containers-storage.conf(5)

1containers-storage.conf(5)(Container)Filecontainers-storage.conf(5)(Container)
2
3
4
5Dan Walsh May 2017
6
7

NAME

9       storage.conf - Syntax of Container Storage configuration file
10
11

DESCRIPTION

13       The STORAGE configuration file specifies all of the available container
14       storage options for tools using shared container storage, but in a TOML
15       format that can be more easily modified and versioned.
16
17

FORMAT

19       The  [TOML  format][toml]  is used as the encoding of the configuration
20       file.  Every option and subtable listed here is nested under  a  global
21       "storage"  table.   No bare options are used. The format of TOML can be
22       simplified to:
23
24
25              [table]
26              option = value
27
28              [table.subtable1]
29              option = value
30
31              [table.subtable2]
32              option = value
33
34
35

STORAGE TABLE

37       The storage table supports the following options:
38
39
40       driver=""
41         container storage driver (default: "overlay")
42         Default Copy On Write (COW) container storage driver.  Valid  drivers
43       are  "overlay",  "vfs",  "devmapper",  "aufs", "btrfs", and "zfs". Some
44       drivers (for example, "zfs", "btrfs", and "aufs") may not work if  your
45       kernel lacks support for the filesystem.
46
47
48       graphroot=""
49         container storage graph dir (default: "/var/lib/containers/storage")
50         Default  directory to store all writable content created by container
51       storage programs.
52
53
54       rootless_storage_path="$HOME/.local/share/containers/storage"
55         Storage path for rootless users. By default the graphroot  for  root‐
56       less    users   is   set   to   $XDG_DATA_HOME/containers/storage,   if
57       XDG_DATA_HOME is set.  Otherwise  $HOME/.local/share/containers/storage
58       is  used.   This field can be used if administrators need to change the
59       storage location for all users.
60
61
62              The rootless storage path supports three substations:
63              * `$HOME` => Replaced by the users home directory.
64              * `$UID`  => Replaced by the users UID
65              * `$USER` => Replaced by the users name
66
67
68
69       A common use case for this field is to provide a local  storage  direc‐
70       tory  when  user home directories are NFS-mounted (podman does not sup‐
71       port container storage over NFS).
72
73
74       runroot=""
75         container storage run dir (default: "/var/run/containers/storage")
76         Default directory to store all temporary writable content created  by
77       container storage programs.
78
79
80   STORAGE OPTIONS TABLE
81       The storage.options table supports the following options:
82
83
84       additionalimagestores=[]
85         Paths  to  additional  container  image  stores.  Usually  these  are
86       read/only and stored on remote network shares.
87
88
89       remap-uids="" remap-gids=""
90         Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they  should  appear
91       inside  of  a container, to the UIDs/GIDs outside of the container, and
92       the length of the range of UIDs/GIDs.  Additional mapped  sets  can  be
93       listed  and  will  be  heeded by libraries, but there are limits to the
94       number of mappings which the kernel will allow when you  later  attempt
95       to run a container.
96
97
98       Example
99            remap-uids = 0:1668442479:65536
100            remap-gids = 0:1668442479:65536
101
102
103       These  mappings  tell  the container engines to map UID 0 inside of the
104       container  to  UID  1668442479  outside.   UID  1  will  be  mapped  to
105       1668442480. UID 2 will be mapped to 1668442481, etc, for the next 65533
106       UIDs in succession.
107
108
109       remap-user="" remap-group=""
110         Remap-User/Group is a user name which can be used to look up  one  or
111       more  UID/GID  ranges in the /etc/subuid or /etc/subgid file.  Mappings
112       are set up starting with an in-container ID of 0 and then a  host-level
113       ID  taken  from  the  lowest range that matches the specified name, and
114       using the length of that range. Additional ranges  are  then  assigned,
115       using  the ranges which specify the lowest host-level IDs first, to the
116       lowest not-yet-mapped in-container ID, until all of  the  entries  have
117       been used for maps.
118
119
120       Example
121            remap-user = "containers"
122            remap-group = "containers"
123
124
125       root-auto-userns-user=""
126         Root-auto-userns-user is a user name which can be used to look up one
127       or more UID/GID ranges in the /etc/subuid and /etc/subgid file.   These
128       ranges  will  be partioned to containers configured to create automati‐
129       cally a user namespace.  Containers configured to automatically  create
130       a  user  namespace can still overlap with containers having an explicit
131       mapping set.  This setting is ignored when running as rootless.
132
133
134       auto-userns-min-size=1024
135         Auto-userns-min-size is the minimum size for a user namespace created
136       automatically.
137
138
139       auto-userns-max-size=65536
140         Auto-userns-max-size is the maximum size for a user namespace created
141       automatically.
142
143
144   STORAGE OPTIONS FOR AUFS TABLE
145       The storage.options.aufs table supports the following options:
146
147
148       mountopt=""
149         Comma separated list of default options to be used to mount container
150       images.   Suggested  value "nodev". Mount options are documented in the
151       mount(8) man page.
152
153
154   STORAGE OPTIONS FOR BTRFS TABLE
155       The storage.options.btrfs table supports the following options:
156
157
158       min_space=""
159         Specifies the min space in a btrfs volume.
160
161
162       size=""
163         Maximum size of a container image.   This flag can  be  used  to  set
164       quota  on  the  size  of  container images. (format: [], where unit = b
165       (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
166
167
168   STORAGE OPTIONS FOR THINPOOL (devicemapper) TABLE
169       The storage.options.thinpool table supports the following  options  for
170       the devicemapper driver:
171
172
173       autoextend_percent=""
