diff --git a/Makefile b/Makefile index 27bd3725..17c85762 100644 --- a/Makefile +++ b/Makefile @@ -9,8 +9,7 @@ PREFIX ?= ${DESTDIR}/usr/local BINDIR ?= ${PREFIX}/bin LIBEXECDIR ?= ${PREFIX}/libexec MANDIR ?= ${PREFIX}/share/man -ETCDIR ?= ${DESTDIR}/etc -ETCDIR_CRIO ?= ${ETCDIR}/crio +CONFIGDIR ?= ${PREFIX}/lib/crio BUILDTAGS ?= selinux seccomp $(shell hack/btrfs_tag.sh) $(shell hack/libdm_tag.sh) $(shell hack/btrfs_installed_tag.sh) BASHINSTALLDIR=${PREFIX}/share/bash-completion/completions OCIUMOUNTINSTALLDIR=$(PREFIX)/share/oci-umount/oci-umount.d @@ -157,8 +156,8 @@ install.man: install ${SELINUXOPT} -m 644 $(filter %.8,$(MANPAGES)) -t $(MANDIR)/man8 install.config: - install ${SELINUXOPT} -D -m 644 crio.conf $(ETCDIR_CRIO)/crio.conf - install ${SELINUXOPT} -D -m 644 seccomp.json $(ETCDIR_CRIO)/seccomp.json + install ${SELINUXOPT} -D -m 644 crio.conf $(CONFIGDIR)/crio.conf + install ${SELINUXOPT} -D -m 644 seccomp.json $(CONFIGDIR)/seccomp.json install ${SELINUXOPT} -D -m 644 crio-umount.conf $(OCIUMOUNTINSTALLDIR)/crio-umount.conf install.completions: diff --git a/cmd/crio/main.go b/cmd/crio/main.go index 95289956..113b8db0 100644 --- a/cmd/crio/main.go +++ b/cmd/crio/main.go @@ -46,17 +46,22 @@ func validateConfig(config *server.Config) error { } func mergeConfig(config *server.Config, ctx *cli.Context) error { - // Don't parse the config if the user explicitly set it to "". - if path := ctx.GlobalString("config"); path != "" { - if err := config.UpdateFromFile(path); err != nil { - if ctx.GlobalIsSet("config") || !os.IsNotExist(err) { + configFile := server.CrioConfigPath + if ctx.GlobalIsSet("config") { + configFile = ctx.GlobalString("config") + } else if _, err := os.Stat(server.OverrideCrioConfigPath); err == nil { + configFile = server.OverrideCrioConfigPath + } + if configFile != "" { + if err := config.UpdateFromFile(configFile); err != nil { + if !os.IsNotExist(err) { return err } // We don't error out if --config wasn't explicitly set and the // default doesn't exist. But we will log a warning about it, so // the user doesn't miss it. - logrus.Warnf("default configuration file does not exist: %s", server.CrioConfigPath) + logrus.Warnf("default configuration file does not exist: %s", configFile) } } diff --git a/cmd/kpod/common.go b/cmd/kpod/common.go index f77b3fd1..32544d4d 100644 --- a/cmd/kpod/common.go +++ b/cmd/kpod/common.go @@ -62,11 +62,11 @@ func shutdownStores() { func getConfig(c *cli.Context) (*libkpod.Config, error) { config := libkpod.DefaultConfig() - var configFile string + configFile := server.CrioConfigPath if c.GlobalIsSet("config") { configFile = c.GlobalString("config") - } else if _, err := os.Stat(server.CrioConfigPath); err == nil { - configFile = server.CrioConfigPath + } else if _, err := os.Stat(server.OverrideCrioConfigPath); err == nil { + configFile = server.OverrideCrioConfigPath } // load and merge the configfile from the commandline or use // the default crio config file diff --git a/docs/crio.8.md b/docs/crio.8.md index 2c9d4857..e652342a 100644 --- a/docs/crio.8.md +++ b/docs/crio.8.md @@ -134,7 +134,7 @@ set the CPU profile file path Enable selinux support (default: false) **--seccomp-profile**="" - Path to the seccomp json profile to be used as the runtime's default (default: "/etc/crio/seccomp.json") + Path to the seccomp json profile to be used as the runtime's default (default: "/usr/lib/crio/seccomp.json") **--signature-policy**="" Path to the signature policy json file (default: "", to use the system-wide default) diff --git a/docs/crio.conf.5.md b/docs/crio.conf.5.md index 32cac7a4..c514d784 100644 --- a/docs/crio.conf.5.md +++ b/docs/crio.conf.5.md @@ -10,6 +10,11 @@ The CRI-O configuration file specifies all of the available command-line options for the crio(8) program, but in a TOML format that can be more easily modified and versioned. +The default location for the crio.conf file is /usr/lib/crio/crio.conf. You can +override the contents by copying crio.conf to /etc/crio/crio.conf and making your changes there. +Tools that read crio.conf will attempt to read /etc/crio/crio.conf if it exists, if not they +fail over to read /usr/lib/crio/crio.conf. + # FORMAT The [TOML format][toml] is used as the encoding of the configuration file. Every option and subtable listed here is nested under a global "crio" table. @@ -97,7 +102,7 @@ Example: Path to the signature policy json file (default: "", to use the system-wide default) **seccomp_profile**="" - Path to the seccomp json profile to be used as the runtime's default (default: "/etc/crio/seccomp.json") + Path to the seccomp json profile to be used as the runtime's default (default: "/usr/lib/crio/seccomp.json") **apparmor_profile**="" Name of the apparmor profile to be used as the runtime's default (default: "crio-default") diff --git a/kubernetes.md b/kubernetes.md index a88a76a3..6dbfe16a 100644 --- a/kubernetes.md +++ b/kubernetes.md @@ -17,8 +17,8 @@ You must prepare and install `crio` on each node you would like to switch. Here' | File path | Description | Location | |--------------------------------------------|----------------------------|-----------------------------------------------------| -| `/etc/crio/crio.conf` | crio configuration | Generated on cri-o `make install` | -| `/etc/crio/seccomp.conf` | seccomp config | Example stored in cri-o repository | +| `/usr/lib/crio/crio.conf` | crio configuration | Generated on cri-o `make install` | +| `/usr/lib/crio/seccomp.conf` | seccomp config | Example stored in cri-o repository | | `/etc/containers/policy.json` | containers policy | Example stored in cri-o repository | | `/bin/{crio, runc}` | `crio` and `runc` binaries | Built from cri-o repository | | `/usr/local/libexec/crio/conmon` | `conmon` binary | Built from cri-o repository | diff --git a/libkpod/config.go b/libkpod/config.go index 687b4b38..0f7fc163 100644 --- a/libkpod/config.go +++ b/libkpod/config.go @@ -17,7 +17,7 @@ const ( pauseImage = "kubernetes/pause" pauseCommand = "/pause" defaultTransport = "docker://" - seccompProfilePath = "/etc/crio/seccomp.json" + seccompProfilePath = "/usr/lib/crio/seccomp.json" apparmorProfileName = "crio-default" cniConfigDir = "/etc/cni/net.d/" cniBinDir = "/opt/cni/bin/" diff --git a/libkpod/testdata/config.toml b/libkpod/testdata/config.toml index 31827367..e196d30c 100644 --- a/libkpod/testdata/config.toml +++ b/libkpod/testdata/config.toml @@ -11,7 +11,7 @@ conmon = "/usr/local/libexec/crio/conmon" conmon_env = ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"] selinux = true - seccomp_profile = "/etc/crio/seccomp.json" + seccomp_profile = "/usr/lib/crio/seccomp.json" apparmor_profile = "crio-default" cgroup_manager = "cgroupfs" hooks_dir_path = "/usr/share/containers/oci/hooks.d" diff --git a/server/config.go b/server/config.go index 6c2d26cd..7e2bde3a 100644 --- a/server/config.go +++ b/server/config.go @@ -9,7 +9,10 @@ import ( ) //CrioConfigPath is the default location for the conf file -const CrioConfigPath = "/etc/crio/crio.conf" +const CrioConfigPath = "/usr/lib/crio/crio.conf" + +//OverrideCrioConfigPath is the default location for the conf file +const OverrideCrioConfigPath = "/etc/crio/crio.conf" // Config represents the entire set of configuration values that can be set for // the server. This is intended to be loaded from a toml-encoded config file. diff --git a/tutorial.md b/tutorial.md index 0994559a..b874db15 100644 --- a/tutorial.md +++ b/tutorial.md @@ -138,8 +138,8 @@ install -d -m 755 /usr/local/share/man/man{1,5,8} install -m 644 docs/kpod.1 docs/kpod-launch.1 -t /usr/local/share/man/man1 install -m 644 docs/crio.conf.5 -t /usr/local/share/man/man5 install -m 644 docs/crio.8 -t /usr/local/share/man/man8 -install -D -m 644 crio.conf /etc/crio/crio.conf -install -D -m 644 seccomp.json /etc/crio/seccomp.json +install -D -m 644 crio.conf /usr/lib/crio/crio.conf +install -D -m 644 seccomp.json /usr/lib/crio/seccomp.json ``` If you are installing for the first time, generate config as follows: @@ -151,8 +151,8 @@ sudo make install.config Output: ``` -install -D -m 644 crio.conf /etc/crio/crio.conf -install -D -m 644 seccomp.json /etc/crio/seccomp.json +install -D -m 644 crio.conf /usr/lib/crio/crio.conf +install -D -m 644 seccomp.json /usr/lib/crio/seccomp.json ``` #### Start the crio system daemon