On 11/09/2016 05:49 AM, Giuseppe Scrivano wrote: > Hi, > > Daniel J Walsh <dwa...@redhat.com> writes: > >> One problem I have with this is forgetting to use the --system flag when >> installing the container. >> >> I would like to add a LABEL to the image that would tell atomic command >> to install using the --system >> >> method. This label would not be a generic label, since other tools >> might not implement the concept of a >> >> system container. I guess we could add a label like >> >> LABEL org.projectatomic.atomic.type=system >> >> Then this would cause atomic to use the --system flag? > Thinking more of it, I am not sure how we can do this automatically for > generic images. An image can be used either as a system container, or > as a traditional Docker container, so we will need to specify two > different types. > > Is it going to be used for images that are usable only as system > containers? > > Even in this simplified case, another issue is the storage we are > considering. System images are stored in an OSTree repository. When we > use --system we are referring to these images. > > If we do not explicitely specify the storage then it will be a problem > to know what image we are referring to. An image can be in a storage > and not in the other, or even worse the two storages could have a > different image referred by the same name. This will become even more > complicated if in the future we'll need to support more image types. > > An alternative would be a label like: > > LABEL org.projectatomic.atomic.is_system=true > > that says the image can be used as a system container, or even simpler > if the image is stored into the OSTree storage. > > When an user tries to install an image that has such label (or present > in OSTree) and no INSTALL label, we could print a message suggesting to > try --system, skipping the automatic assumption of it. > > Or alternatively, could we tweak the INSTALL label to print an error > message for images that can be used only as system containers? > > Regards, > Giuseppe Yes I see storage as a different matter.
Currently we by default install into "docker storage" by default on install. But we install into ostree under /var/lib/containers/atomic when user specifies atomic install --system. In the short future, we will see the introduction of github.com/containers/storage, which will give us a third option. But --system also implies the use of a systemd template stored in /exports on the container image. I think this is the more important feature then the storage. Having LABEL io.projectatomic.atomic.is_system=true And having atomic install SYSTEM-IMAGE Fail or automatically install with --system would be ok, although atomic install SYSTEM-IMAGE >Error: You must install SYSTEM-IMAGE with the --system flag Aggravates me as a user, If the tool knows I need the --system flag, then just set it itself.
