Add an optional --storage flag to the following commands:
- images delete
- info
- mount
- verify
- version
If specified, the command will only look at the specified storage
(ostree/docker) for the image to perform the action. If not
specified, the command will look through both ostree/docker for
the image (as it was before). However, if the storage is not
specified and the image exists in both ostree and docker, the
command will error and prompt the user to specify. Image inspection
also no longer forces the user to delete/rename one or the other.
This is meant to address the duplicate naming issue (where a user
can have an image in both ostree and docker with the same name).
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #720
Approved by: giuseppe
In order to cleanup code and simplify interface, i
move help, info, verify and version to the images subcommand.
Remove man pages for these atomic commands and add info to images subcommand.
Since these have been previously documented we will continue to support
atomic help
atomic info
atomic verify
atomic version
But we will not document them.
Closes: #676
Approved by: rhatdan
We need to default the gnukeyring to the users login directory. To
make it easier for the user.
Also add bash completions for -g option
Closes: #671
Approved by: rhatdan
Wrap atomic run/stop with systemctl start/stop for system
containers. This way the user can directly use the atomic
CLI for the full container cycle. In addition, the equivalent
functionality already exists for docker containers, so it
makes sense to allow system containers to start/stop in a
similar fashion.
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #651
Approved by: rhatdan
Enabling signing and pushing at the same time. At the time of
this writing, we cannot verify that the atomic targets are
working but the code is there. THis is enabled with the
--type atomic switch. Otherwise, signatures are written locally
and the image is pushed.
Closes: #631
Approved by: rhatdan
The registries.d YAML files label for sigstore-write
has been changed to sigstore-staging for a more accurate
description. Skopeo has made this change in its
85e4551eab00f9c3c973b309544329eb5558dfcd commit in
the integrate-all-the-things branch.
Closes: #622
Approved by: rhatdan
Atomic cannot write a signature to web(http/https) target. We
now raise an error as such.
sudo ./atomic sign docker.io/library/hello-world
Writing to http://123 is not supported. Use a file:///location instead.
Closes: #618
Approved by: rhatdan
When using -d to override the signature write location, we now want
to make sure we also add in the presribed directory structure
of registry/repo/image@sha256:manfist/. So, something like:
atomic --debug sign -d /tmp docker.io/library/busybox:latest
results in:
/tmp/docker.io/library/busybox@sha256:a59906e...a1e0e6/signature-1
Closes: #617
Approved by: baude
Addressing:
# make all
/usr/bin/python setup.py build
Traceback (most recent call last):
File "setup.py", line 5, in <module>
import Atomic as _Atomic
File "/root/atomic/Atomic/__init__.py", line 1, in <module>
from .pulp import PulpServer, PulpConfig
File "/root/atomic/Atomic/pulp.py", line 8, in <module>
import requests
ImportError: No module named requests
Makefile:34: recipe for target 'python-build' failed
make: *** [python-build] Error 1
# make all
/usr/bin/python setup.py build
Traceback (most recent call last):
File "setup.py", line 5, in <module>
import Atomic as _Atomic
File "/root/atomic/Atomic/__init__.py", line 1, in <module>
from .pulp import PulpServer, PulpConfig
File "/root/atomic/Atomic/pulp.py", line 10, in <module>
from . import util
File "/root/atomic/Atomic/util.py", line 10, in <module>
import selinux
ImportError: No module named selinux
Makefile:34: recipe for target 'python-build' failed
make: *** [python-build] Error 1
# make all
/usr/bin/python setup.py build
Traceback (most recent call last):
File "setup.py", line 5, in <module>
import Atomic as _Atomic
