opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-01 17:17:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variables

Browse Source 
Also Switch to using CONTAINERS_REGISTRIES_CONF for registries.conf
overrides.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2021-03-08 16:04:20 -05:00
parent 5331096b38
commit c9ef260710
9 changed files with 29 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/source/markdown/podman.1.md
View File

@ -279,6 +279,8 @@ Distributions ship the `/usr/share/containers/containers.conf` file with their d
Podman uses builtin defaults if no containers.conf file is found. Podman uses builtin defaults if no containers.conf file is found.
If the **CONTAINERS_CONF** environment variable is set, then its value is used for the containers.conf file rather than the default.
**mounts.conf** (`/usr/share/containers/mounts.conf`) **mounts.conf** (`/usr/share/containers/mounts.conf`)
The mounts.conf file specifies volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. Administrators can override the defaults file by creating `/etc/containers/mounts.conf`. The mounts.conf file specifies volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. Administrators can override the defaults file by creating `/etc/containers/mounts.conf`.
@ -295,6 +297,8 @@ When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.con
Non root users of Podman can create the `$HOME/.config/containers/registries.conf` file to be used instead of the system defaults. Non root users of Podman can create the `$HOME/.config/containers/registries.conf` file to be used instead of the system defaults.
If the **CONTAINERS_REGISTRIES_CONF** environment variable is set, then its value is used for the registries.conf file rather than the default.
**storage.conf** (`/etc/containers/storage.conf`, `$HOME/.config/containers/storage.conf`) **storage.conf** (`/etc/containers/storage.conf`, `$HOME/.config/containers/storage.conf`)
storage.conf is the storage configuration file for all tools using containers/storage storage.conf is the storage configuration file for all tools using containers/storage
@ -303,8 +307,10 @@ When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.con
When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is used instead of the system defaults. When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is used instead of the system defaults.
If the **CONTAINERS_STORAGE_CONF** environment variable is set, the its value is used for the storage.conf file rather than the default.
## Rootless mode ## Rootless mode
Podman can also be used as non-root user. When podman runs in rootless mode, a user namespace is automatically created for the user, defined in /etc/subuid and /etc/subgid. Podman can also be used as non-root user. When podman runs in rootless mode, a user namespace is automatically created for the user, defined in /etc/subuid and /etc/subgid.
Containers created by a non-root user are not visible to other users and are not seen or managed by Podman running as root. Containers created by a non-root user are not visible to other users and are not seen or managed by Podman running as root.

4
hack/podman-socat
View File

@ -54,8 +54,8 @@ trap "cleanup $TMPDIR" EXIT
# Need locations to store stuff # Need locations to store stuff
mkdir -p "${TMPDIR}"/{podman,crio,crio-run,cni/net.d,ctnr,tunnel} mkdir -p "${TMPDIR}"/{podman,crio,crio-run,cni/net.d,ctnr,tunnel}
export REGISTRIES_CONFIG_PATH=${TMPDIR}/registry.conf export CONTAINERS_REGISTRIES_CONF=${TMPDIR}/registry.conf
cat >"$REGISTRIES_CONFIG_PATH" <<-EOT cat >"$CONTAINERS_REGISTRIES_CONF" <<-EOT
[registries.search] [registries.search]
registries = ['docker.io'] registries = ['docker.io']
[registries.insecure] [registries.insecure]

4
libpod/runtime_img_test.go
View File

@ -37,7 +37,7 @@ func TestGetRegistries(t *testing.T) {
registryPath, err := createTmpFile([]byte(registry)) registryPath, err := createTmpFile([]byte(registry))
assert.NoError(t, err) assert.NoError(t, err)
defer os.Remove(registryPath) defer os.Remove(registryPath)
os.Setenv("REGISTRIES_CONFIG_PATH", registryPath) os.Setenv("CONTAINERS_REGISTRIES_CONF", registryPath)
registries, err := sysreg.GetRegistries() registries, err := sysreg.GetRegistries()
assert.NoError(t, err) assert.NoError(t, err)
assert.True(t, reflect.DeepEqual(registries, []string{"one"})) assert.True(t, reflect.DeepEqual(registries, []string{"one"}))
@ -46,7 +46,7 @@ func TestGetRegistries(t *testing.T) {
func TestGetInsecureRegistries(t *testing.T) { func TestGetInsecureRegistries(t *testing.T) {
registryPath, err := createTmpFile([]byte(registry)) registryPath, err := createTmpFile([]byte(registry))
assert.NoError(t, err) assert.NoError(t, err)
os.Setenv("REGISTRIES_CONFIG_PATH", registryPath) os.Setenv("CONTAINERS_REGISTRIES_CONF", registryPath)
defer os.Remove(registryPath) defer os.Remove(registryPath)
registries, err := sysreg.GetInsecureRegistries() registries, err := sysreg.GetInsecureRegistries()
assert.NoError(t, err) assert.NoError(t, err)

