containers-storage.conf(5)

1containers-storage.conf(5)(Container)Filecontainers-storage.conf(5)(Container)
2
3
4
5Dan Walsh May 2017
6
7

NAME

9       storage.conf - Syntax of Container Storage configuration file
10
11

DESCRIPTION

13       The STORAGE configuration file specifies all of the available container
14       storage options for tools using shared container storage, but in a TOML
15       format that can be more easily modified and versioned.
16
17

FORMAT

19       The  [TOML  format][toml]  is used as the encoding of the configuration
20       file.  Every option and subtable listed here is nested under  a  global
21       "storage"  table.   No bare options are used. The format of TOML can be
22       simplified to:
23
24
25              [table]
26              option = value
27
28              [table.subtable1]
29              option = value
30
31              [table.subtable2]
32              option = value
33
34
35

STORAGE TABLE

37       The storage table supports the following options:
38
39
40       driver=""
41         container storage driver (default: "overlay")
42         Default Copy On Write (COW) container storage driver.  Valid  drivers
43       are  "overlay",  "vfs",  "devmapper",  "aufs", "btrfs", and "zfs". Some
44       drivers (for example, "zfs", "btrfs", and "aufs") may not work if  your
45       kernel lacks support for the filesystem.
46
47
48       graphroot=""
49         container storage graph dir (default: "/var/lib/containers/storage")
50         Default  directory to store all writable content created by container
51       storage programs.
52         The rootless graphroot path supports environment  variable  substitu‐
53       tions (ie. $HOME/containers/storage)
54
55
56       rootless_storage_path="$HOME/.local/share/containers/storage"
57         Storage  path  for rootless users. By default the graphroot for root‐
58       less users
59         is set to $XDG_DATA_HOME/containers/storage, if XDG_DATA_HOME is set.
60         Otherwise $HOME/.local/share/containers/storage is used.  This  field
61       can
62         be used if administrators need to change the storage location for all
63       users.
64         The rootless storage path supports environment variable substitutions
65       (ie. $HOME/containers/storage)
66
67
68       A  common  use case for this field is to provide a local storage direc‐
69       tory when user home directories are NFS-mounted (podman does  not  sup‐
70       port container storage over NFS).
71
72
73       runroot=""
74         container storage run dir (default: "/var/run/containers/storage")
75         Default  directory to store all temporary writable content created by
76       container storage programs.
77         The rootless runroot path supports environment variable substitutions
78       (ie. $HOME/containers/storage)
79
80
81   STORAGE OPTIONS TABLE
82       The storage.options table supports the following options:
83
84
85       additionalimagestores=[]
86         Paths  to  additional  container  image  stores.  Usually  these  are
87       read/only and stored on remote network shares.
88
89
90       remap-uids="" remap-gids=""
91         Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they  should  appear
92       inside  of  a container, to the UIDs/GIDs outside of the container, and
93       the length of the range of UIDs/GIDs.  Additional mapped  sets  can  be
94       listed  and  will  be  heeded by libraries, but there are limits to the
95       number of mappings which the kernel will allow when you  later  attempt
96       to run a container.
97
98
99       Example
100            remap-uids = 0:1668442479:65536
101            remap-gids = 0:1668442479:65536
102
103
104       These  mappings  tell  the container engines to map UID 0 inside of the
105       container  to  UID  1668442479  outside.   UID  1  will  be  mapped  to
106       1668442480. UID 2 will be mapped to 1668442481, etc, for the next 65533
107       UIDs in succession.
108
109
110       remap-user="" remap-group=""
111         Remap-User/Group is a user name which can be used to look up  one  or
112       more  UID/GID  ranges in the /etc/subuid or /etc/subgid file.  Mappings
113       are set up starting with an in-container ID of 0 and then a  host-level
114       ID  taken  from  the  lowest range that matches the specified name, and
115       using the length of that range. Additional ranges  are  then  assigned,
116       using  the ranges which specify the lowest host-level IDs first, to the
117       lowest not-yet-mapped in-container ID, until all of  the  entries  have
118       been used for maps.
119
120
121       Example
122            remap-user = "containers"
123            remap-group = "containers"
124
125
126       root-auto-userns-user=""
127         Root-auto-userns-user is a user name which can be used to look up one
128       or more UID/GID ranges in the /etc/subuid and /etc/subgid file.   These
129       ranges will be partitioned to containers configured to create automati‐
130       cally a user namespace.  Containers configured to automatically  create
131       a  user  namespace can still overlap with containers having an explicit
132       mapping set.  This setting is ignored when running as rootless.
133
134
135       auto-userns-min-size=1024
136         Auto-userns-min-size is the minimum size for a user namespace created
137       automatically.
138
139
140       auto-userns-max-size=65536
141         Auto-userns-max-size is the maximum size for a user namespace created
142       automatically.
143
144
145   STORAGE OPTIONS FOR AUFS TABLE
146       The storage.options.aufs table supports the following options:
147
148
149       mountopt=""
150         Comma separated list of default options to be used to mount container
151       images.   Suggested  value "nodev". Mount options are documented in the
152       mount(8) man page.
153
154
155   STORAGE OPTIONS FOR BTRFS TABLE
156       The storage.options.btrfs table supports the following options:
157
158
159       min_space=""
160         Specifies the min space in a btrfs volume.
161
162
163       size=""
164         Maximum size of a container image.   This flag can  be  used  to  set
165       quota  on  the  size  of  container images. (format: [], where unit = b
166       (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
167
168
169   STORAGE OPTIONS FOR THINPOOL (devicemapper) TABLE
170       The storage.options.thinpool table supports the following  options  for
171       the devicemapper driver:
172
173
174       autoextend_percent=""
175         Tells  the  thinpool driver the amount by which the thinpool needs to
