Merge pull request #2860 from deitch/metadata-to-run

Move metadata to /run instead of /var

blueprints/docker-for-mac/base.yml

@@ -9,7 +9,7 @@ init:
   - linuxkit/containerd:1b6b8a5884e17b26e2725cb82c436841070fca95
   - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0
 onboot:
-  # support metadata for optional config in /var/config
+  # support metadata for optional config in /run/config
   - name: metadata
     image: linuxkit/metadata:2af15c9f4b0e73515c219b7cc14e6e65e1d4fd6d
   - name: sysctl

blueprints/docker-for-mac/docker-ce.yml

@@ -1,7 +1,7 @@
 services:
   # Run dockerd with the vpnkit userland proxy from the vpnkit-forwarder container.
   # Bind mounts /var/run to allow vsudd to connect to docker.sock, /var/vpnkit
-  # for vpnkit coordination and /var/config/docker for the configuration file.
+  # for vpnkit coordination and /run/config/docker for the configuration file.
   - name: docker-dfm
     image: docker:17.07.0-ce-dind
     capabilities:
@@ -16,7 +16,7 @@ services:
      - /lib/modules:/lib/modules
      - /var/vpnkit:/port # vpnkit control 9p mount
      - /var/run:/var/run
-     - /var/config/docker:/var/config/docker
+     - /run/config/docker:/var/config/docker
      - /usr/bin/vpnkit-expose-port:/usr/bin/vpnkit-expose-port # userland proxy
      - /usr/bin/vpnkit-iptables-wrapper:/usr/bin/iptables # iptables wrapper 
     command: [ "/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",

docs/metadata.md

@@ -12,11 +12,11 @@ instances before launch (it is immutable in most providers).
 The [metadata package](../pkg/metadata/) handles both metadata and
 userdata for a number of providers (see below).  It abstracts over
 the provider differences by exposing both metadata and userdata in
-a directory hierarchy under `/var/config`.  For example, sshd config
+a directory hierarchy under `/run/config`.  For example, sshd config
-files from the metadata are placed under `/var/config/ssh`.
+files from the metadata are placed under `/run/config/ssh`.
 
 Userdata is assumed to be a single string and the contents will be
-stored under `/var/config/userdata`.  If userdata is a JSON file, the
+stored under `/run/config/userdata`.  If userdata is a JSON file, the
 contents will be further processed, where different keys cause
 directories to be created and the directories are populated with files.
 For example, the following userdata file:
@@ -45,9 +45,9 @@ For example, the following userdata file:
 ```
 will generate the following files:
 ```
-/var/config/ssh/sshd_config
+/run/config/ssh/sshd_config
-/var/config/foo/bar
+/run/config/foo/bar
-/var/config/foo/baz
+/run/config/foo/baz
 ```
 
 The JSON file consists of a map from `name` to an entry object. Each entry object has the following fields:
@@ -86,20 +86,20 @@ Below is a list of supported providers and notes on what is supported. We will a
 GCP metadata is reached via a well known URL
 (`http://metadata.google.internal/`) and currently
 we extract the hostname and populate the
-`/var/config/ssh/authorized_keys` from metadata. In the future we'll
+`/run/config/ssh/authorized_keys` from metadata. In the future we'll
 add more complete SSH support.
 
 GCP userdata is extracted from `/computeMetadata/v1/instance/attributes/userdata`
-and made available in `/var/config/userdata`.
+and made available in `/run/config/userdata`.
 
 ## AWS
 
 AWS metadata is reached via the following URL
 (`http://169.254.169.254/latest/meta-data/`) and currently we extract the
-hostname and populate the `/var/config/ssh/authorized_keys` from metadata.
+hostname and populate the `/run/config/ssh/authorized_keys` from metadata.
 
 AWS userdata is extracted from `http://169.254.169.254/latest/user-data` and
-and made available in `/var/config/userdata`.
+and made available in `/run/config/userdata`.
 
 
 ## HyperKit

examples/aws.yml

@@ -20,7 +20,7 @@ services:
   - name: sshd
     image: linuxkit/sshd:ac5e8364e2e9aa8717a3295c51eb60b8c57373d5
     binds:
-     - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys
+     - /run/config/ssh/authorized_keys:/root/.ssh/authorized_keys
   - name: nginx
     image: nginx:alpine
     capabilities:

examples/gcp.yml

@@ -24,7 +24,7 @@ services:
   - name: sshd
     image: linuxkit/sshd:ac5e8364e2e9aa8717a3295c51eb60b8c57373d5
     binds:
-     - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys
+     - /run/config/ssh/authorized_keys:/root/.ssh/authorized_keys
   - name: nginx
     image: nginx:alpine
     capabilities:

examples/openstack.yml

@@ -21,7 +21,7 @@ services:
   - name: sshd
     image: linuxkit/sshd:ac5e8364e2e9aa8717a3295c51eb60b8c57373d5
     binds:
-     - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys
+     - /run/config/ssh/authorized_keys:/root/.ssh/authorized_keys
   - name: nginx
     image: nginx:alpine
     capabilities:

examples/vultr.yml

@@ -24,7 +24,7 @@ services:
   - name: sshd
     image: linuxkit/sshd:ac5e8364e2e9aa8717a3295c51eb60b8c57373d5
     binds:
-     - /var/config/ssh/authorized_keys:/root/.ssh/authorized_keys
+     - /run/config/ssh/authorized_keys:/root/.ssh/authorized_keys
   - name: nginx
     image: nginx:alpine
     capabilities:

pkg/metadata/main.go

@@ -12,7 +12,7 @@ import (
 
 const (
 	// ConfigPath is where the data is extracted to
-	ConfigPath = "/var/config"
+	ConfigPath = "/run/config"
 
 	// Hostname is the filename in configPath where the hostname is stored
 	Hostname = "hostname"