5
pkg/registries/registries.go
View File

@ -24,7 +24,10 @@ var userRegistriesFile = filepath.Join(os.Getenv("HOME"), ".config/containers/re
// FIXME: This should be centralized in a global SystemContext initializer inherited throughout the code, // FIXME: This should be centralized in a global SystemContext initializer inherited throughout the code,
// not haphazardly called throughout the way it is being called now. // not haphazardly called throughout the way it is being called now.
func SystemRegistriesConfPath() string { func SystemRegistriesConfPath() string {
if envOverride := os.Getenv("REGISTRIES_CONFIG_PATH"); len(envOverride) > 0 { if envOverride, ok := os.LookupEnv("CONTAINERS_REGISTRIES_CONF"); ok {
return envOverride
}
if envOverride, ok := os.LookupEnv("REGISTRIES_CONFIG_PATH"); ok {
return envOverride return envOverride
} }

4
test/apiv2/rest_api/__init__.py
View File

@ -27,7 +27,7 @@ class Podman(object):
self.cmd.append("--root=" + os.path.join(self.anchor_directory, "crio")) self.cmd.append("--root=" + os.path.join(self.anchor_directory, "crio"))
self.cmd.append("--runroot=" + os.path.join(self.anchor_directory, "crio-run")) self.cmd.append("--runroot=" + os.path.join(self.anchor_directory, "crio-run"))
os.environ["REGISTRIES_CONFIG_PATH"] = os.path.join(self.anchor_directory, "registry.conf") os.environ["CONTAINERS_REGISTRIES_CONF"] = os.path.join(self.anchor_directory, "registry.conf")
p = configparser.ConfigParser() p = configparser.ConfigParser()
p.read_dict( p.read_dict(
{ {
@ -36,7 +36,7 @@ class Podman(object):
"registries.block": {"registries": "[]"}, "registries.block": {"registries": "[]"},
} }
) )
with open(os.environ["REGISTRIES_CONFIG_PATH"], "w") as w: with open(os.environ["CONTAINERS_REGISTRIES_CONF"], "w") as w:
p.write(w) p.write(w)
os.environ["CNI_CONFIG_PATH"] = os.path.join(self.anchor_directory, "cni", "net.d") os.environ["CNI_CONFIG_PATH"] = os.path.join(self.anchor_directory, "cni", "net.d")

6
test/e2e/libpod_suite_remote_test.go
View File

@ -48,17 +48,17 @@ func (p *PodmanTestIntegration) PodmanExtraFiles(args []string, extraFiles []*os
func (p *PodmanTestIntegration) setDefaultRegistriesConfigEnv() { func (p *PodmanTestIntegration) setDefaultRegistriesConfigEnv() {
defaultFile := filepath.Join(INTEGRATION_ROOT, "test/registries.conf") defaultFile := filepath.Join(INTEGRATION_ROOT, "test/registries.conf")
os.Setenv("REGISTRIES_CONFIG_PATH", defaultFile) os.Setenv("CONTAINERS_REGISTRIES_CONF", defaultFile)
} }
func (p *PodmanTestIntegration) setRegistriesConfigEnv(b []byte) { func (p *PodmanTestIntegration) setRegistriesConfigEnv(b []byte) {
outfile := filepath.Join(p.TempDir, "registries.conf") outfile := filepath.Join(p.TempDir, "registries.conf")
os.Setenv("REGISTRIES_CONFIG_PATH", outfile) os.Setenv("CONTAINERS_REGISTRIES_CONF", outfile)
ioutil.WriteFile(outfile, b, 0644) ioutil.WriteFile(outfile, b, 0644)
} }
func resetRegistriesConfigEnv() { func resetRegistriesConfigEnv() {
os.Setenv("REGISTRIES_CONFIG_PATH", "") os.Setenv("CONTAINERS_REGISTRIES_CONF", "")
} }
func PodmanTestCreate(tempDir string) *PodmanTestIntegration { func PodmanTestCreate(tempDir string) *PodmanTestIntegration {
pti := PodmanTestCreateUtil(tempDir, true) pti := PodmanTestCreateUtil(tempDir, true)

