1ATOMIC(1)                         April 2016                         ATOMIC(1)
2
3
4

NAME

6       atomic-pull - fetch an image locally
7
8
9

SYNOPSIS

11       atomic pull [-h|--help] [--storage=[ostree|docker]] [-t|--type atomic]
12       IMAGE
13
14
15

DESCRIPTION

17       atomic pull, will fetch a remote image and store it locally.
18
19
20       You can pull an image from a docker registry (like docker.io) to your
21       local docker daemon with atomic pull.
22
23
24       atomic pull docker.io/busybox:latest
25
26
27       Use the --storage ostree option to store it into the OSTree repository.
28       You can define a default storage type in /etc/atomic.conf with the key
29       of default_storage.
30
31
32       IMAGE has the form SOURCE:IMAGE-NAME, where SOURCE can be one of
33       specified then 'oci' is assumed.
34
35
36       An 'oci' image is fetched via Skopeo from a Docker registry.  These two
37       commands are equivalent:
38
39
40       atomic pull etcd atomic pull oci:etcd
41
42
43       A 'docker' image is imported from the local Docker engine, thus not
44       accessing the network.  It is equivalent to saving the image from
45       docker (docker save IMAGE) and importing it into the OSTree repository:
46
47
48       atomic pull --storage ostree docker:fedora:latest
49
50
51       A 'dockertar' image works in a similar way to 'docker' images, except
52       that the saved tarball is specified:
53
54
55       atomic pull --storage ostree dockertar:/path/to/the/image.tar
56
57
58       If the user is not privileged, the image will be stored in the user
59       specific repository.
60
61
62       If you are pulling from an insecure registry, use the 'http' prefix.
63       It tells Skopeo to not do TLS verification on the specified registry.
64
65
66       atomic pull --storage ostree http:REGISTRY/IMAGE:TAG
67
68
69       Images where the registry is not specified are supported when pulling
70       to 'ostree'.  However, we recommend that you use a fully qualified name
71       to refer unambiguously to the image.
72
73
74       If your /etc/containers/policy.json requires signature verification,
75       the pulled image is verified prior to being made available to the local
76       docker daemon. When interacting with a docker registry, Atomic uses the
77       policy and YAML configuration files /etc/containers/ to determine:
78
79       · if the image should be verified with a signature
80
81       · and where to get the signature
82
83
84       If you use the --type atomic switch to interact with an atomic
85       registry, Atomic will still use the policy to determine if verification
86       is needed.  The signature itself will be obtained from the atomic
87       registry. An example of pulling from an atomic registry could be:
88
89
90       atomic pull --type atomic my-atomic-registry:images/foobar
91
92
93

OPTIONS:

95       -h --help Print usage statement
96
97
98       --src-creds=USERNAME[:PASSWORD] Define the credentials to use with the
99       source registry.
100
101
102       --storage=[ostree|docker] Define the destination storage for the pulled
103       image.
104
105
106       -t --type atomic Define an alternate registry type.  The only valid
107       option is atomic for when you want to take advantage of advanced atomic
108       registry options.
109
110
111

HISTORY

113       April 2016, Originally compiled by Giuseppe Scrivano (gscrivan at
114       redhat dot com)
115
116
117
118Giuseppe Scrivano               Atomic Man Pages                     ATOMIC(1)
Impressum