Re: [atomic-devel] Using docker run -ti for interactive INSTALL?

[Jan Pazdziora <jpazdziora redhat com>]

On Thu, Mar 03, 2016 at 10:31:08AM -0500, Daniel J Walsh wrote:
> On 03/03/2016 10:25 AM, Jan Pazdziora wrote:
> >
> >Thinking about it a bit more, one way that seems to do the trick would
> >be to use
> >
> >	LABEL INSTALL 'docker run $( test -t 0 && echo "-ti" ) ...'
>
> That will not work in future versions of atomic, since it will not run the
> command in a shell.  :^(

That is unfortunate. I actually tested and planned to push live

	LABEL INSTALL 'mkdir -p /var/lib/${NAME} && docker run -ti
		--rm=true -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v
		/var/lib/${NAME}:/data:Z -h "${IPA_HOSTNAME}" -e
		IPA_HOSTNAME=${IPA_HOSTNAME} -e NAME=${NAME} -e IMAGE=${IMAGE}
		${IMAGE} /bin/install.sh'
	LABEL RUN 'docker run -d --stop-signal=37
		-v /sys/fs/cgroup:/sys/fs/cgroup:ro
		-v /var/lib/${NAME}:/data:Z
		-h "${IPA_HOSTNAME:-$(cat /var/lib/${NAME}/hostname)}"
		--name ${NAME} ${IMAGE}'

as a rather flexible way of avoiding giving the container the whole

	-v /:/host

when precreating the /var/lib/${NAME} and just using that subdirectory
worked fine.

Plus I was able to retrieve hostname in atomic run with

	$(cat /var/lib/${NAME}/hostname)

from the container's data directory, thus making

	IPA_HOSTNAME=ipa.example.com atomic install freeipa --options abc

and plain

	atomic run freeipa

work and preserve the hostname across invocations without having to use
--privileged or giving the container SYS_ADMIN capabilities.

Can't we have shell-based approach in atomic preserved, perhaps via
INSTALL-SH/RUN-SH LABEL variants? Otherwise we might need to recreate
a lot of the functionality in atomic CLI that can be hacked in shell.

-- 
Jan Pazdziora | adelton at #ipa*, #brno
Sr. Principal Software Engineer, Identity Management Special Projects, Red Hat