From 7c8484c8b1a0fab41e5124ebf4b0d870faf2654f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Jul 25 2018 18:08:21 +0000 Subject: Update to latest storage.conf file Update to latest man pages --- diff --git a/containers-storage.conf.5.md b/containers-storage.conf.5.md index b2c71b1..7ac3f98 100644 --- a/containers-storage.conf.5.md +++ b/containers-storage.conf.5.md @@ -37,7 +37,7 @@ The `storage` table supports the following options: Default directory to store all temporary writable content created by container storage programs **driver**="" - container storage driver (default is "overlay") + container storage driver (default: "overlay") Default Copy On Write (COW) container storage driver ### STORAGE OPTIONS TABLE @@ -48,14 +48,20 @@ The `storage.options` table supports the following options: Paths to additional container image stores. Usually these are read/only and stored on remote network shares. **size**="" - Maximum size of a container image. Default is 10GB. This flag can be used to set quota - on the size of container images. + Maximum size of a container image. This flag can be used to set quota on the size of container images. (default: 10GB) **override_kernel_check**="" Tell storage drivers to ignore kernel version checks. Some storage drivers assume that if a kernel is too old, the driver is not supported. But for kernels that have had the drivers backported, this flag allows users to override the checks +**mount_program**="" + Specifies the path to a custom program to use instead for mounting the file system. + +**mountopt**="" + + Comma separated list of default options to be used to mount container images. Suggested value "nodev". + [storage.options.thinpool] Storage Options for thinpool @@ -64,37 +70,37 @@ The `storage.options.thinpool` table supports the following options: **autoextend_percent**="" -Tells the thinpool driver the amount by which the thinpool needs to be grown. This is specified in terms of % of pool size. So a value of 20 means that when threshold is hit, pool will be grown by 20% of existing pool size. (Default is 20%) +Tells the thinpool driver the amount by which the thinpool needs to be grown. This is specified in terms of % of pool size. So a value of 20 means that when threshold is hit, pool will be grown by 20% of existing pool size. (default: 20%) **autoextend_threshold**="" -Tells the driver the thinpool extension threshold in terms of percentage of pool size. For example, if threshold is 60, that means when pool is 60% full, threshold has been hit. (80% is the default) +Tells the driver the thinpool extension threshold in terms of percentage of pool size. For example, if threshold is 60, that means when pool is 60% full, threshold has been hit. (default: 80%) **basesize**="" -Specifies the size to use when creating the base device, which limits the size of images and containers. (10g is the default) +Specifies the size to use when creating the base device, which limits the size of images and containers. (default: 10g) **blocksize**="" -Specifies a custom blocksize to use for the thin pool. (64k is the default) +Specifies a custom blocksize to use for the thin pool. (default: 64k) **directlvm_device**="" -Specifies a custom block storage device to use for the thin pool. Required if you setup devicemapper +Specifies a custom block storage device to use for the thin pool. Required for using graphdriver `devicemapper`. **directlvm_device_force**="" -Tells driver to wipe device (directlvm_device) even if device already has a filesystem. Default is False +Tells driver to wipe device (directlvm_device) even if device already has a filesystem. (default: false) **fs**="xfs" -Specifies the filesystem type to use for the base device. (Default is xfs) +Specifies the filesystem type to use for the base device. (default: xfs) **log_level**="" Sets the log level of devicemapper. - 0: LogLevelSuppress 0 (Default) + 0: LogLevelSuppress 0 (default) 2: LogLevelFatal 3: LogLevelErr 4: LogLevelWarn @@ -104,27 +110,29 @@ Sets the log level of devicemapper. **min_free_space**="" -Specifies the min free space percent in a thin pool require for new device creation to succeed. Valid values are from 0% - 99%. Value 0% disables (10% is the default) +Specifies the min free space percent in a thin pool required for new device creation to succeed. Valid values are from 0% - 99%. Value 0% disables. (default: 10%) **mkfsarg**="" Specifies extra mkfs arguments to be used when creating the base device. -**mountopt**="" - -Specifies extra mount