• This repository has been archived on 10/Oct/2020
  • Stars
    star
    526
  • Rank 84,247 (Top 2 %)
  • Language
    Python
  • License
    Other
  • Created almost 10 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Atomic Run Tool for installing/running/managing container images.

⚠️ The Atomic tool has been deprecated. ⚠️

The Podman project has replaced it with most of its functionality implemented. Please open issues and questions with the Podman repository.

Atomic: /usr/bin/atomic

This project defines the entrypoint for Project Atomic hosts. On an Atomic Host, there are at least two distinct software delivery vehicles; Docker (often used in combination with the traditional RPM/yum/dnf), and rpm-ostree to provide atomic upgrades of the host system.

The goal of Atomic is to provide a high level, coherent entrypoint to the system, and fill in gaps in Linux container implementations.

For Docker, atomic can make it easier to interact with special kinds of containers, such as super-privileged debugging tools and the like.

The atomic host subcommand wraps rpm-ostree, currently just providing a friendlier name, but in the future Atomic may provide more unified management.

atomic run

Atomic allows an image provider to specify how a container image expects to be run.

Specifically this includes the privilege level required.

For example if you built an 'ntpd' container application, that required the SYS_TIME capability, you could add meta data to your container image using the command:

LABEL RUN /usr/bin/docker run -d --cap-add=SYS_TIME ntpd

Now if you executed atomic run ntpd, it would read the LABEL RUN json metadata from the container image and execute this command.

atomic install

Most of the time when you ship an application, you need to run an install script. This script would configure the system to run the application, for example it might configure a systemd unit file or configure kubernetes to run the application. This tool will allow application developers to embed the install and uninstall scripts within the application. The application developers can then define the LABEL INSTALL and LABEL UNINSTALL methods, in the image meta data. Here is a simple httpd installation description.

cat Dockerfile

# Example Dockerfile for httpd application
#
FROM		fedora
MAINTAINER	Dan Walsh
ENV container docker
RUN yum -y update; yum -y install httpd; yum clean all

LABEL Vendor="Red Hat" License=GPLv2
LABEL Version=1.0
LABEL INSTALL="docker run --rm --privileged -v /:/host -e HOST=/host -e LOGDIR=/var/log/\${NAME} -e CONFDIR=/etc/\${NAME} -e DATADIR=/var/lib/\${NAME} -e IMAGE=\${IMAGE} -e NAME=\${NAME} \${IMAGE} /bin/install.sh"
LABEL UNINSTALL="docker run --rm --privileged -v /:/host -e HOST=/host -e IMAGE=${IMAGE} -e NAME=${NAME} ${IMAGE} /bin/uninstall.sh"
ADD root /

EXPOSE 80

CMD [ "/usr/sbin/httpd", "-D", "FOREGROUND" ]

atomic install will read the LABEL INSTALL line and substitute ${NAME} with the name specified with the name option, or use the image name, it will also replace${IMAGE} with the image name.

To be used by the application. The install script could populate these directories if necessary.

In my example the INSTALL method will execute the install.sh which we add to the image. The root sub directory contains the following scripts:

The atomic install will set the following environment variables for use in the command:

SUDO_UID The SUDO_UID environment variable. This is useful with the docker -u option for user space tools. If the environment variable is not available, the value of /proc/self/loginuid is used.

SUDO_GID The SUDO_GID environment variable. This is useful with the docker -u option for user space tools. If the environment variable is not available, the default GID of the value for SUDO_UID is used. If this value is not available, the value of /proc/self/loginuid is used.

cat root/usr/bin/install.sh

#!/bin/sh
# Make Data Dirs
mkdir -p ${HOST}/${CONFDIR} ${HOST}/${LOGDIR}/httpd ${HOST}/${DATADIR}

# Copy Config
cp -pR /etc/httpd ${HOST}/${CONFDIR}

# Create Container
chroot ${HOST} /usr/bin/docker create -v /var/log/${NAME}/httpd:/var/log/httpd:Z -v /var/lib/${NAME}:/var/lib/httpd:Z --name ${NAME} ${IMAGE}

# Install systemd unit file for running container
sed -e "s/TEMPLATE/${NAME}/g" etc/systemd/system/httpd_template.service > ${HOST}/etc/systemd/system/httpd_${NAME}.service

# Enabled systemd unit file
chroot ${HOST} /usr/bin/systemctl enable /etc/systemd/system/httpd_${NAME}.service

atomic uninstall

The atomic unistall does the same variable substitution as described for install, and can be used to remove any host system configuration.

Here is the example script we used.

cat root/usr/bin/uninstall.sh

#!/bin/sh
chroot ${HOST} /usr/bin/systemctl disable /etc/systemd/system/httpd_${NAME}.service
rm -f ${HOST}/etc/systemd/system/httpd_${NAME}.service

Finally here is the systemd unit file template I used:

cat root/etc/systemd/system/httpd_template.service

# cat ./root/etc/systemd/system/httpd_template.service
[Unit]
Description=The Apache HTTP Server for TEMPLATE
After=docker.service
BindTo=docker.service

[Service]
ExecStart=/usr/bin/docker start TEMPLATE
ExecStop=/usr/bin/docker stop TEMPLATE
ExecReload=/usr/bin/docker exec -t TEMPLATE /usr/sbin/httpd $OPTIONS -k graceful

[Install]
WantedBy=multi-user.target

For an explaination of the Atomic scan JSON output, see the JSON specification document.

