If HTTP[S]_PROXY is defined, honor it in python requests usage
as well as pass it on to skopeo.
If http[s]_proxy is defined in atomic.conf, use it; however, environment
variables will override these if defined.
Added --insecure to Atomic push so the user can override the logic
(or lack thereof) around deducing if a registry is insecure. Also
needed for integration tests.
Closes: #964
Approved by: rhatdan
Prior to refactoring, we had a check_latest method that would check
to see if the image being used by container was the latest image
by simply comparing hash IDs.
Adding this back in and refactoring into docker.py.
Closes: #938
Approved by: rhatdan
Instead of calling the default_docker_lib function a bunch of times
in the arg parser, we call it one and use the result in the parser.
Also, tighten up some exit conditions where self.d.close() is being
called when dockerd is not running.
Closes: #921
Approved by: rhatdan
The new 2.x version of the docker python API has non-backward
compatible changes. These changes are described here:
https://docker-py.readthedocs.io/en/stable/change-log.html#breaking-changes
We need to account for docker.Client and docker.APIClient as well
as changes in the way kwargs are handled. Also, it appears the
AutoVersion method is deprecated.
Closes: #894
Approved by: rhatdan
BZ #1422448 actually points out one regression and one
bug related to atomic stop. The BZ itself points out
a TypeError exception in the code when trying to glue
together a python list and str.
Then the atomic stop command was failling in the case where a
STOP label was defined and it uses the variable $NAME resulting
in a subprocess exception.
The self.name variable was not being set by set_args after
refactoring occured. Ideally, this should all be moved
into the image|container object handling but for now we
just handle it in set_args.
Also added a test in test_display to catch any future
regressions.
Closes: #899
Approved by: rhatdan
As of ef984ed, atomic.get_all_vulnerable_info() sometimes returns a JSON
object instead of a string.
Make it always return an object and amend its documentation.
Closes: #817
Approved by: baude
Users wish to be able to pull images by digest. This can be
done by docker and therefore parity is preferred. The request
is described in https://github.com/projectatomic/atomic/issues/691.
$ atomic pull busybox@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912
Pulling docker.io/busybox@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 ...
Copying blob sha256:56bec22e355981d8ba0878c6c2f23b21f422f30ab0aba188b54f1ffeff59c190
495.23 KB / 652.49 KB [=========================================>-------------]
Copying config sha256:e02e811dd08fd49e7f6032625495118e63f597eb150403d02e3238af1df240ba
0 B / 1.43 KB [---------------------------------------------------------------]
Writing manifest to image destination
Storing signatures
1.43 KB / 1.43 KB [===========================================================]
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/busybox 29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 e02e811dd08f 3 months ago 1.093 MB
Note how the tag is populated with the digest. Docker's default behaviour is
to populate the tag with nothing. We cannot currently replicate that exactly.
Closes: #856
Approved by: baude
Refactor several of the atomic verbs and subverbs to take advantage
of object refactoring.
Also, do not pull images with skopeo if the local image is already
at the latest.
$ sudo python ./atomic --debug pull busybox
Namespace(_class=<class 'Atomic.pull.Pull'>, assumeyes=False, debug=True, func='pull_image', image='busybox', reg_type=None, storage='docker')
Latest version of busybox already present.
Closes: #825
Approved by: baude
Refactor:
`atomic update`
`atomic update --container`
`atomic update --container --rollback`
To:
`atomic images update`
`atomic containers update`
`atomic containers rollback`
And update corresponding tests, docs and auto-complete. Much like
other image commands (info, verify), the base verb is hidden but
still available for use.
Move update functionality from atomic.py to update.py, and use
new backendutils to abstract.
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #773
Approved by: rhatdan
Covers all but verify and generate. This is a refactoring of the
images subverbs (i.e. info, version, delete, ...)
Added in a unittest for list and info.
Closes: #771
Approved by: baude
In cases where the input name is not fully-qualified and
the local image is tagged more than once, we iterate repotags
in an attempt to figure out the fq name. If this fails, we
raise a ValueError like before.
Closes: #718
Approved by: rhatdan
Add an optional --storage flag to the following commands:
- images delete
- info
- mount
- verify
- version
If specified, the command will only look at the specified storage
(ostree/docker) for the image to perform the action. If not
specified, the command will look through both ostree/docker for
the image (as it was before). However, if the storage is not
specified and the image exists in both ostree and docker, the
command will error and prompt the user to specify. Image inspection
also no longer forces the user to delete/rename one or the other.
This is meant to address the duplicate naming issue (where a user
can have an image in both ostree and docker with the same name).
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #720
Approved by: giuseppe
also now "version" returns None instead of raising an exception when
the Docker daemon cannot be reached. This is needed so that atomic
can work without a docker daemon as well.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #711
Approved by: rhatdan
The atomic image version subcommand was broken. Among the issues
was it called the wrong method, attempted to obtain the image
if not locally present, and outputted incorrect information. Some
of the problems were described in:
https://github.com/projectatomic/atomic/issues/708
The version method has been redone to obtain the correct information. It
no longer attempts to obtain the image if not present. It raises an
error.