File "/root/atomic/Atomic/__init__.py", line 1, in <module>
from .pulp import PulpServer, PulpConfig
File "/root/atomic/Atomic/pulp.py", line 10, in <module>
from . import util
File "/root/atomic/Atomic/util.py", line 11, in <module>
from .client import AtomicDocker
File "/root/atomic/Atomic/client.py", line 1, in <module>
import docker
ImportError: No module named docker
Makefile:34: recipe for target 'python-build' failed
make: *** [python-build] Error 1
# make all
/usr/bin/python setup.py build
Traceback (most recent call last):
File "setup.py", line 5, in <module>
import Atomic as _Atomic
File "/root/atomic/Atomic/__init__.py", line 1, in <module>
from .pulp import PulpServer, PulpConfig
File "/root/atomic/Atomic/pulp.py", line 10, in <module>
from . import util
File "/root/atomic/Atomic/util.py", line 12, in <module>
from yaml import load as yaml_load
ImportError: No module named yaml
Makefile:34: recipe for target 'python-build' failed
make: *** [python-build] Error 1
# make all
/usr/bin/python setup.py build
Traceback (most recent call last):
File "setup.py", line 5, in <module>
import Atomic as _Atomic
File "/root/atomic/Atomic/__init__.py", line 3, in <module>
from .atomic import Atomic
File "/root/atomic/Atomic/atomic.py", line 7, in <module>
from .syscontainers import SystemContainers
File "/root/atomic/Atomic/syscontainers.py", line 15, in <module>
from dateutil.parser import parse as dateparse
ImportError: No module named dateutil.parser
Makefile:34: recipe for target 'python-build' failed
# make all
[...]
/usr/bin/go-md2man -in docs/atomic-storage.1.md -out docs/atomic-storage.1.tmp && touch docs/atomic-storage.1.tmp && mv docs/atomic-storage.1.tmp docs/atomic-storage.1
/usr/bin/python -m pylint --disable=all --enable=E --enable=W --additional-builtins=_ *.py atomic Atomic tests/unit/*.py -d=no-absolute-import,print-statement,no-absolute-import,bad-builtin
/usr/bin/python: No module named pylint
Makefile:38: recipe for target 'pylint-check' failed
make: *** [pylint-check] Error 1
# make all
/usr/bin/python setup.py build
running build
running build_py
running build_scripts
/usr/bin/python -m pylint --disable=all --enable=E --enable=W --additional-builtins=_ *.py atomic Atomic tests/unit/*.py -d=no-absolute-import,print-statement,no-absolute-import,bad-builtin
No config file found, using default configuration
************* Module atomic_client
E: 8, 0: Unable to import 'slip.dbus' (import-error)
************* Module atomic_dbus
E: 9, 0: Unable to import 'gi.repository' (import-error)
E: 10, 0: Unable to import 'slip.dbus.service' (import-error)
************* Module Atomic.mount
E: 35, 0: Unable to import 'gi.repository' (import-error)
************* Module Atomic.syscontainers
E: 21, 8: Unable to import 'gi.repository' (import-error)
[...]
Makefile:38: recipe for target 'pylint-check' failed
make: *** [pylint-check] Error 2
Closes: #608
Approved by: rhatdan
Addressing:
# make test
[...]
/usr/bin/python3 -m pylint --disable=all --enable=E --enable=W --additional-builtins=_ *.py atomic Atomic tests/unit/*.py -d=no-absolute-import,print-statement,no-absolute-import,bad-builtin
/usr/bin/python3: No module named pylint
Makefile:20: recipe for target 'test-python3-pylint' failed
make: *** [test-python3-pylint] Error 1
# make test
[...]
./test.sh
Pulling standard images from Docker Hub...
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
Makefile:27: recipe for target 'test' failed
make: *** [test] Error 1
# make test
[...]
UNIT TESTS:
./test.sh: line 153: /usr/bin/coverage2: No such file or directory
[...]
Coverage report:
./test.sh: line 200: /usr/bin/coverage2: No such file or directory
Makefile:27: recipe for target 'test' failed
make: *** [test] Error 1
Closes: #609
Approved by: rhatdan
We now derive the proper sigstore from a series of YAML
configuration files in /etc/containers/registries.d. These
configuration files can have: sigstore and sigstore-write as
keys and the values are a file path or http|s URL.
