Containers.conf is our main configuration file for Podman, it holds various options to tweak the default Podman behavior. In this post you see the changes that we made to containers.conf with the Podman 5.0 release.
The biggest change is making containers.conf read-only. Previously Podman modified the containers.conf file for storage of podman system connections and farms. Writing containers.conf was problematic as it removed all comments and potentially reordered the user options. To address storing system connections and farm information, we decided to stop using containers.conf instead storing this content in a new file called podman-connections.json
next to the old containers.conf file. This new file must only be managed by Podman and not edited directly by users. Podman continues to support the old config options such as [engine.service_destinations]
and the [farms]
section. Meaning it is still possible to add connections/farms manually if needed, this also means that backwards compatibility is given as Podman 5.0 can still read connections created with 4.X and lower. However it is no longer possible to delete such a connection with podman system connection rm
. Podman-py is also updated to support reading connections from the podman-connections.json
file.
Another change that was made is to support a per user config file as root. Previously Podman only searched /usr/share/containers
/etc/containers
$XDG_CONFIG_HOME/containers
$HOME/.config/containers
/etc/containers
Containers.conf supports some new config fields:
- The
retry
andretry_delay
options under the [engine] section allows you to specify the default retries and pause time in between retries for image pull and push operations. This is useful in case your network is not very stable and you often encounter intermittent failures. The default is 3 retries with a delay of 1 second. - The
firewall_driver
option under the [network] section specifies the default firewall driver for netavark. Supported values are iptables, none (no firewall rules will be created), nftables and firewalld (firewalld is experimental at the moment and not recommended outside of testing). - A default home directory volume for podman machine init on the hyper-V hypervisor was added allowing users to share files in the home directory with the VM by default.
- The
interface_name
option under the [containers] section can be set todevice
to let Podman assign the same network interface name in the container as on the host when using the macvlan or ipvlan network driver.
Leave a Reply