options used when mounting the thin devices. - **use_deferred_removal**="" -Marks device for deferred removal. If the device is in use when it driver attempts to remove it, driver will tell the kernel to remove it as soon as possible. (Default is true). +Marks devicemapper block device for deferred removal. If the device is in use when its driver attempts to remove it, the driver tells the kernel to remove the device as soon as possible. Note this does not free up the disk space, use deferred deletion to fully remove the thinpool. (default: true). **use_deferred_deletion**="" -Marks device for deferred deletion. If the device is in use when it driver attempts to delete it, driver continue to attempt to delete device every 30 seconds, or when it restarts. (Default is true). +Marks thinpool device for deferred deletion. If the thinpool is in use when the driver attempts to delete it, the driver will attempt to delete device every 30 seconds until successful, or when it restarts. Deferred deletion permanently deletes the device and all data stored in the device will be lost. (default: true). **xfs_nospace_max_retries**="" -Specifies the maximum number of retries XFS should attempt to complete IO when ENOSPC (no space) error is returned by underlying storage device. (Default is 0, which means to try continuously. +Specifies the maximum number of retries XFS should attempt to complete IO when ENOSPC (no space) error is returned by underlying storage device. (default: 0, which means to try continuously.) + +**ostree_repo=""** + Tell storage drivers to use the specified OSTree repository. Some storage drivers, such as overlay, might use + +**skip_mount_home=""** + Tell storage drivers to not create a PRIVATE bind mount on their home directory. # HISTORY May 2017, Originally compiled by Dan Walsh diff --git a/policy.json.5.md b/policy.json.5.md index ea07e56..6056995 100644 --- a/policy.json.5.md +++ b/policy.json.5.md @@ -3,7 +3,7 @@ % September 2016 # NAME -policy.json - Syntax for the Signature Verification Configuration File +policy.json - syntax for the signature verification policy file ## DESCRIPTION @@ -274,8 +274,8 @@ selectively allow individual transports and scopes as desired. "default": [{"type": "insecureAcceptAnything"}] } ``` -# SEE ALSO +## SEE ALSO atomic(1) -# HISTORY +## HISTORY September 2016, Originally compiled by Miloslav Trmač diff --git a/registries.conf.5.md b/registries.conf.5.md index 3aa4ad5..45fe632 100644 --- a/registries.conf.5.md +++ b/registries.conf.5.md @@ -7,35 +7,44 @@ registries.conf - Syntax of System Registry Configuration File # DESCRIPTION The REGISTRIES configuration file is a system-wide configuration file for container image -registries. The file format is TOML. +registries. The file format is TOML. The valid categories are: 'registries.search', +'registries.insecure', and 'registries.block'. # FORMAT -The TOML_format is used to build simple list format for registries under two -categories: `search` and `insecure`. You can list multiple registries using -as a comma separated list. +The TOML_format is used to build a simple list format for registries under three +categories: `registries.search`, `registries.insecure`, and `registries.block`. +You can list multiple registries using a comma separated list. Search registries are used when the caller of a container runtime does not fully specify the container image that they want to execute. These registries are prepended onto the front - of the specified container image until the named image is found at a registry. +of the specified container image until the named image is found at a registry. Insecure Registries. By default container runtimes use TLS when retrieving images from a registry. If the registry is not setup with TLS, then the container runtime will fail to pull images from the registry. If you add the registry to the list of insecure registries then the container runtime will attempt use standard web protocols to pull the image. It also allows you to pull from a registry with self-signed certificates. -Note insecure registries can be used for any registry, not just the -registries listed under search. +Note insecure registries can be used for any registry, not just the registries listed +under search. -The following example configuration defines two searchable registries and one -insecure registry. +Block Registries. The registries in this category are are not pulled from when +retrieving images. + +# EXAMPLE +The following example configuration defines