The previous algorithm for comparing files used python's
dircmp and is considered to be a shallow comparision. This
allowed distinctly small possibilities that two files being
compared could be different but not caught.
We now use go-mtree to do the comparison. This can emulate the
shallow comparison we had before but we can also adding a
sha256digest as part of the comparison using the new --keywords
option.
Also, made slight tweaks to gomtree functions in Atomic.util
so we debug and influence the return of JSON data.
This solves https://github.com/projectatomic/atomic/issues/761
Closes: #777
Approved by: rhatdan
Covers all but verify and generate. This is a refactoring of the
images subverbs (i.e. info, version, delete, ...)
Added in a unittest for list and info.
Closes: #771
Approved by: baude
Add --rollback flag to atomic update, which switches a system
container to the other deployment if one exists.
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #762
Approved by: rhatdan
With the -m switch, we can now compare the metadata between
the two diff objects. We report only the differences between them. All
common data is deleted from the object structures.
This solves --> https://github.com/projectatomic/atomic/issues/760
Closes: #764
Approved by: baude
Add an optional --storage flag to the following commands:
- images delete
- info
- mount
- verify
- version
If specified, the command will only look at the specified storage
(ostree/docker) for the image to perform the action. If not
specified, the command will look through both ostree/docker for
the image (as it was before). However, if the storage is not
specified and the image exists in both ostree and docker, the
command will error and prompt the user to specify. Image inspection
also no longer forces the user to delete/rename one or the other.
This is meant to address the duplicate naming issue (where a user
can have an image in both ostree and docker with the same name).
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #720
Approved by: giuseppe
In order to cleanup code and simplify interface, i
move help, info, verify and version to the images subcommand.
Remove man pages for these atomic commands and add info to images subcommand.
Since these have been previously documented we will continue to support
atomic help
atomic info
atomic verify
atomic version
But we will not document them.
Closes: #676
Approved by: rhatdan
Image names are stored differently in ostree, and thus cannot be
directly used as we used to.
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #681
Approved by: rhatdan
Save labels from docker manifest into ostree, so when a user invokes
'atomic version' on a system image, the metadata info is displayed,
same as docker images.
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #679
Approved by: giuseppe
We need to default the gnukeyring to the users login directory. To
make it easier for the user.
Also add bash completions for -g option
Closes: #671
Approved by: rhatdan
Wrap atomic run/stop with systemctl start/stop for system
containers. This way the user can directly use the atomic
CLI for the full container cycle. In addition, the equivalent
functionality already exists for docker containers, so it
makes sense to allow system containers to start/stop in a
similar fashion.
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #651
Approved by: rhatdan
We want to be able to delete containers from the system, using the
new atomic containers delete call.
atomic containers delete --all
Comes in handy.
Closes: #598
Approved by: giuseppe
As we add more commands related to containers, IE Trim, we need to make
containers be a subcommand and add verbs like list, and trim
Closes: #579
Approved by: giuseppe
When trying to script `atomic` via Ansible, in order to implement
idempotence we need the ability to introspect the current state
in a machine-readable way.
`ps` already has `--json`, so teach `images list` about it too;
the implementation is trivial.
Closes: #548
Approved by: rhatdan
Also breakout images handling into a separate python file.
Atomic/images.py
I have switched atomic images generate to generate an images
mtree file for each image in the system.
Closes: #534
Approved by: giuseppe
Add --rootfs=ROOTFS to atomic install, which allows users to specify
an existing exploded container or existing rootfs location as ROOTFS.
The existing rootfs will be used as a read-only rootfs for the new
container to be installed, and therefore the new container would
only contain configuration files. (Note: currently all system
containers must have a read-only rootfs by default).
A use case for this would be using existing container's rootfs
through NFS, etc to serve as the rootfs for many containers running
the same image. This avoids duplicate storage of having a container
on each machine in a cluster.
A user can update only the remote container's config file parameters
with 'atomic update', and uninstalling a remote container does not
affect the rootfs specified in ROOTFS.
Closes: #527
Approved by: giuseppe
Pull to the user repo by default when running as non root user
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #524
Approved by: rhatdan
Add the following sub-commands to "atomic images list"
--all: show all images, including intermediate images
--filter: filter output based on given filters
--quiet: only display image IDs
and corresponding bash auto-complete, tests, and documentation.
Closes: #502
Approved by: rhatdan
Add the following sub-commands to ps:
--filter: filter output based on given VAR=VALUE
--no-trunc: do not truncate output
--quiet: only display container IDs
and corresponding bash auto-complete, tests, and documentation.
Closes: #493
Approved by: rhatdan
atomic modify can be used to add devices to the storage backend.
It can also be used to switch the backend storage driver.
Closes: #385
Approved by: rhatdan
Also moved atomic migrate to atomic storage.
Currently we support
atomic storage export
atomic storage import
atomic storage reset
Closes: #365
Approved by: rhatdan
Add the ability for atomic scan to deal with chroots on the host's
filesystem. You can now pass a list of chroots to --rootfs and your
scanner will process them as if they were containers or images. This
works with VMs too.
$ sudo virt-filesystems -d rhel7
/dev/sda1
/dev/sdb1
/dev/sdb2
/dev/rhel/home
/dev/rhel/root
$ sudo guestmount -d rhel7 -m /dev/rhel/root --ro /tmp/rhel
$ sudo ./atomic scan --rootfs /tmp/rhel
...
Updated the man pages for atomic scan as well as it had fallen out of
date.
Small update that makes sure the host's os.environ is passed into
scanning container.
Closes: #371
Approved by: rhatdan
It's nicer for branding the command. The more correct thing would be
to add it to the rpm-ostree daemon and pass through there, but we have
more important problems to fix for the production code path. This is
just for local development, so the slightly dirty way is just fine.
Laymen users who are told to run a image may not understand
the docker run switches that have security implications. We
now look for the following switches:
* --privileged
* --cap-add
* --security-opt label:disable
* --net=host
* --pid=host
* --ipc=host
and output an appropriate security message.
Also, moved def run() from Atomic/atomic.py to Atomic/run.py
to reduce the size and the number of definitions in
Atomic/atomic.py.
Images or containers can now have an associated
man-like help page to help users understand more
about the image. Typical information included
are things like a longer description, if the image
needs to be installed, security implications, steps
to upgrade, etc.
The default behavior is for atomic to display
a file called help.1 (in man format) located in
the / of the docker object. This default
can be overriden with the HELP LABEL. The
HELP LABEL needs to be a fully qualified
command to work correctly.
Basic tests for atomic diff and top which should catch
basic code regressions.
In top.py, added -n for number of iterations. And added
tty detection so that tests can pass in a jenkins environment
where there is no tty.