When signing an image, as long as the -d override is not used,
we use those values when writing local signatures.
Closes: #603
Approved by: rhatdan
atomic images delete --force
Should force the remove of images that are in use, not answer the prompt yes.
atomic -y|--assumeyes images delete foobar
Should force the answer to yes
Also lots of cleanups of the man page.
We want to be able to delete containers from the system, using the
new atomic containers delete call.
atomic containers delete --all
Comes in handy.
Closes: #598
Approved by: giuseppe
Ostree already has functionality to extract images as non-root user. This involves changing OSTree's checkout mode to USER (only if the image's repo was created with BARE_USER mode).
Atomic will then ignore calls to mount_path since there is no need to run the mount systemcall since ostree checkout already takes care of thata.
Also added changes to allow atomic to unmount an image previously mounted by non-root user. This involves a patch to atomic mount to change permissions of the image once mounted. It then removes symbolic links before removing all the subdirectories in the specified mount directory.
Closes: #509
Approved by: rhatdan
Allow atomic users to sign an images that has been pulled
from a repository. This uses GPG, skopeo, and friends and
creates a local signature file for a image that has been
pulled locally. Signatures are stored in the dir:
/var/lib/atomic/containers/registry/image_name@sha256:image_id/
Individual signature files are then stored as:
../signature-(INTEGER)
where INTEGER is incremented each time a signature
is added.
Closes: #539
Approved by: baude
As we add more commands related to containers, IE Trim, we need to make
containers be a subcommand and add verbs like list, and trim
Closes: #579
Approved by: giuseppe
Check respectively that runc and bwrap-oci are available before showing
'install --system' and 'install --user'.
bwrap-oci is still not packaged and may not be available immediately on
RHEL. The check for runc is added for completeness.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #567
Approved by: rhatdan
Check whether /run/ostree-booted file exists. If it does then
add the host commands to the atomic command.
Also fix some of the descriptions in atomic man page.
Closes: #561
Approved by: cgwalters
When trying to script `atomic` via Ansible, in order to implement
idempotence we need the ability to introspect the current state
in a machine-readable way.
`ps` already has `--json`, so teach `images list` about it too;
the implementation is trivial.
Closes: #548
Approved by: rhatdan
Also breakout images handling into a separate python file.
Atomic/images.py
I have switched atomic images generate to generate an images
mtree file for each image in the system.
Closes: #534
Approved by: giuseppe
Add --rootfs=ROOTFS to atomic install, which allows users to specify
an existing exploded container or existing rootfs location as ROOTFS.
The existing rootfs will be used as a read-only rootfs for the new
container to be installed, and therefore the new container would
only contain configuration files. (Note: currently all system
containers must have a read-only rootfs by default).
A use case for this would be using existing container's rootfs
through NFS, etc to serve as the rootfs for many containers running
the same image. This avoids duplicate storage of having a container
on each machine in a cluster.
A user can update only the remote container's config file parameters
with 'atomic update', and uninstalling a remote container does not
affect the rootfs specified in ROOTFS.
Closes: #527
Approved by: giuseppe
Integrate go-mtree tool into atomic CLI command, `atomic verify -V <imagename>`.
(Note that `gomtree` is still in development and thus we would need some way of
obtaining updated gomtree binaries) When a user does an atomic pull,
validation manifests for that system image's layers are created and stored in
/var/lib/atomic. When user does `atomic verify -V <system image>`, these manifests
are then validated against the image that is on disk (which would be stored in ostree).
Signed-off-by: Stephen Chung <schung@redhat.com>
Closes: #531
Approved by: rhatdan
Pull to the user repo by default when running as non root user
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #524
Approved by: rhatdan
Add the following sub-commands to "atomic images list"
--all: show all images, including intermediate images
--filter: filter output based on given filters
--quiet: only display image IDs
and corresponding bash auto-complete, tests, and documentation.
Closes: #502
Approved by: rhatdan