two searchable registries, one +insecure registry, and two blocked registries. ``` [registries.search] -registries = ["registry1.com", "registry2.com"] +registries = ['registry1.com', 'registry2.com'] [registries.insecure] -registries = ["registry3.com"] +registries = ['registry3.com'] + +[registries.block] +registries = ['registry.untrusted.com', 'registry.unsafe.com'] ``` # HISTORY Aug 2017, Originally compiled by Brent Baude +Jun 2018, Updated by Tom Sweeney diff --git a/skopeo.spec b/skopeo.spec index b692d93..65f8ae7 100644 --- a/skopeo.spec +++ b/skopeo.spec @@ -33,7 +33,7 @@ ExcludeArch: ppc64 Name: %{repo} Version: 0.1.31 -Release: 12.dev.git%{shortcommit0}%{?dist} +Release: 13.dev.git%{shortcommit0}%{?dist} Summary: Inspect Docker images and repositories on registries License: ASL 2.0 URL: %{git0} @@ -315,6 +315,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/bash-completion/completions/%{name} %changelog +* Wed Jul 25 2018 dwalsh - 0.1.31-13.gite3034e1 +- Update to latest storage.conf file +- Update to latest man pages + * Wed Jul 25 2018 Lokesh Mandvekar (Bot) - 0.1.31-12.dev.gite3034e1 - autobuilt e3034e1 diff --git a/storage.conf b/storage.conf index b8555fd..818cfe8 100644 --- a/storage.conf +++ b/storage.conf @@ -1,5 +1,5 @@ -# storage.conf is the configuration file for all tools -# that share the containers/storage libraries +# This file is is the configuration file for all tools +# that use the containers/storage library. # See man 5 containers-storage.conf for more information # The "container storage" table contains all of the server options. [storage] @@ -25,9 +25,16 @@ additionalimagestores = [ # certain container storage drivers. size = "" +# Path to an helper program to use for mounting the file system instead of mounting it +# directly. +#mount_program = "/usr/bin/fuse-overlayfs" + # OverrideKernelCheck tells the driver to ignore kernel checks based on kernel version override_kernel_check = "true" +# mountopt specifies comma separated list of extra mount options +mountopt = "nodev" + # Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of # a container, to UIDs/GIDs as they should appear outside of the container, and # the length of the range of UIDs/GIDs. Additional mapped sets can be listed @@ -71,10 +78,10 @@ override_kernel_check = "true" # blocksize="64k" # directlvm_device specifies a custom block storage device to use for the -# thin pool. Required if you setup devicemapper +# thin pool. Required if you setup devicemapper. # directlvm_device = "" -# directlvm_device_force wipes device even if device already has a filesystem +# directlvm_device_force wipes device even if device already has a filesystem. # directlvm_device_force = "True" # fs specifies the filesystem type to use for the base device. @@ -95,20 +102,32 @@ override_kernel_check = "true" # Value 0% disables # min_free_space = "10%" -# mkfsarg specifies extra mkfs arguments to be used when creating the base +# mkfsarg specifies extra mkfs arguments to be used when creating the base. # device. # mkfsarg = "" -# mountopt specifies extra mount options used when mounting the thin devices. -# mountopt = "" - -# use_deferred_removal Marking device for deferred removal +# use_deferred_removal marks devicemapper block device for deferred removal. +# If the thinpool is in use when the driver attempts to remove it, the driver +# tells the kernel to remove it as soon as possible. Note this does not free +# up the disk space, use deferred deletion to fully remove the thinpool. # use_deferred_removal = "True" -# use_deferred_deletion Marking device for deferred deletion +# use_deferred_deletion marks thinpool device for deferred deletion. +# If the device is busy when the driver attempts to delete it, the driver +# will attempt to delete device every 30 seconds until successful. +# If the program using the driver exits, the driver will continue attempting +# to cleanup the next time the driver is used. Deferred deletion permanently +# deletes the device and all data stored in device will be lost. # use_deferred_deletion = "True" # xfs_nospace_max_retries specifies the maximum number of retries XFS should # attempt to complete IO when ENOSPC (no space) error is returned by # underlying storage device. # xfs_nospace_max_retries = "0" + +# If specified, use OSTree to deduplicate files with the overlay backend +ostree_repo = "" + +# Set to skip a PRIVATE bind mount on the storage home directory. Only supported by +# certain container storage drivers +skip_mount_home = "false"