174         Tells  the  thinpool driver the amount by which the thinpool needs to
175       be grown. This is specified in terms of % of pool size. So a  value  of
176       20  means  that  when  threshold  is  hit, pool will be grown by 20% of
177       existing pool size. (default: 20%)
178
179
180       autoextend_threshold=""
181         Tells the driver the thinpool extension threshold in  terms  of  per‐
182       centage  of pool size. For example, if threshold is 60, that means when
183       pool is 60% full, threshold has been hit. (default: 80%)
184
185
186       basesize=""
187         Specifies the size to use when creating the base device, which limits
188       the size of images and containers. (default: 10g)
189
190
191       blocksize=""
192         Specifies a custom blocksize to use for the thin pool. (default: 64k)
193
194
195       directlvm_device=""
196         Specifies  a  custom  block  storage device to use for the thin pool.
197       Required for using graphdriver devicemapper.
198
199
200       directlvm_device_force=""
201         Tells driver to wipe device (directlvm_device) even if device already
202       has a filesystem.  (default: false)
203
204
205       fs="xfs"
206         Specifies  the  filesystem type to use for the base device. (default:
207       xfs)
208
209
210       log_level=""
211         Sets the log level of devicemapper.
212
213
214              0: LogLevelSuppress 0 (default)
215              2: LogLevelFatal
216              3: LogLevelErr
217              4: LogLevelWarn
218              5: LogLevelNotice
219              6: LogLevelInfo
220              7: LogLevelDebug
221
222
223
224       min_free_space=""
225         Specifies the min free space percent in a thin pool required for  new
226       device  creation  to  succeed. Valid values are from 0% - 99%. Value 0%
227       disables. (default: 10%)
228
229
230       mkfsarg=""
231         Specifies extra mkfs arguments to be  used  when  creating  the  base
232       device.
233
234
235       mountopt=""
236         Comma separated list of default options to be used to mount container
237       images.  Suggested value "nodev". Mount options are documented  in  the
238       mount(8) man page.
239
240
241       size=""
242         Maximum  size  of  a  container image.   This flag can be used to set
243       quota on the size of container images. (format:  [],  where  unit  =  b
244       (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
245
246
247       use_deferred_deletion=""
248         Marks  thinpool  device  for deferred deletion. If the thinpool is in
249       use when the driver attempts to delete it, the driver will  attempt  to
250       delete  device  every 30 seconds until successful, or when it restarts.
251       Deferred deletion permanently deletes the device and all data stored in
252       the device will be lost. (default: true).
253
254
255       use_deferred_removal=""
256         Marks  devicemapper block device for deferred removal.  If the device
257       is in use when its driver attempts to remove it, the driver  tells  the
258       kernel  to  remove  the device as soon as possible.  Note this does not
259       free up the disk space, use deferred deletion to fully remove the thin‐
260       pool.  (default: true).
261
262
263       xfs_nospace_max_retries=""
264         Specifies  the  maximum  number of retries XFS should attempt to com‐
265       plete IO when ENOSPC (no space) error is returned by underlying storage
266       device. (default: 0, which means to try continuously.)
267
268
269   STORAGE OPTIONS FOR OVERLAY TABLE
270       The storage.options.overlay table supports the following options:
271
272
273       ignore_chown_errors = "false"
274         ignore_chown_errors can be set to allow a non privileged user running
275       with a  single UID within a user namespace to run containers. The  user
276       can  pull and use any image even those with multiple uids.  Note multi‐
277       ple UIDs will be squashed down to the default  uid  in  the  container.
278       These  images  will  have  no  separation between the users in the con‐
279       tainer. (default: false)
280
281
282       mount_program=""
283         Specifies the path to a custom program to use instead of using kernel
284       defaults  for  mounting  the file system. In rootless mode, without the
285       CAP_SYS_ADMIN capability, many kernels prevent mounting of overlay file
286       systems,  requiring  you  to specify a mount_program. The mount_program
287       option is also required on systems  where  the  underlying  storage  is
288       btrfs, aufs, zfs, overlay, or ecryptfs based file systems.
289         mount_program = "/usr/bin/fuse-overlayfs"
290
291
292       mountopt=""
293         Comma separated list of default options to be used to mount container
294       images.  Suggested value "nodev". Mount options are documented  in  the
295       mount(8) man page.
296
297
298       size=""
299         Maximum  size  of  a  container image.   This flag can be used to set
300       quota on the size of container images. (format:  [],  where  unit  =  b
301       (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
302
303
304   STORAGE OPTIONS FOR VFS TABLE
305       The storage.options.vfs table supports the following options:
306
307
308       ignore_chown_errors = "false"
309         ignore_chown_errors can be set to allow a non privileged user running
310       with a  single UID within a user namespace to run containers. The  user
311       can  pull and use any image even those with multiple uids.  Note multi‐
312       ple UIDs will be squashed down to the default  uid  in  the  container.
313       These  images  will  have  no  separation between the users in the con‐
314       tainer. (default: false)
315
316
317   STORAGE OPTIONS FOR ZFS TABLE
318       The storage.options.zfs table supports the following options:
319
320
321       fsname=""
322         File System name for the zfs driver
323
324
325       mountopt=""
326         Comma separated list of default options to be used to mount container
327       images.   Suggested  value "nodev". Mount options are documented in the
328       mount(8) man page.
329
330
331       size=""
332         Maximum size of a container image.   This flag can  be  used  to  set
333       quota  on  the  size  of  container images. (format: [], where unit = b
334       (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
335
336

