On Thu, Mar 03, 2016 at 10:31:08AM -0500, Daniel J Walsh wrote:
> On 03/03/2016 10:25 AM, Jan Pazdziora wrote:
> >
> >Thinking about it a bit more, one way that seems to do the trick would
> >be to use
> >
> > LABEL INSTALL 'docker run $( test -t 0 && echo "-ti" ) ...'
>
> That will not work in future versions of atomic, since it will not run the
> command in a shell. :^(
That is unfortunate. I actually tested and planned to push live
LABEL INSTALL 'mkdir -p /var/lib/${NAME} && docker run -ti
--rm=true -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v
/var/lib/${NAME}:/data:Z -h "${IPA_HOSTNAME}" -e
IPA_HOSTNAME=${IPA_HOSTNAME} -e NAME=${NAME} -e IMAGE=${IMAGE}
${IMAGE} /bin/install.sh'
LABEL RUN 'docker run -d --stop-signal=37
-v /sys/fs/cgroup:/sys/fs/cgroup:ro
-v /var/lib/${NAME}:/data:Z
-h "${IPA_HOSTNAME:-$(cat /var/lib/${NAME}/hostname)}"
--name ${NAME} ${IMAGE}'
as a rather flexible way of avoiding giving the container the whole
-v /:/host
when precreating the /var/lib/${NAME} and just using that subdirectory
worked fine.
Plus I was able to retrieve hostname in atomic run with
$(cat /var/lib/${NAME}/hostname)
from the container's data directory, thus making
IPA_HOSTNAME=ipa.example.com atomic install freeipa --options abc
and plain
atomic run freeipa
work and preserve the hostname across invocations without having to use
--privileged or giving the container SYS_ADMIN capabilities.
Can't we have shell-based approach in atomic preserved, perhaps via
INSTALL-SH/RUN-SH LABEL variants? Otherwise we might need to recreate
a lot of the functionality in atomic CLI that can be hacked in shell.
--
Jan Pazdziora | adelton at #ipa*, #brno
Sr. Principal Software Engineer, Identity Management Special Projects, Red Hat
