1containers-storage.conf(5)(Container)Filecontainers-storage.conf(5)(Container)
2
3
4
5Dan Walsh May 2017
6
7
9 storage.conf - Syntax of Container Storage configuration file
10
11
13 The STORAGE configuration file specifies all of the available container
14 storage options for tools using shared container storage, but in a TOML
15 format that can be more easily modified and versioned.
16
17
19 The [TOML format][toml] is used as the encoding of the configuration
20 file. Every option and subtable listed here is nested under a global
21 "storage" table. No bare options are used. The format of TOML can be
22 simplified to:
23
24
25 [table]
26 option = value
27
28 [table.subtable1]
29 option = value
30
31 [table.subtable2]
32 option = value
33
34
35
37 The storage table supports the following options:
38
39
40 driver=""
41 container storage driver (default: "overlay")
42 Default Copy On Write (COW) container storage driver
43 Valid drivers are "overlay", "vfs", "devmapper", "aufs", "btrfs", and
44 "zfs"
45 Some drivers (for example, "zfs", "btrfs", and "aufs") may not work
46 if your kernel lacks support for the filesystem
47
48
49 graphroot=""
50 container storage graph dir (default: "/var/lib/containers/storage")
51 Default directory to store all writable content created by container
52 storage programs
53
54
55 runroot=""
56 container storage run dir (default: "/var/run/containers/storage")
57 Default directory to store all temporary writable content created by
58 container storage programs
59
60
61 STORAGE OPTIONS TABLE
62 The storage.options table supports the following options:
63
64
65 additionalimagestores=[]
66 Paths to additional container image stores. Usually these are
67 read/only and stored on remote network shares.
68
69
70 mount_program=""
71 Specifies the path to a custom program to use instead of using kernel
72 defaults for mounting the file system.
73
74
75 mount_program = "/usr/bin/fuse-overlayfs"
76
77
78
79 mountopt=""
80
81
82 Comma separated list of default options to be used to mount container
83 images. Suggested value "nodev".
84
85
86 ostree_repo = ""
87 If specified, use OSTree to deduplicate files with the overlay or
88 vfs backends.
89
90
91 size=""
92 Maximum size of a container image. This flag can be used to set
93 quota on the size of container images. (default: 10GB)
94
95
96 skip_mount_home = "false"
97 Set to skip a PRIVATE bind mount on the storage home directory.
98 Only supported by certain container storage drivers (overlay).
99
100
101 remap-uids="" remap-gids=""
102
103
104 Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear
105 inside of a container, to the UIDs/GIDs outside of the container, and
106 the length of the range of UIDs/GIDs. Additional mapped sets can be
107 listed and will be heeded by libraries, but there are limits to the
108 number of mappings which the kernel will allow when you later attempt
109 to run a container.
110
111
112 Example
113 remap-uids = 0:1668442479:65536
114 remap-gids = 0:1668442479:65536
115
116 These mappings tell the container engines to map UID 0 inside of the
117 container to UID 1668442479 outside. UID 1 will be mapped to 1668442480.
118 UID 2 will be mapped to 1668442481, etc, for the next 65533 UIDs in
119 Succession.
120
121
122
123 remap-user="" remap-group=""
124
125
126 Remap-User/Group is a user name which can be used to look up one or
127 more UID/GID ranges in the /etc/subuid or /etc/subgid file. Mappings
128 are set up starting with an in-container ID of 0 and then a host-level
129 ID taken from the lowest range that matches the specified name, and
130 using the length of that range. Additional ranges are then assigned,
131 using the ranges which specify the lowest host-level IDs first, to the
132 lowest not-yet-mapped in-container ID, until all of the entries have
133 been used for maps.