6
test/e2e/libpod_suite_test.go
View File

@ -31,17 +31,17 @@ func (p *PodmanTestIntegration) PodmanExtraFiles(args []string, extraFiles []*os
func (p *PodmanTestIntegration) setDefaultRegistriesConfigEnv() { func (p *PodmanTestIntegration) setDefaultRegistriesConfigEnv() {
defaultFile := filepath.Join(INTEGRATION_ROOT, "test/registries.conf") defaultFile := filepath.Join(INTEGRATION_ROOT, "test/registries.conf")
os.Setenv("REGISTRIES_CONFIG_PATH", defaultFile) os.Setenv("CONTAINERS_REGISTRIES_CONF", defaultFile)
} }
func (p *PodmanTestIntegration) setRegistriesConfigEnv(b []byte) { func (p *PodmanTestIntegration) setRegistriesConfigEnv(b []byte) {
outfile := filepath.Join(p.TempDir, "registries.conf") outfile := filepath.Join(p.TempDir, "registries.conf")
os.Setenv("REGISTRIES_CONFIG_PATH", outfile) os.Setenv("CONTAINERS_REGISTRIES_CONF", outfile)
ioutil.WriteFile(outfile, b, 0644) ioutil.WriteFile(outfile, b, 0644)
} }
func resetRegistriesConfigEnv() { func resetRegistriesConfigEnv() {
os.Setenv("REGISTRIES_CONFIG_PATH", "") os.Setenv("CONTAINERS_REGISTRIES_CONF", "")
} }
func PodmanTestCreate(tempDir string) *PodmanTestIntegration { func PodmanTestCreate(tempDir string) *PodmanTestIntegration {

8
test/e2e/login_logout_test.go
View File

@ -125,15 +125,15 @@ var _ = Describe("Podman login and logout", func() {
// Environment is per-process, so this looks very unsafe; actually it seems fine because tests are not // Environment is per-process, so this looks very unsafe; actually it seems fine because tests are not
// run in parallel unless they opt in by calling t.Parallel(). So dont do that. // run in parallel unless they opt in by calling t.Parallel(). So dont do that.
oldRCP, hasRCP := os.LookupEnv("REGISTRIES_CONFIG_PATH") oldRCP, hasRCP := os.LookupEnv("CONTAINERS_REGISTRIES_CONF")
defer func() { defer func() {
if hasRCP { if hasRCP {
os.Setenv("REGISTRIES_CONFIG_PATH", oldRCP) os.Setenv("CONTAINERS_REGISTRIES_CONF", oldRCP)
} else { } else {
os.Unsetenv("REGISTRIES_CONFIG_PATH") os.Unsetenv("CONTAINERS_REGISTRIES_CONF")
} }
}() }()
os.Setenv("REGISTRIES_CONFIG_PATH", registriesConf.Name()) os.Setenv("CONTAINERS_REGISTRIES_CONF", registriesConf.Name())
session := podmanTest.Podman([]string{"login", "-u", "podmantest", "-p", "test"}) session := podmanTest.Podman([]string{"login", "-u", "podmantest", "-p", "test"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()

4
test/python/docker/__init__.py
View File

@ -39,7 +39,7 @@ class Podman(object):
self.cmd.append("--root=" + os.path.join(self.anchor_directory, "crio")) self.cmd.append("--root=" + os.path.join(self.anchor_directory, "crio"))
self.cmd.append("--runroot=" + os.path.join(self.anchor_directory, "crio-run")) self.cmd.append("--runroot=" + os.path.join(self.anchor_directory, "crio-run"))
os.environ["REGISTRIES_CONFIG_PATH"] = os.path.join( os.environ["CONTAINERS_REGISTRIES_CONF"] = os.path.join(
self.anchor_directory, "registry.conf" self.anchor_directory, "registry.conf"
) )
p = configparser.ConfigParser() p = configparser.ConfigParser()
@ -50,7 +50,7 @@ class Podman(object):
"registries.block": {"registries": "[]"}, "registries.block": {"registries": "[]"},
} }
) )
with open(os.environ["REGISTRIES_CONFIG_PATH"], "w") as w: with open(os.environ["CONTAINERS_REGISTRIES_CONF"], "w") as w:
p.write(w) p.write(w)
os.environ["CNI_CONFIG_PATH"] = os.path.join( os.environ["CNI_CONFIG_PATH"] = os.path.join(