Also, moved the version method into info and performed a pep8 clean up.
Example output now appears like:
```
atomic --debug version -r docker.io/busybox
IMAGE NAME VERSION IMAGE ID
10.3.11.254:5000/baude/busybox:latest None e02e811dd08f
Tag: docker.io/busybox:latest
Tag: localhost:5000/busybox:latest
atomic --debug version -r registry.access.redhat.com/rhel7/rsyslog
IMAGE NAME VERSION IMAGE ID
registry.access.redhat.com/rhel7/rsyslog:latest rhel7/rsyslog-7.2-21 53f20e902da7
registry.access.redhat.com/rhel7.2:7.2-56 rhel7/rhel-7.2-56 1a9b3357bac5
```
Closes: #710
Approved by: baude
Adding the ability to decompose an input image "name" that
includes a digest. For example:
docker.io/library/fedora@sha256:64a02df6aac27d1200c2572fe4b9949f1970d05f74d367ce4af994ba5dc3669e
Also, reword the decompose method in a Decompose class. This simplifies the use of
decomposition and allows for growth.
Example usage:
registry, repo, image, tag, digest = Decompose("docker.io/library/busybox:latest").all
repo = Decompose("docker.io/library/busybox:latest").repo
digest = Decompose("docker.io/fedora@sha256:64a02df6aac27d1200c2...67ce4af994ba5dc3669e").digest
Closes: #701
Approved by: rhatdan
Add extra check to prevent errors for image IDs without repo name.
Before, when a user invokes "atomic version" on such an ID, it
returns "List index out of range" instead of label information
that exists.
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #696
Approved by: rhatdan
We now allow pulls from registries that are not in
the docker configuration file. This altered our
decompose method a bit. We now check the registry
in decompose to see if it resolves on the network.
If so, then we use it.
Closes: #693
Approved by: baude
Add two classes and several new methods for inspecting
registries and images. These methods are helpful
for:
* taking user input (i.e. image names, partial image names) and determining
the fully qualified names.
* determining the fq name when the registry is omitted by the user.
* obtaining image manifests
* mimicing skopeo inspect
Closes: #687
Approved by: baude
they are part of the class SystemContainers, do not repeat
system_container in the name.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #683
Approved by: rhatdan
Colleagues asked for decompose to be improved to where it took
an image name and broke it into registry, repo, image, and tag.
It also should mimic docker's implementation where 'library' is a known
exception
Also added unittests for decompose. Removed a singular glob test
as it is no longer valid
Closes: #677
Approved by: rhatdan
Atomic update and install now use skopeo for pulling images
from registries. This allows us to enforce signature policies
as part of pull and update operations.
Closes: #672
Approved by: rhatdan
Create a copy of os.environ and then modify the copy.
Also add a new function expandvars to util. This function is a
copy of os.path.expandvars but takes an optional parameter of the
environment to expand.
Closes: #521
Approved by: cgwalters
Allow atomic users to sign an images that has been pulled
from a repository. This uses GPG, skopeo, and friends and
creates a local signature file for a image that has been
pulled locally. Signatures are stored in the dir:
/var/lib/atomic/containers/registry/image_name@sha256:image_id/
Individual signature files are then stored as:
../signature-(INTEGER)
where INTEGER is incremented each time a signature
is added.
Closes: #539
Approved by: baude
and use only the last name component:
i.e. previously installing the image "gscrivano/etcd used by default the
name "gscrivano-etcd". Change it to be "etcd" by default.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #559
Approved by: rhatdan
Also breakout images handling into a separate python file.
Atomic/images.py
I have switched atomic images generate to generate an images
mtree file for each image in the system.
Closes: #534
Approved by: giuseppe
_inspect_container and _inspect_image do not raise an exception
if they cannot connect to Docker.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #524
Approved by: rhatdan
Support containers that are stored an OSTree repository and executed
using bubblewrap. bwrap-oci is used to convert the OCI configuration
file to the bubblewrap command line.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #524
Approved by: rhatdan
To find the ID for an image, try in order:
1) Digest from the docker.manifest metadata
2) $SHA if $SHA in ociimage/$SHA is a valid checksum
3) OSTree commit
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #506
Approved by: rhatdan
It returns the information in a similar way to the Docker inspect
format.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #506
Approved by: rhatdan
images now either print to tty or return json data via dbus
Make encoding and decoding work properly for both Python2 and Python3
Create Cockpit JavaScript test client that will call the DBus API
and receive information.
Closes: #494
Approved by: rhatdan
Add the following sub-commands to "atomic images list"
--all: show all images, including intermediate images
--filter: filter output based on given filters
--quiet: only display image IDs
and corresponding bash auto-complete, tests, and documentation.
Closes: #502
Approved by: rhatdan
