
|
|
194 |
# If the thinpool is in use when the driver attempts to remove it, the driver
|
|
|
195 |
# tells the kernel to remove it as soon as possible. Note this does not free
|
|
|
196 |
# up the disk space, use deferred deletion to fully remove the thinpool.
|
|
|
197 |
# use_deferred_removal = "True"
|
|
|
198 |
|
|
|
199 |
# use_deferred_deletion marks thinpool device for deferred deletion.
|
|
|
200 |
# If the device is busy when the driver attempts to delete it, the driver
|
|
|
201 |
# will attempt to delete device every 30 seconds until successful.
|
|
|
202 |
# If the program using the driver exits, the driver will continue attempting
|
|
|
203 |
# to cleanup the next time the driver is used. Deferred deletion permanently
|
|
|
204 |
# deletes the device and all data stored in device will be lost.
|
|
|
205 |
# use_deferred_deletion = "True"
|
|
|
206 |
|
|
|
207 |
# xfs_nospace_max_retries specifies the maximum number of retries XFS should
|
|
|
208 |
# attempt to complete IO when ENOSPC (no space) error is returned by
|
|
|
209 |
# underlying storage device.
|
|
|
210 |
# xfs_nospace_max_retries = "0"
|