1ATOMIC(1) April 2016 ATOMIC(1)
2
3
4
6 atomic-pull - fetch an image locally
7
8
9
11 atomic pull [-h|--help] [--storage=[ostree|docker]] [-t|--type atomic]
12 IMAGE
13
14
15
17 atomic pull, will fetch a remote image and store it locally.
18
19
20 You can pull an image from a docker registry (like docker.io) to your
21 local docker daemon with atomic pull.
22
23
24 atomic pull docker.io/busybox:latest
25
26
27 Use the --storage ostree option to store it into the OSTree repository.
28 You can define a default storage type in /etc/atomic.conf with the key
29 of default_storage.
30
31
32 IMAGE has the form SOURCE:IMAGE-NAME, where SOURCE can be one of
33 specified then 'oci' is assumed.
34
35
36 An 'oci' image is fetched via Skopeo from a Docker registry. These two
37 commands are equivalent:
38
39
40 atomic pull etcd atomic pull oci:etcd
41
42
43 A 'docker' image is imported from the local Docker engine, thus not
44 accessing the network. It is equivalent to saving the image from
45 docker (docker save IMAGE) and importing it into the OSTree repository:
46
47
48 atomic pull --storage ostree docker:fedora:latest
49
50
51 A 'dockertar' image works in a similar way to 'docker' images, except
52 that the saved tarball is specified:
53
54
55 atomic pull --storage ostree dockertar:/path/to/the/image.tar
56
57
58 If the user is not privileged, the image will be stored in the user
59 specific repository.
60
61
62 If you are pulling from an insecure registry, use the 'http' prefix.
63 It tells Skopeo to not do TLS verification on the specified registry.
64
65
66 atomic pull --storage ostree http:REGISTRY/IMAGE:TAG
67
68
69 Images where the registry is not specified are supported when pulling
70 to 'ostree'. However, we recommend that you use a fully qualified name
71 to refer unambiguously to the image.
72
73
74 If your /etc/containers/policy.json requires signature verification,
75 the pulled image is verified prior to being made available to the local
76 docker daemon. When interacting with a docker registry, Atomic uses the
77 policy and YAML configuration files /etc/containers/ to determine:
78
79
80 · if the image should be verified with a signature
81
82 · and where to get the signature
83
84
85
86 If you use the --type atomic switch to interact with an atomic
87 registry, Atomic will still use the policy to determine if verification
88 is needed. The signature itself will be obtained from the atomic
89 registry. An example of pulling from an atomic registry could be:
90
91
92 atomic pull --type atomic my-atomic-registry:images/foobar
93
94
95
97 -h --help Print usage statement
98
99
100 --src-creds=USERNAME[:PASSWORD] Define the credentials to use with the
101 source registry.
102
103
104 --storage=[ostree|docker] Define the destination storage for the pulled
105 image.
106
107
108 -t --type atomic Define an alternate registry type. The only valid
109 option is atomic for when you want to take advantage of advanced atomic
110 registry options.
111
112
113
115 April 2016, Originally compiled by Giuseppe Scrivano (gscrivan at
116 redhat dot com)
117
118
119
120Giuseppe Scrivano Atomic Man Pages ATOMIC(1)