1ATOMIC(1) April 2016 ATOMIC(1)
2
3
4
6 atomic-pull - fetch an image locally
7
8
9
11 atomic pull [-h|--help] [--storage=[ostree|docker]] [-t|--type atomic]
12 IMAGE
13
14
15
17 atomic pull, will fetch a remote image and store it locally.
18
19
20 You can pull an image from a docker registry (like docker.io) to your
21 local docker daemon with atomic pull.
22
23
24 atomic pull docker.io/busybox:latest
25
26
27 Use the --storage ostree option to store it into the OSTree repository.
28 You can define a default storage type in /etc/atomic.conf with the key
29 of default_storage.
30
31
32 IMAGE has the form SOURCE:IMAGE-NAME, where SOURCE can be one of
33 specified then 'oci' is assumed.
34
35
36 An 'oci' image is fetched via Skopeo from a Docker registry. These two
37 commands are equivalent:
38
39
40 atomic pull etcd atomic pull oci:etcd
41
42
43 A 'docker' image is imported from the local Docker engine, thus not
44 accessing the network. It is equivalent to saving the image from
45 docker (docker save IMAGE) and importing it into the OSTree repository:
46
47
48 atomic pull --storage ostree docker:fedora:latest
49
50
51 A 'dockertar' image works in a similar way to 'docker' images, except
52 that the saved tarball is specified:
53
54
55 atomic pull --storage ostree dockertar:/path/to/the/image.tar
56
57
58 If the user is not privileged, the image will be stored in the user
59 specific repository.
60
61
62 If you are pulling from an insecure registry, use the 'http' prefix.
63 It tells Skopeo to not do TLS verification on the specified registry.
64
65
66 atomic pull --storage ostree http:REGISTRY/IMAGE:TAG
67
68
69 Images where the registry is not specified are supported when pulling
70 to 'ostree'. However, we recommend that you use a fully qualified name
71 to refer unambiguously to the image.
72
73
74 If your /etc/containers/policy.json requires signature verification,
75 the pulled image is verified prior to being made available to the local
76 docker daemon. When interacting with a docker registry, Atomic uses the
77 policy and YAML configuration files /etc/containers/ to determine:
78
79 · if the image should be verified with a signature
80
81 · and where to get the signature
82
83
84 If you use the --type atomic switch to interact with an atomic
85 registry, Atomic will still use the policy to determine if verification
86 is needed. The signature itself will be obtained from the atomic
87 registry. An example of pulling from an atomic registry could be:
88
89
90 atomic pull --type atomic my-atomic-registry:images/foobar
91
92
93
95 -h --help Print usage statement
96
97
98 --src-creds=USERNAME[:PASSWORD] Define the credentials to use with the
99 source registry.
100
101
102 --storage=[ostree|docker] Define the destination storage for the pulled
103 image.
104
105
106 -t --type atomic Define an alternate registry type. The only valid
107 option is atomic for when you want to take advantage of advanced atomic
108 registry options.
109
110
111
113 April 2016, Originally compiled by Giuseppe Scrivano (gscrivan at
114 redhat dot com)
115
116
117
118Giuseppe Scrivano Atomic Man Pages ATOMIC(1)