ch-pull2dir(1)

1CH-PULL2DIR(1)                   Charliecloud                   CH-PULL2DIR(1)
2
3
4

NAME

6       ch-pull2dir - Pull image from a Docker Hub and unpack into directory
7

SYNOPSIS

9          $ ch-pull2dir IMAGE[:TAG] DIR
10

DESCRIPTION

12       Pull Docker image named IMAGE[:TAG] from Docker Hub and extract it into
13       a subdirectory of DIR. A temporary tarball is stored in DIR.
14
15       Sudo privileges are required to run the docker pull command.
16
17       This runs the following command sequence: ch-pull2tar, ch-tar2dir.  See
18       warning in the documentation for ch-tar2dir.
19
20       Additional arguments:
21
22          --help print help and exit
23
24          --version
25                 print version and exit
26

EXAMPLES

28          $ ch-pull2dir alpine /var/tmp
29          Using default tag: latest
30          latest: Pulling from library/alpine
31          Digest: sha256:621c2f39f8133acb8e64023a94dbdf0d5ca81896102b9e57c0dc184cadaf5528
32          Status: Image is up to date for alpine:latest
33          -rw-r--r--. 1 charlie charlie 2.1M Oct  5 19:52 /var/tmp/alpine.tar.gz
34          creating new image /var/tmp/alpine
35          /var/tmp/alpine unpacked ok
36          removed '/var/tmp/alpine.tar.gz'
37
38       Same as above, except optional TAG is specified:
39
40          $ ch-pull2dir alpine:3.6 /var/tmp
41          3.6: Pulling from library/alpine
42          Digest: sha256:cc24af836d1377e092ecb4e8f0a4324c3b1aa2b5295c2239edcc7bbc86a9cbc6
43          Status: Image is up to date for alpine:3.6
44          -rw-r--r--. 1 charlie charlie 2.1M Oct  5 19:54 /var/tmp/alpine:3.6.tar.gz
45          creating new image /var/tmp/alpine:3.6
46          /var/tmp/alpine:3.6 unpacked ok
47          removed '/var/tmp/alpine:3.6.tar.gz'
48

REPORTING BUGS

50       If  Charliecloud  was  obtained  from your Linux distribution, use your
51       distribution’s bug reporting procedures.
52
53       Otherwise, report bugs to: <https://github.com/hpc/charliecloud/issues>
54

DOCKER TIPS

61       Docker  is  a  convenient  way  to  build  Charliecloud  images.  While
62       installing Docker is beyond the scope of this documentation, here are a
63       few tips.
64
65   Understand the security implications of Docker
66       Because Docker (a) makes  installing  random  crap  from  the  internet
67       really easy and (b) is easy to deploy insecurely, you should take care.
68       Some of the implications are below. This list should not be  considered
69       comprehensive  nor  a  substitute  for appropriate expertise; adhere to
70       your moral and institutional responsibilities.
71
72   docker equals root
73       Anyone who can run the docker command or interact with the Docker  dae‐
74       mon can trivially escalate to root.  This is considered a feature.
75
76       For  this  reason,  don’t  create  the docker group, as this will allow
77       passwordless, unlogged escalation for anyone in the group.
78
79   Images can contain bad stuff
80       Standard hygiene for “installing stuff from the internet” applies. Only
81       work  with  images  you trust. The official Docker Hub repositories can
82       help.
83
84   Containers run as root
85       By default, Docker runs container processes as  root.  In  addition  to
86       being  poor  hygiene,  this  can  be  an  escalation  path, e.g. if you
87       bind-mount host directories.
88
89   Docker alters your network configuration
90       To see what it did:
91
92          $ ifconfig    # note docker0 interface
93          $ brctl show  # note docker0 bridge
94          $ route -n
95
96   Docker installs services
97       If you don’t want the service starting automatically at boot, e.g.:
98
99          $ systemctl is-enabled docker
100          enabled
101          $ systemctl disable docker
102          $ systemctl is-enabled docker
103          disabled
104
105   Configuring for a proxy
106       By default, Docker does not work if you have a proxy, and it  fails  in
107       two different ways.
108
109       The  first  problem  is that Docker itself must be told to use a proxy.
110       This manifests as:
111
112          $ sudo docker run hello-world
113          Unable to find image 'hello-world:latest' locally
114          Pulling repository hello-world
115          Get https://index.docker.io/v1/repositories/library/hello-world/images: dial tcp 54.152.161.54:443: connection refused
116
117       If you have a systemd system, the Docker documentation explains how  to
118       configure   this.   If   you   don’t   have   a  systemd  system,  then
119       /etc/default/docker might be the place to go?
120
121       The second problem is that Docker containers need  to  know  about  the
122       proxy  as  well. This manifests as images failing to build because they
123       can’t download stuff from the internet.
124
125       The fix is to set the proxy variables in your environment, e.g.:
126
127          export HTTP_PROXY=http://proxy.example.com:8088
128          export http_proxy=$HTTP_PROXY
129          export HTTPS_PROXY=$HTTP_PROXY
130          export https_proxy=$HTTP_PROXY
131          export ALL_PROXY=$HTTP_PROXY
132          export all_proxy=$HTTP_PROXY
133          export NO_PROXY='localhost,127.0.0.1,.example.com'
134          export no_proxy=$NO_PROXY
135
136       You also need to teach sudo  to  retain  them.  Add  the  following  to
137       /etc/sudoers:
138
139          Defaults env_keep+="HTTP_PROXY http_proxy HTTPS_PROXY https_proxy ALL_PROXY all_proxy NO_PROXY no_proxy"
140
141       Because  different  programs  use different subsets of these variables,
142       and to avoid a situation where some things work and others  don’t,  the
143       Charliecloud  test suite (see below) includes a test that fails if some
144       but not all of the above variables are set.
145

COPYRIGHT

147       2014–2018, Los Alamos National Security, LLC
148
149
150
151
152                  2020-01-28 00:00 Coordinated Universal Time   CH-PULL2DIR(1)