root
/
buildah
mirror of https://github.com/containers/buildah.git
1
0
Fork 0
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Add information about the configuration files to the install docs 

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #811
Approved by: TomSweeneyRedHat
This commit is contained in:
Daniel J Walsh 2018-06-22 12:33:33 -04:00 committed by Atomic Bot
parent 35cbd6e113
commit 0143a4428b
2 changed files with 100 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
install.md
View File

@ -71,7 +71,7 @@ Prior to installing Buildah, install the following packages on your Linux distro
* libseccomp-devel
* ostree-devel
* runc (Requires version 1.0 RC4 or higher.)
* skopeo-containers
* containers-common
### Fedora
@ -93,7 +93,7 @@ In Fedora, you can use this command:
bzip2 \
go-md2man \
runc \
skopeo-containers
containers-common
```
Then to install Buildah on Fedora follow the steps in this example:
@ -195,6 +195,102 @@ echo 'deb [signed-by=/usr/share/keyrings/projectatomic-ppa.gpg] http://ppa.launc
apt update
apt -y install -t stretch-backports libostree-dev golang
apt -y install bats btrfs-tools git libapparmor-dev libdevmapper-dev libglib2.0-dev libgpgme11-dev libseccomp-dev libselinux1-dev skopeo-containers go-md2man
```
```
The build steps on Debian are otherwise the same as Ubuntu, above.
## Configuration files
### [registries.conf](https://src.fedoraproject.org/rpms/skopeo/blob/master/f/registries.conf)
#### Man Page: [registries.conf.5](https://github.com/containers/image/blob/master/docs/registries.conf.5.md)
`/etc/containers/registries.conf`
registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion.
#### Example from the Fedora `containers-common` package
```
cat /etc/containers/registries.conf
# This is a system-wide configuration file used to
# keep track of registries for various container backends.
# It adheres to TOML format and does not support recursive
# lists of registries.
# The default location for this configuration file is /etc/containers/registries.conf.
# The only valid categories are: 'registries.search', 'registries.insecure',
# and 'registries.block'.
[registries.search]
registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
# If you need to access insecure registries, add the registry's fully-qualified name.
# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
[registries.insecure]
registries = []
# If you need to block pull access from a registry, uncomment the section below
# and add the registries fully-qualified name.
#
# Docker only
[registries.block]
registries = []
```
### [mounts.conf](https://src.fedoraproject.org/rpms/skopeo/blob/master/f/mounts.conf)
`/usr/share/containers/mounts.conf` and optionally `/etc/containers/mounts.conf`
The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the `buildah run` or `buildah build-using-dockerfile` commands. Container process can then use this content. The volume mount content does not get committed to the final image.
Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories.
For example, a mounts.conf with the line "`/usr/share/rhel/secrets:/run/secrets`", the content of `/usr/share/rhel/secrets` directory is mounted on `/run/secrets` inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container.
Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host.
#### Example from the Fedora `containers-common` package:
```
cat /usr/share/containers/mounts.conf
/usr/share/rhel/secrets:/run/secrets
```
### [seccomp.json](https://src.fedoraproject.org/rpms/skopeo/blob/master/f/seccomp.json)
`/usr/share/containers/seccomp.json`
seccomp.json contains the whitelist of seccomp rules to be allowed inside of
containers. This file is usually provided by the containers-common package.
The link above takes you to the seccomp.json
### [policy.json](https://github.com/projectatomic/skopeo/blob/master/default-policy.json)
`/etc/containers/policy.json`
#### Man Page: [policy.json.5](https://github.com/containers/image/blob/master/docs/policy.json.md)
#### Example from the Fedora `containers-common` package:
```
cat /etc/containers/policy.json
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
}
}
}
```

2
troubleshooting.md
View File

@ -20,7 +20,7 @@ error building: error creating build container: no such image "alpine" in regist
#### Solution
* Verify that the `/etc/containers/registries.conf` file exists. If not, verify that the skopeo-containers package is installed.
* Verify that the `/etc/containers/registries.conf` file exists. If not, verify that the containers-common package is installed.
* Verify that the entries in the `[registries.search]` section of the /etc/containers/registries file are valid and reachable.
---