summaryrefslogtreecommitdiffstats
path: root/roles/docker/templates
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2017-10-07 02:45:31 -0700
committerGitHub <noreply@github.com>2017-10-07 02:45:31 -0700
commit88191454aff1542c9b094b2dda06445d77217022 (patch)
treebcc5f3d97f6d8b114860ebacd3ab5458f50e60cf /roles/docker/templates
parent707be43d8ed091612ae1cf7e0f44a3b5598d402a (diff)
parent71091705ebe97ed53e7fcea318d08b4a1f6e994d (diff)
downloadopenshift-88191454aff1542c9b094b2dda06445d77217022.tar.gz
openshift-88191454aff1542c9b094b2dda06445d77217022.tar.bz2
openshift-88191454aff1542c9b094b2dda06445d77217022.tar.xz
openshift-88191454aff1542c9b094b2dda06445d77217022.zip
Merge pull request #5661 from giuseppe/crio-use-overlay-instead-of-overlay2
Automatic merge from submit-queue. cri-o: use overlay instead of overlay2 overlay2 and overlay are the same driver. Upstream CRI-O is going to drop any reference to overlay2 and use only overlay. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'roles/docker/templates')
-rw-r--r--roles/docker/templates/crio.conf.j228
1 files changed, 25 insertions, 3 deletions
diff --git a/roles/docker/templates/crio.conf.j2 b/roles/docker/templates/crio.conf.j2
index b4ee84fd0..cce790a60 100644
--- a/roles/docker/templates/crio.conf.j2
+++ b/roles/docker/templates/crio.conf.j2
@@ -13,12 +13,12 @@ runroot = "/var/run/containers/storage"
# storage_driver select which storage driver is used to manage storage
# of images and containers.
-storage_driver = "overlay2"
+storage_driver = "overlay"
# storage_option is used to pass an option to the storage driver.
storage_option = [
{% if ansible_distribution in ['RedHat', 'CentOS'] %}
- "overlay2.override_kernel_check=1"
+ "overlay.override_kernel_check=1"
{% endif %}
]
@@ -35,6 +35,10 @@ stream_address = ""
# stream_port is the port on which the stream server will listen
stream_port = "10010"
+# file_locking is whether file-based locking will be used instead of
+# in-memory locking
+file_locking = true
+
# The "crio.runtime" table contains settings pertaining to the OCI
# runtime used and options for how to set up and manage the OCI runtime.
[crio.runtime]
@@ -67,6 +71,9 @@ runtime_untrusted_workload = ""
# container runtime for all containers.
default_workload_trust = "trusted"
+# no_pivot instructs the runtime to not use pivot_root, but instead use MS_MOVE
+no_pivot = false
+
# conmon is the path to conmon binary, used for managing the runtime.
conmon = "/usr/libexec/crio/conmon"
@@ -91,7 +98,17 @@ apparmor_profile = "crio-default"
# cgroup_manager is the cgroup management implementation to be used
# for the runtime.
-cgroup_manager = "systemd"
+cgroup_manager = "cgroupfs"
+
+# hooks_dir_path is the oci hooks directory for automatically executed hooks
+hooks_dir_path = "/usr/share/containers/oci/hooks.d"
+
+# pids_limit is the number of processes allowed in a container
+pids_limit = 1024
+
+# log_size_max is the max limit for the container log size in bytes.
+# Negative values indicate that no limit is imposed.
+log_size_max = -1
# The "crio.image" table contains settings pertaining to the
# management of OCI images.
@@ -115,6 +132,10 @@ pause_command = "/pause"
# unspecified so that the default system-wide policy will be used.
signature_policy = ""
+# image_volumes controls how image volumes are handled.
+# The valid values are mkdir and ignore.
+image_volumes = "mkdir"
+
# insecure_registries is used to skip TLS verification when pulling images.
insecure_registries = [
{{ l_insecure_crio_registries|default("") }}
@@ -125,6 +146,7 @@ insecure_registries = [
registries = [
{{ l_additional_crio_registries|default("") }}
]
+
# The "crio.network" table contains settings pertaining to the
# management of CNI plugins.
[crio.network]