176       be grown. This is specified in terms of % of pool size. So a  value  of
177       20  means  that  when  threshold  is  hit, pool will be grown by 20% of
178       existing pool size. (default: 20%)
179
180
181       autoextend_threshold=""
182         Tells the driver the thinpool extension threshold in  terms  of  per‐
183       centage  of pool size. For example, if threshold is 60, that means when
184       pool is 60% full, threshold has been hit. (default: 80%)
185
186
187       basesize=""
188         Specifies the size to use when creating the base device, which limits
189       the size of images and containers. (default: 10g)
190
191
192       blocksize=""
193         Specifies a custom blocksize to use for the thin pool. (default: 64k)
194
195
196       directlvm_device=""
197         Specifies  a  custom  block  storage device to use for the thin pool.
198       Required for using graphdriver devicemapper.
199
200
201       directlvm_device_force=""
202         Tells driver to wipe device (directlvm_device) even if device already
203       has a filesystem.  (default: false)
204
205
206       fs="xfs"
207         Specifies  the  filesystem type to use for the base device. (default:
208       xfs)
209
210
211       log_level=""
212         Sets the log level of devicemapper.
213
214
215              0: LogLevelSuppress 0 (default)
216              2: LogLevelFatal
217              3: LogLevelErr
218              4: LogLevelWarn
219              5: LogLevelNotice
220              6: LogLevelInfo
221              7: LogLevelDebug
222
223
224
225       metadata_size=""
226         metadata_size is used to set the pvcreate --metadatasize options when
227       creating thin devices. (Default 128k)
228
229
230       min_free_space=""
231         Specifies  the min free space percent in a thin pool required for new
232       device creation to succeed. Valid values are from 0% -  99%.  Value  0%
233       disables. (default: 10%)
234
235
236       mkfsarg=""
237         Specifies  extra  mkfs  arguments  to  be used when creating the base
238       device.
239
240
241       mountopt=""
242         Comma separated list of default options to be used to mount container
243       images.   Suggested  value "nodev". Mount options are documented in the
244       mount(8) man page.
245
246
247       size=""
248         Maximum size of a container image.   This flag can  be  used  to  set
249       quota  on  the  size  of  container images. (format: [], where unit = b
250       (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
251
252
253       use_deferred_deletion=""
254         Marks thinpool device for deferred deletion. If the  thinpool  is  in
255       use  when  the driver attempts to delete it, the driver will attempt to
256       delete device every 30 seconds until successful, or when  it  restarts.
257       Deferred deletion permanently deletes the device and all data stored in
258       the device will be lost. (default: true).
259
260
261       use_deferred_removal=""
262         Marks devicemapper block device for deferred removal.  If the  device
263       is  in  use when its driver attempts to remove it, the driver tells the
264       kernel to remove the device as soon as possible.  Note  this  does  not
265       free up the disk space, use deferred deletion to fully remove the thin‐
266       pool.  (default: true).
267
268
269       xfs_nospace_max_retries=""
270         Specifies the maximum number of retries XFS should  attempt  to  com‐
271       plete IO when ENOSPC (no space) error is returned by underlying storage
272       device. (default: 0, which means to try continuously.)
273
274
275   STORAGE OPTIONS FOR OVERLAY TABLE
276       The storage.options.overlay table supports the following options:
277
278
279       ignore_chown_errors = "false"
280         ignore_chown_errors can be set to allow a non privileged user running
281       with  a  single UID within a user namespace to run containers. The user
282       can pull and use any image even those with multiple uids.  Note  multi‐
283       ple  UIDs  will  be  squashed down to the default uid in the container.
284       These images will have no separation between  the  users  in  the  con‐
285       tainer. (default: false)
286
287
288       mount_program=""
289         Specifies the path to a custom program to use instead of using kernel
290       defaults for mounting the file system. In rootless  mode,  without  the
291       CAP_SYS_ADMIN capability, many kernels prevent mounting of overlay file
292       systems, requiring you to specify a  mount_program.  The  mount_program
293       option  is  also  required  on  systems where the underlying storage is
294       btrfs, aufs, zfs, overlay, or ecryptfs based file systems.
295         mount_program = "/usr/bin/fuse-overlayfs"
296
297
298       mountopt=""
299         Comma separated list of default options to be used to mount container
300       images.   Suggested  value "nodev". Mount options are documented in the
301       mount(8) man page.
302
303
304       size=""
305         Maximum size of a container image.   This flag can  be  used  to  set
306       quota  on  the  size  of  container images. (format: [], where unit = b
307       (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
308
309
310   STORAGE OPTIONS FOR VFS TABLE
311       The storage.options.vfs table supports the following options:
312
313
314       ignore_chown_errors = "false"
315         ignore_chown_errors can be set to allow a non privileged user running
316       with  a  single UID within a user namespace to run containers. The user
317       can pull and use any image even those with multiple uids.  Note  multi‐
318       ple  UIDs  will  be  squashed down to the default uid in the container.
319       These images will have no separation between  the  users  in  the  con‐
320       tainer. (default: false)
321
322
323   STORAGE OPTIONS FOR ZFS TABLE
324       The storage.options.zfs table supports the following options:
325
326
327       fsname=""
328         File System name for the zfs driver
329
330
331       mountopt=""
332         Comma separated list of default options to be used to mount container
333       images.  Suggested value "nodev". Mount options are documented  in  the
334       mount(8) man page.
335
336
337       skip_mount_home=""
338         Tell storage drivers to not create a PRIVATE bind mount on their home
339       directory.
340
341
342       size=""
343         Maximum size of a container image.   This flag can  be  used  to  set
344       quota  on  the  size  of  container images. (format: [], where unit = b
345       (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
346
347