More Repositories

1

nulecule

[UNMAINTAINED] Specification describing a container-based application
209
star
2

container-best-practices

Container Best Practices
Python
166
star
3

container-storage-setup

Service to set up storage for Docker and other container systems
Shell
153
star
4

atomicapp

[UNMAINTAINED] This is the reference implementation of the Nulecule container application Specification: Atomic App
Python
102
star
5

docker-image-examples

Images that demonstrate aspects of Docker.
Shell
94
star
6

dockerfile_lint

JavaScript
86
star
7

adb-atomic-developer-bundle

a prepackaged development environment filled with production-grade pre-configured tools that makes container development easier
Ruby
83
star
8

atomic-site

Source code for projectatomic.io
Haml
81
star
9

bwrap-oci

Makefile
78
star
10

ContainerApplicationGenericLabels

Default Containerized Application Labels used to document the application and/or image
68
star
11

atomic-system-containers

Collection of system containers images
Shell
66
star
12

adb-vagrant-registration

A plugin to add "register" and "unregister" capabilities to Vagrant guests.
Ruby
50
star
13

containerd

A daemon to control OCI container runtimes https://containerd.tools/
Go
49
star
14

rpm-ostree-toolbox

App for automatically running rpm-ostree, generating disk images
Python
42
star
15

atomic-enterprise

Atomic Enterprise - deploy and manage your containers with Docker and Kubernetes
Go
32
star
16

nulecule-library

A set of nulecule-ized applications that can be used for reference or as part of your applications
27
star
17

rpmdistro-gitoverlay

Manage an overlay repository of RPMs from upstream git
Python
21
star
18

papr

Project Atomic's very own GitHub PR tester.
Python
19
star
19

commissaire

A lightweight REST interface for under-the-covers cluster system management.
Python
19
star
20

atomic-host-tests

A collection of single-host tests for Atomic Host
Dockerfile
18
star
21

vagrant-service-manager

To provide the user a CLI to configure the ADB/CDK for different use cases and to provide glue between ADB/CDK and the user's developer environment.
Ruby
18
star
22

runc

runc container cli tools
Go
16
star
23

commissaire-mvp

A lightweight REST interface for upgrading, restarting, and bootstrapping new hosts into an existing Container Management cluster.
Python
15
star
24

vagrant-atomic

Ruby
14
star
25

adb-utils

A set of utilities for managing services used provided in the Atomic Developer Bundle.
Shell
13
star
26

atomic-enterprise-training

Atomic Enterprise Training
11
star
27

system-buildah

Simple toolbox for building system containers
Python
10
star
28

rhel-push-plugin

Blocks RHEL content push to docker.io
Go
7
star
29

centos-release-atomic-host-devel

Release package for CAHC
Makefile
7
star
30

adb-tests

placeholder for tests for the adb while its long term place to live is sorted out
Shell
7
star
31

registries

Tool that reads a TOML file that contains system-wide registries for container runtimes.
Python
7
star
32

ansible-osbs

Ansible playbook for deploying openshift build service
Shell
6
star
33

openshift2nulecule

Create Nulecule application from OpenShift project
Python
6
star
34

anaconda

Python
6
star
35

commctl

Commissaire command line interface
Python
5
star
36

docs-projectatomic

Home repository for Atomic Host documentation (both Fedora and CentOS).
CSS
5
star
37

ansible-role-atomic-reactor

Ansible role to pull or build atomic-reactor docker image to be used in OpenShift build service.
4
star
38

paci

Infra for Project Atomic's CI/CD
Python
3
star
39

ansible-osbs-dedicated

Playbook for deploying OSBS into OpenShift dedicated
Shell
3
star
40

atomic-devmode

The easiest way to try out Atomic Host!
Shell
3
star
41

commissaire-service

Commissaire Service Framework
Python
3
star
42

commissaire-http

Commissaire HTTP server
Python
3
star
43

ansible-role-install-openshift

Install OpenShift v3 from various sources
3
star
44

forward-journald

Program to forward stdin to journald
Go
2
star
45

ansible-role-osbs-proxy

Authenticating proxy for OpenShift build service
2
star
46

vagrant-adbinfo

Return the proper port and IP for a docker daemon inside of the vagrant vm
Ruby
2
star
47

ansible-role-osbs-node

OpenShift node role for OpenShift Build Service
2
star
48

ansible-role-pulp-secret

Ansible role that imports Pulp keys from local/remote filesystem into OpenShift.
2
star
49

osbs-metrics

Playground for examining OSBS build metrics, hope to integrate into osbs-client once ready
Python
2
star
50

fedora-productimg-atomic

Fedora product data for Atomic
Python
2
star
51

rhci-docker

1
star
52

ansible-role-osbs-secret

Import secrets from local filesystem into OpenShift
1
star
53

ansible-role-osbs-master

Main role for OpenShift Build Service, builder of layered Docker images
Python
1
star
54

projectatomic.github.io

HTML
1
star