Ideally atomic will be able to run multiple container
runtimes. In and effort to do so, we must have a concept
of a global registries configuration file which will allow
us to pull images with atomic and skopeo. The tooling
that parses the global configuration file is:
https://github.com/projectatomic/registries
This is step one in the implementation of this tooling
and direction.
Closes: #1003
Approved by: rhatdan
The following integration tests have been added:
* ScanList
* ImagePull
* ImageUpdate
* ImageUpate when at latest
* ImagePull when already at latest
* Run
* ContainersDelete
* ContainersDelete when container doesnt exist
Closes: #904
Approved by: rhatdan
If an image from a registry has a label like:
atomic.type=system
the Atomic CLI will now detect that prior to pulling
the image. It will then switch the backend storage
to ostree. In the case of install, it will both
pull to ostree and install it.
If the backend is switched, a message informing the user
as such will be shown.
The detection and switch of the backend can be overriden
with the --storage option.
The following is an example of install:
$ sudo atomic install atomic-registry.usersys.redhat.com:5000/brentbaude/helloworld:latest
Note: Switching from the 'docker' backend to the 'ostree' backend based on the 'atomic.type' label in the image. You can use --storage to override this behaviour.
Extracting to /var/lib/containers/atomic/helloworld.0
systemctl daemon-reload
systemctl enable helloworld
$ sudo ./atomic images list
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE TYPE
atomic-registry.usersys.redhat.com:5000/brentbaude/helloworld latest 0056366e4ebd 2017-02-01 18:04 ostree
$ sudo ./atomic containers list -a
CONTAINER ID IMAGE COMMAND CREATED STATE BACKEND RUNTIME
helloworld atomic-registry.user /usr/bin/run.sh 2017-02-01 18:04 failed ostree runc
Closes: #861
Approved by: baude
When a fq image name is used, the error messages contained the full
stderr formed by skopeo. It was preferable to only show the msg
portion of the error.
Closes: #862
Approved by: baude
Added two tests for pull by digest: one where the image is not
present and the other when it is.
Also, addressed review comments.
Closes: #856
Approved by: baude
Refactor several of the atomic verbs and subverbs to take advantage
of object refactoring.
Also, do not pull images with skopeo if the local image is already
at the latest.
$ sudo python ./atomic --debug pull busybox
Namespace(_class=<class 'Atomic.pull.Pull'>, assumeyes=False, debug=True, func='pull_image', image='busybox', reg_type=None, storage='docker')
Latest version of busybox already present.
Closes: #825
Approved by: baude
Make `atomic pull` work with "dockertar:/path" arguments for the docker
storage backend just as well as it does for ostree.
Closes: #776
Approved by: rhatdan
Adding the ability to decompose an input image "name" that
includes a digest. For example:
docker.io/library/fedora@sha256:64a02df6aac27d1200c2572fe4b9949f1970d05f74d367ce4af994ba5dc3669e
Also, reword the decompose method in a Decompose class. This simplifies the use of
decomposition and allows for growth.
Example usage:
registry, repo, image, tag, digest = Decompose("docker.io/library/busybox:latest").all
repo = Decompose("docker.io/library/busybox:latest").repo
digest = Decompose("docker.io/fedora@sha256:64a02df6aac27d1200c2...67ce4af994ba5dc3669e").digest
Closes: #701
Approved by: rhatdan
Add two classes and several new methods for inspecting
registries and images. These methods are helpful
for:
* taking user input (i.e. image names, partial image names) and determining
the fully qualified names.
* determining the fq name when the registry is omitted by the user.
* obtaining image manifests
* mimicing skopeo inspect
Closes: #687
Approved by: baude
Colleagues asked for decompose to be improved to where it took
an image name and broke it into registry, repo, image, and tag.
It also should mimic docker's implementation where 'library' is a known
exception
Also added unittests for decompose. Removed a singular glob test
as it is no longer valid
Closes: #677
Approved by: rhatdan
When a image without a registry is provided as input, i.e.
atomic pull busybox
We are not able to resolve that reference now because we can
no longer depend on docker's algo's for that as we now
use skopeo. Therefore, we now take the input, see if skopeo
inspect can resolve it; and then decompose the fqdn so we
can check if the registry is secure. Had to make a small
change on the return types of util.decompose to ensure
it returns str objects or else it will return unicode in
python2.
Closes: #650
Approved by: rhatdan
Enabling signing and pushing at the same time. At the time of
this writing, we cannot verify that the atomic targets are
working but the code is there. THis is enabled with the
--type atomic switch. Otherwise, signatures are written locally
and the image is pushed.
Closes: #631
Approved by: rhatdan
Skopeo discards the tag when expanding the docker image
name. We need the tag included when doing the verification,
so use util.decompose to derive the tag from the input name
and be sure to add it.
Also added some simple debug extensions to be able to see
what skopeo is doing when --debug is provided.
Closes: #595
Approved by: rhatdan
There is no change to a pull where --storage is ostree. But for docker,
we now use skopeo copy to "pull" and image from a registry and verify
its signature (should the policy require it).
When docker is the destination for skopeo copy, it requires a tag. If
no tag is given by the user, we inject "latest".
Closes: #586
Approved by: baude