SELINUX LABELING

349       When running on an SELinux system, if you move the  containers  storage
350       graphroot directory, you must make sure the labeling is correct.
351
352
353       Tell  SELinux about the new containers storage by setting up an equiva‐
354       lence record. This tells SELinux to label content under the  new  path,
355       as if it was stored under /var/lib/containers/storage.
356
357
358              semanage fcontext -a -e /var/lib/containers NEWSTORAGEPATH
359              restorecon -R -v NEWSTORAGEPATH
360
361
362
363       The  semanage command above tells SELinux to setup the default labeling
364       of NEWSTORAGEPATH to match /var/lib/containers.  The restorecon command
365       tells SELinux to apply the labels to the actual content.
366
367
368       Now  all new content created in these directories will automatically be
369       created with the correct label.
370
371

FILES

377       Distributions often provide a  /usr/share/containers/storage.conf  file
378       to  define  default  storage configuration. Administrators can override
379       this file by creating /etc/containers/storage.conf to specify their own
380       configuration.  The  storage.conf  file for rootless users is stored in
381       the $XDG_CONFIG_HOME/containers/storage.conf file.  If $XDG_CONFIG_HOME
382       is not set then the file $HOME/.config/containers/storage.conf is used.
383
384

HISTORY

386       May   2017,   Originally   compiled   by  Dan  Walsh  dwalsh@redhat.com
387       ⟨mailto:dwalsh@redhat.com⟩ Format copied from crio.conf man  page  cre‐
388       ated by Aleksa Sarai asarai@suse.de ⟨mailto:asarai@suse.de⟩
389
390
391
392Configuration                       Storagceontainers-storage.conf(5)(Container)