Merge 07517c3da1 into d7d2ce7ce2

Makefile

@@ -9,8 +9,7 @@ PREFIX ?= ${DESTDIR}/usr/local
 BINDIR ?= ${PREFIX}/bin
 LIBEXECDIR ?= ${PREFIX}/libexec
 MANDIR ?= ${PREFIX}/share/man
-ETCDIR ?= ${DESTDIR}/etc
+CONFIGDIR ?= ${PREFIX}/lib/crio
-ETCDIR_CRIO ?= ${ETCDIR}/crio
 BUILDTAGS ?= selinux seccomp $(shell hack/btrfs_tag.sh) $(shell hack/libdm_tag.sh) $(shell hack/btrfs_installed_tag.sh)
 BASHINSTALLDIR=${PREFIX}/share/bash-completion/completions
 OCIUMOUNTINSTALLDIR=$(PREFIX)/share/oci-umount/oci-umount.d
@@ -157,8 +156,8 @@ install.man:
 	install ${SELINUXOPT} -m 644 $(filter %.8,$(MANPAGES)) -t $(MANDIR)/man8
 
 install.config:
-	install ${SELINUXOPT} -D -m 644 crio.conf $(ETCDIR_CRIO)/crio.conf
+	install ${SELINUXOPT} -D -m 644 crio.conf $(CONFIGDIR)/crio.conf
-	install ${SELINUXOPT} -D -m 644 seccomp.json $(ETCDIR_CRIO)/seccomp.json
+	install ${SELINUXOPT} -D -m 644 seccomp.json $(CONFIGDIR)/seccomp.json
 	install ${SELINUXOPT} -D -m 644 crio-umount.conf $(OCIUMOUNTINSTALLDIR)/crio-umount.conf
 
 install.completions:

cmd/crio/main.go

@@ -46,17 +46,22 @@ func validateConfig(config *server.Config) error {
 }
 
 func mergeConfig(config *server.Config, ctx *cli.Context) error {
-	// Don't parse the config if the user explicitly set it to "".
+	configFile := server.CrioConfigPath
-	if path := ctx.GlobalString("config"); path != "" {
+	if ctx.GlobalIsSet("config") {
-		if err := config.UpdateFromFile(path); err != nil {
+		configFile = ctx.GlobalString("config")
-			if ctx.GlobalIsSet("config") || !os.IsNotExist(err) {
+	} else if _, err := os.Stat(server.OverrideCrioConfigPath); err == nil {
+		configFile = server.OverrideCrioConfigPath
+	}
+	if configFile != "" {
+		if err := config.UpdateFromFile(configFile); err != nil {
+			if !os.IsNotExist(err) {
 				return err
 			}
 
 			// We don't error out if --config wasn't explicitly set and the
 			// default doesn't exist. But we will log a warning about it, so
 			// the user doesn't miss it.
-			logrus.Warnf("default configuration file does not exist: %s", server.CrioConfigPath)
+			logrus.Warnf("default configuration file does not exist: %s", configFile)
 		}
 	}
 

cmd/kpod/common.go

@@ -62,11 +62,11 @@ func shutdownStores() {
 
 func getConfig(c *cli.Context) (*libkpod.Config, error) {
 	config := libkpod.DefaultConfig()
-	var configFile string
+	configFile := server.CrioConfigPath
 	if c.GlobalIsSet("config") {
 		configFile = c.GlobalString("config")
-	} else if _, err := os.Stat(server.CrioConfigPath); err == nil {
+	} else if _, err := os.Stat(server.OverrideCrioConfigPath); err == nil {
-		configFile = server.CrioConfigPath
+		configFile = server.OverrideCrioConfigPath
 	}
 	// load and merge the configfile from the commandline or use
 	// the default crio config file

docs/crio.8.md

@@ -134,7 +134,7 @@ set the CPU profile file path
   Enable selinux support (default: false)
 
 **--seccomp-profile**=""
-  Path to the seccomp json profile to be used as the runtime's default (default: "/etc/crio/seccomp.json")
+  Path to the seccomp json profile to be used as the runtime's default (default: "/usr/lib/crio/seccomp.json")
 
 **--signature-policy**=""
   Path to the signature policy json file (default: "", to use the system-wide default)

docs/crio.conf.5.md

@@ -10,6 +10,11 @@ The CRI-O configuration file specifies all of the available command-line options
 for the crio(8) program, but in a TOML format that can be more easily modified
 and versioned.
 
