1containers-storage.conf(5)(Container)Filecontainers-storage.conf(5)(Container)
2
3
4
5Dan Walsh May 2017
6
7

NAME

9       storage.conf - Syntax of Container Storage configuration file
10
11

DESCRIPTION

13       The STORAGE configuration file specifies all of the available container
14       storage options for tools using shared container storage, but in a TOML
15       format that can be more easily modified and versioned.
16
17

FORMAT

19       The  [TOML  format][toml]  is used as the encoding of the configuration
20       file.  Every option and subtable listed here is nested under  a  global
21       "storage"  table.   No bare options are used. The format of TOML can be
22       simplified to:
23
24
25              [table]
26              option = value
27
28              [table.subtable1]
29              option = value
30
31              [table.subtable2]
32              option = value
33
34
35

STORAGE TABLE

37       The storage table supports the following options:
38
39
40       driver=""
41         container storage driver (default: "overlay")
42         Default Copy On Write (COW) container storage driver
43         Valid drivers are "overlay", "vfs", "devmapper", "aufs", "btrfs", and
44       "zfs"
45         Some  drivers  (for example, "zfs", "btrfs", and "aufs") may not work
46       if your kernel lacks support for the filesystem
47
48
49       graphroot=""
50         container storage graph dir (default: "/var/lib/containers/storage")
51         Default directory to store all writable content created by  container
52       storage programs
53
54
55       runroot=""
56         container storage run dir (default: "/var/run/containers/storage")
57         Default  directory to store all temporary writable content created by
58       container storage programs
59
60
61   STORAGE OPTIONS TABLE
62       The storage.options table supports the following options:
63
64
65       additionalimagestores=[]
66         Paths  to  additional  container  image  stores.  Usually  these  are
67       read/only and stored on remote network shares.
68
69
70       mount_program=""
71         Specifies the path to a custom program to use instead of using kernel
72       defaults for mounting the file system.
73
74
75                mount_program = "/usr/bin/fuse-overlayfs"
76
77
78
79       mountopt=""
80
81
82       Comma separated list of default options to be used to  mount  container
83       images.  Suggested value "nodev".
84
85
86       ostree_repo = ""
87          If  specified,  use  OSTree to deduplicate files with the overlay or
88       vfs backends.
89
90
91       size=""
92         Maximum size of a container image.   This flag can  be  used  to  set
93       quota on the size of container images. (default: 10GB)
94
95
96       skip_mount_home = "false"
97          Set  to  skip  a  PRIVATE  bind mount on the storage home directory.
98       Only supported by certain container storage drivers (overlay).
99
100
101       remap-uids="" remap-gids=""
102
103
104       Remap-UIDs/GIDs is the mapping from UIDs/GIDs  as  they  should  appear
105       inside  of  a container, to the UIDs/GIDs outside of the container, and
106       the length of the range of UIDs/GIDs.  Additional mapped  sets  can  be
107       listed  and  will  be  heeded by libraries, but there are limits to the
108       number of mappings which the kernel will allow when you  later  attempt
109       to run a container.
110
111
112               Example
113               remap-uids = 0:1668442479:65536
114               remap-gids = 0:1668442479:65536
115
116               These mappings tell the container engines to map UID 0 inside of the
117               container to UID 1668442479 outside.  UID 1 will be mapped to 1668442480.
118               UID 2 will be mapped to 1668442481, etc, for the next 65533 UIDs in
119               Succession.
120
121
122
123       remap-user="" remap-group=""
124
125
126       Remap-User/Group  is  a  user  name which can be used to look up one or
127       more UID/GID ranges in the /etc/subuid or /etc/subgid  file.   Mappings
128       are  set up starting with an in-container ID of 0 and then a host-level
129       ID taken from the lowest range that matches  the  specified  name,  and
130       using  the  length of that range.  Additional ranges are then assigned,
131       using the ranges which specify the lowest host-level IDs first, to  the
132       lowest  not-yet-mapped  in-container  ID, until all of the entries have
133       been used for maps.
134
135
136                remap-user = "storage"
137                remap-group = "storage"
138
139
140
141   STORAGE OPTIONS FOR THINPOOL TABLE
142       The storage.options.thinpool table supports the following options:
143
144
145       autoextend_percent=""
146
147
148       Tells the thinpool driver the amount by which the thinpool needs to  be
149       grown.  This  is specified in terms of % of pool size. So a value of 20
150       means that when threshold is hit, pool will be grown by 20% of existing
151       pool size. (default: 20%)
152
153
154       autoextend_threshold=""
155
156
157       Tells  the driver the thinpool extension threshold in terms of percent‐
158       age of pool size. For example, if threshold is 60, that means when pool
159       is 60% full, threshold has been hit. (default: 80%)
160
161
162       basesize=""
163
164
165       Specifies  the  size to use when creating the base device, which limits
166       the size of images and containers. (default: 10g)
167
168
169       blocksize=""
170
171
172       Specifies a custom blocksize to use for the thin pool. (default: 64k)
173
174
175       directlvm_device=""
176
177
178       Specifies a custom block storage device  to  use  for  the  thin  pool.
179       Required for using graphdriver devicemapper.
180
181
182       directlvm_device_force=""
183
184
185       Tells  driver  to wipe device (directlvm_device) even if device already
186       has a filesystem.  (default: false)
187
188
189       fs="xfs"
190
191
192       Specifies the filesystem type to use for  the  base  device.  (default:
193       xfs)
194
195
196       log_level=""
197
198
199       Sets the log level of devicemapper.
200
201
202              0: LogLevelSuppress 0 (default)
203              2: LogLevelFatal
204              3: LogLevelErr
205              4: LogLevelWarn
206              5: LogLevelNotice
207              6: LogLevelInfo
208              7: LogLevelDebug
209
210
211
212       min_free_space=""
213
214
215       Specifies  the  min  free space percent in a thin pool required for new
216       device creation to succeed. Valid values are from 0% -  99%.  Value  0%
217       disables. (default: 10%)
218
219
220       mkfsarg=""
221
222
223       Specifies  extra  mkfs  arguments  to  be  used  when creating the base
224       device.
225
226
227       use_deferred_deletion=""
228
229
230       Marks thinpool device for deferred deletion. If the thinpool is in  use
231       when  the  driver  attempts  to  delete  it, the driver will attempt to
232       delete device every 30 seconds until successful, or when  it  restarts.
233       Deferred deletion permanently deletes the device and all data stored in
234       the device will be lost. (default: true).
235
236
237       use_deferred_removal=""
238
239
240       Marks devicemapper block device for deferred removal.  If the device is
241       in use when its driver attempts to remove it, the driver tells the ker‐
242       nel to remove the device as soon as possible.  Note this does not  free
243       up  the disk space, use deferred deletion to fully remove the thinpool.
244       (default: true).
245
246
247       xfs_nospace_max_retries=""
248
249
250       Specifies the maximum number of retries XFS should attempt to  complete
251       IO  when  ENOSPC  (no  space)  error  is returned by underlying storage
252       device. (default: 0, which means to try continuously.)
253
254