SELINUX LABELING

338       When running on an SELinux system, if you move the  containers  storage
339       graphroot directory, you must make sure the labeling is correct.
340
341
342       Tell  SELinux about the new containers storage by setting up an equiva‐
343       lence record. This tells SELinux to label content under the  new  path,
344       as if it was stored under /var/lib/containers/storage.
345
346
347              semanage fcontext -a -e /var/lib/containers NEWSTORAGEPATH
348              restorecon -R -v NEWSTORAGEPATH
349
350
351
352       The  semanage command above tells SELinux to setup the default labeling
353       of NEWSTORAGEPATH to match /var/lib/containers.  The restorecon command
354       tells SELinux to apply the labels to the actual content.
355
356
357       Now  all new content created in these directories will automatically be
358       created with the correct label.
359
360

FILES

366       Distributions often provide a  /usr/share/containers/storage.conf  file
367       to  define  default  storage configuration. Administrators can override
368       this file by creating /etc/containers/storage.conf to specify their own
369       configuration.  The  storage.conf  file for rootless users is stored in
370       the $XDG_CONFIG_HOME/containers/storage.conf file.  If $XDG_CONFIG_HOME
371       is not set then the file $HOME/.config/containers/storage.conf is used.
372
373

HISTORY

375       May   2017,   Originally   compiled   by  Dan  Walsh  dwalsh@redhat.com
376       ⟨mailto:dwalsh@redhat.com⟩ Format copied from crio.conf man  page  cre‐
377       ated by Aleksa Sarai asarai@suse.de ⟨mailto:asarai@suse.de⟩
378
379
380
381Configuration                       Storagceontainers-storage.conf(5)(Container)