134
135
136 remap-user = "storage"
137 remap-group = "storage"
138
139
140
141 STORAGE OPTIONS FOR THINPOOL TABLE
142 The storage.options.thinpool table supports the following options:
143
144
145 autoextend_percent=""
146
147
148 Tells the thinpool driver the amount by which the thinpool needs to be
149 grown. This is specified in terms of % of pool size. So a value of 20
150 means that when threshold is hit, pool will be grown by 20% of existing
151 pool size. (default: 20%)
152
153
154 autoextend_threshold=""
155
156
157 Tells the driver the thinpool extension threshold in terms of percent‐
158 age of pool size. For example, if threshold is 60, that means when pool
159 is 60% full, threshold has been hit. (default: 80%)
160
161
162 basesize=""
163
164
165 Specifies the size to use when creating the base device, which limits
166 the size of images and containers. (default: 10g)
167
168
169 blocksize=""
170
171
172 Specifies a custom blocksize to use for the thin pool. (default: 64k)
173
174
175 directlvm_device=""
176
177
178 Specifies a custom block storage device to use for the thin pool.
179 Required for using graphdriver devicemapper.
180
181
182 directlvm_device_force=""
183
184
185 Tells driver to wipe device (directlvm_device) even if device already
186 has a filesystem. (default: false)
187
188
189 fs="xfs"
190
191
192 Specifies the filesystem type to use for the base device. (default:
193 xfs)
194
195
196 log_level=""
197
198
199 Sets the log level of devicemapper.
200
201
202 0: LogLevelSuppress 0 (default)
203 2: LogLevelFatal
204 3: LogLevelErr
205 4: LogLevelWarn
206 5: LogLevelNotice
207 6: LogLevelInfo
208 7: LogLevelDebug
209
210
211
212 min_free_space=""
213
214
215 Specifies the min free space percent in a thin pool required for new
216 device creation to succeed. Valid values are from 0% - 99%. Value 0%
217 disables. (default: 10%)
218
219
220 mkfsarg=""
221
222
223 Specifies extra mkfs arguments to be used when creating the base
224 device.
225
226
227 use_deferred_deletion=""
228
229
230 Marks thinpool device for deferred deletion. If the thinpool is in use
231 when the driver attempts to delete it, the driver will attempt to
232 delete device every 30 seconds until successful, or when it restarts.
233 Deferred deletion permanently deletes the device and all data stored in
234 the device will be lost. (default: true).
235
236
237 use_deferred_removal=""
238
239
240 Marks devicemapper block device for deferred removal. If the device is
241 in use when its driver attempts to remove it, the driver tells the ker‐
242 nel to remove the device as soon as possible. Note this does not free
243 up the disk space, use deferred deletion to fully remove the thinpool.
244 (default: true).
245
246
247 xfs_nospace_max_retries=""
248
249
250 Specifies the maximum number of retries XFS should attempt to complete
251 IO when ENOSPC (no space) error is returned by underlying storage
252 device. (default: 0, which means to try continuously.)
253
254
256 When running on an SELinux system, if you move the containers storage
257 graphroot directory, you must make sure the labeling is correct.
258
259
260 Tell SELinux about the new containers storage by setting up an equiva‐
261 lence record. This tells SELinux to label content under the new path,
262 as if it was stored under /var/lib/containers/storage.
263
264
265 semanage fcontext -a -e /var/lib/containers NEWSTORAGEPATH
266 restorecon -R -v /src/containers
267
268
269
270 The semanage command above tells SELinux to setup the default labeling
271 of NEWSTORAGEPATH to match /var/lib/containers. The restorecon command
272 tells SELinux to apply the labels to the actual content.
273
274
275 Now all new content created in these directories will automatically be
276 created with the correct label.
277
278
280 semanage(8), restorecon(8)
281
282
284 Distributions often provide a /usr/share/containers/storage.conf file
285 to define default storage configuration. Administrators can override
286 this file by creating /etc/containers/storage.conf to specify their own
287 configuration. The storage.conf file for rootless users is stored in
288 the $HOME/.config/containers/storage.conf file.
289
290
292 May 2017, Originally compiled by Dan Walsh dwalsh@redhat.com
293 ⟨mailto:dwalsh@redhat.com⟩ Format copied from crio.conf man page cre‐
294 ated by Aleksa Sarai asarai@suse.de ⟨mailto:asarai@suse.de⟩
295
296
297
298Configuration Storagceontainers-storage.conf(5)(Container)