SELINUX LABELING

256       When running on an SELinux system, if you move the  containers  storage
257       graphroot directory, you must make sure the labeling is correct.
258
259
260       Tell  SELinux about the new containers storage by setting up an equiva‐
261       lence record.  This tells SELinux to label content under the new  path,
262       as if it was stored under /var/lib/containers/storage.
263
264
265              semanage fcontext -a -e /var/lib/containers NEWSTORAGEPATH
266              restorecon -R -v /src/containers
267
268
269
270       The  semanage command above tells SELinux to setup the default labeling
271       of NEWSTORAGEPATH to match /var/lib/containers.  The restorecon command
272       tells SELinux to apply the labels to the actual content.
273
274
275       Now  all new content created in these directories will automatically be
276       created with the correct label.
277
278

SEE ALSO

280       semanage(8), restorecon(8)
281
282

FILES

284       Distributions often provide a  /usr/share/containers/storage.conf  file
285       to  define  default  storage configuration. Administrators can override
286       this file by creating /etc/containers/storage.conf to specify their own
287       configuration.  The  storage.conf  file for rootless users is stored in
288       the $HOME/.config/containers/storage.conf file.
289
290

HISTORY

292       May  2017,  Originally  compiled   by   Dan   Walsh   dwalsh@redhat.com
293       ⟨mailto:dwalsh@redhat.com⟩  Format  copied from crio.conf man page cre‐
294       ated by Aleksa Sarai asarai@suse.de ⟨mailto:asarai@suse.de⟩
295
296
297
298Configuration                       Storagceontainers-storage.conf(5)(Container)
Impressum