+The default location for the crio.conf file is /usr/lib/crio/crio.conf.  You can
+override the contents by copying crio.conf to /etc/crio/crio.conf and making your changes there.
+Tools that read crio.conf will attempt to read /etc/crio/crio.conf if it exists, if not they
+fail over to read /usr/lib/crio/crio.conf.
+
 # FORMAT
 The [TOML format][toml] is used as the encoding of the configuration file.
 Every option and subtable listed here is nested under a global "crio" table.
@@ -97,7 +102,7 @@ Example:
   Path to the signature policy json file (default: "", to use the system-wide default)
 
 **seccomp_profile**=""
-  Path to the seccomp json profile to be used as the runtime's default (default: "/etc/crio/seccomp.json")
+  Path to the seccomp json profile to be used as the runtime's default (default: "/usr/lib/crio/seccomp.json")
 
 **apparmor_profile**=""
   Name of the apparmor profile to be used as the runtime's default (default: "crio-default")

kubernetes.md

@@ -17,8 +17,8 @@ You must prepare and install `crio` on each node you would like to switch. Here'
 
 | File path                                  | Description                | Location                                            |
 |--------------------------------------------|----------------------------|-----------------------------------------------------|
-| `/etc/crio/crio.conf`                      | crio configuration         | Generated on cri-o `make install`                   |
+| `/usr/lib/crio/crio.conf`                      | crio configuration         | Generated on cri-o `make install`                   |
-| `/etc/crio/seccomp.conf`                   | seccomp config             | Example stored in cri-o repository                  |
+| `/usr/lib/crio/seccomp.conf`                   | seccomp config             | Example stored in cri-o repository                  |
 | `/etc/containers/policy.json`              | containers policy          | Example stored in cri-o repository                  |
 | `/bin/{crio, runc}`                        | `crio` and `runc` binaries | Built from cri-o repository                         |
 | `/usr/local/libexec/crio/conmon`           | `conmon` binary            | Built from cri-o repository                         |

libkpod/config.go

@@ -17,7 +17,7 @@ const (
 	pauseImage          = "kubernetes/pause"
 	pauseCommand        = "/pause"
 	defaultTransport    = "docker://"
-	seccompProfilePath  = "/etc/crio/seccomp.json"
+	seccompProfilePath  = "/usr/lib/crio/seccomp.json"
 	apparmorProfileName = "crio-default"
 	cniConfigDir        = "/etc/cni/net.d/"
 	cniBinDir           = "/opt/cni/bin/"

libkpod/testdata/config.toml

@@ -11,7 +11,7 @@
     conmon = "/usr/local/libexec/crio/conmon"
     conmon_env = ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]
     selinux = true
-    seccomp_profile = "/etc/crio/seccomp.json"
+    seccomp_profile = "/usr/lib/crio/seccomp.json"
     apparmor_profile = "crio-default"
     cgroup_manager = "cgroupfs"
     hooks_dir_path = "/usr/share/containers/oci/hooks.d"

server/config.go

@@ -9,7 +9,10 @@ import (
 )
 
 //CrioConfigPath is the default location for the conf file
-const CrioConfigPath = "/etc/crio/crio.conf"
+const CrioConfigPath = "/usr/lib/crio/crio.conf"
+
+//OverrideCrioConfigPath is the default location for the conf file
+const OverrideCrioConfigPath = "/etc/crio/crio.conf"
 
 // Config represents the entire set of configuration values that can be set for
 // the server. This is intended to be loaded from a toml-encoded config file.

tutorial.md

@@ -138,8 +138,8 @@ install -d -m 755 /usr/local/share/man/man{1,5,8}
 install -m 644 docs/kpod.1 docs/kpod-launch.1 -t /usr/local/share/man/man1
 install -m 644 docs/crio.conf.5 -t /usr/local/share/man/man5
 install -m 644 docs/crio.8 -t /usr/local/share/man/man8
-install -D -m 644 crio.conf /etc/crio/crio.conf
+install -D -m 644 crio.conf /usr/lib/crio/crio.conf
-install -D -m 644 seccomp.json /etc/crio/seccomp.json
+install -D -m 644 seccomp.json /usr/lib/crio/seccomp.json
 ```
 
 If you are installing for the first time, generate config as follows:
@@ -151,8 +151,8 @@ sudo make install.config
 Output:
 
 ```
-install -D -m 644 crio.conf /etc/crio/crio.conf
+install -D -m 644 crio.conf /usr/lib/crio/crio.conf
-install -D -m 644 seccomp.json /etc/crio/seccomp.json
+install -D -m 644 seccomp.json /usr/lib/crio/seccomp.json
 ```
 
 #### Start the crio system daemon