github.com/stackdocker/rkt@v0.10.1-0.20151109095037-1aa827478248/Documentation/subcommands/fetch.md

github.com/stackdocker/rkt@v0.10.1-0.20151109095037-1aa827478248/Documentation/subcommands/fetch.md (about)

     1  # rkt fetch
     2  
     3  rkt uses HTTPS to locate and download remote ACIs and their attached signatures. If the ACI exists locally, it won't be re-downloaded.
     4  
     5  ## Fetch with Meta Discovery
     6  
     7  The easiest way to fetch an ACI is through meta discovery. rkt will find and download the ACI and signature from a location that the creator has published on their website. This process is detailed in the [Application Container specification][appc-discovery].
     8  
     9  If you have previously trusted the image creator, it will be downloaded and verified:
    10  
    11  ```
    12  # rkt fetch coreos.com/etcd:v2.0.0
    13  rkt: searching for app image coreos.com/etcd:v2.0.0
    14  rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
    15  Downloading aci: [=======================================      ] 3.25 MB/3.7 MB
    16  Downloading signature from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.sig
    17  rkt: signature verified:
    18    CoreOS ACI Builder <release@coreos.com>
    19  sha512-fa1cb92dc276b0f9bedf87981e61ecde
    20  ```
    21  
    22  If you haven't trusted the creator, it will be downloaded but not verified:
    23  
    24  ```
    25  # rkt fetch coreos.com/etcd:v2.0.0
    26  rkt: searching for app image coreos.com/etcd:v2.0.0
    27  rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
    28  Downloading aci: [=======================================      ] 3.25 MB/3.7 MB
    29  Downloading signature from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.sig
    30  rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
    31  sha512-fa1cb92dc276b0f9bedf87981e61ecde
    32  ```
    33  
    34  ## Fetch from Specific Location
    35  
    36  If you already know where an image is stored, you can fetch it directly:
    37  
    38  ```
    39  # rkt fetch https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
    40  rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
    41  Downloading aci: [=======================================      ] 3.25 MB/3.7 MB
    42  Downloading signature from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.sig
    43  rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
    44  sha512-fa1cb92dc276b0f9bedf87981e61ecde
    45  ```
    46  
    47  ## Fetch from a Docker registry
    48  
    49  If you want to run an existing Docker image, you can fetch from a Docker registry. rkt will download and convert the image to ACI.
    50  
    51  ```
    52  # rkt --insecure-skip-verify fetch docker://busybox
    53  rkt: fetching image from docker://busybox
    54  rkt: warning: signature verification has been disabled
    55  Downloading layer: 4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125
    56  Downloading layer: ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2
    57  Downloading layer: df7546f9f060a2268024c8a230d8639878585defcc1bc6f79d2728a13957871b
    58  Downloading layer: 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158
    59  sha512-c4010045aec65aefa74770ef2bb648d9
    60  ```
    61  
    62  Docker images do not support signature verification.
    63  
    64  ## Image fetching behavior
    65  
    66  When fetching, rkt will try to avoid unnecessary network transfers.
    67  For example, if an image is already in the local store, rkt will use HTTP's ETag and Cache-Control to avoid downloading it again unless the image was updated on the remote server.
    68  
    69  This behavior can be changed by using the `--store-only` and `--no-store` flags.
    70  Their meanings are detailed in the [image fetching behavior](../image-fetching-behavior.md) documentation.
    71  
    72  ## Authentication
    73  
    74  If you want to download an image from a private repository, then you will often need to pass credentials to be able to access it. rkt currently supports authentication for fetching images via https:// or docker:// protocols. To specify credentials you will have to write some configuration files. You can find the format of the configuration file and examples in the [configuration documentation](../configuration.md). Note that the configuration kind for images downloaded via https:// and images downloaded via docker:// is different.