atomic (1) - Linux Man Pages

atomic: Atomic Management Tool


atomic - Atomic Management Tool


atomic [OPTIONS] COMMAND [arg...]



Atomic Management Tool


-h --help
  Print usage statement

-v --version
  Show atomic version

  Show debug messages

-y --assumeyes
  automatically answer yes for all questions


ATOMIC_CONF The location of the atomic configuration file (normally /etc/atomic.conf) can be overridden with the ATOMIC_CONF environment variable

ATOMIC_CONFD The location of the atomic configuration directory (normally /etc/atomic.d/) can be overridden with the ATOMIC_CONFD environment variable.


atomic-containers(1) operations on installed containers

atomic-diff(1) show the differences between two images|containers' RPMs

atomic-host(1) execute commands to manage an Atomic host.

Note: only available on atomic host platforms.

atomic-images(1) operations on container images

atomic-install(1) execute commands on installed images

atomic-mount(1) mount image or container to filesystem

atomic-pull(1) pull latest image from repository

atomic-push(1) push container image to a repository

atomic-run(1) execute image run method (default)

atomic-scan(1) scan an image or container for CVEs

atomic-sign(1) sign an image

atomic-stop(1) execute container image stop method

atomic-storage(1) manage the container storage on the system

atomic-top(1) display a top-like list of container processes

atomic-trust(1) manage system container trust policy

atomic-uninstall(1) uninstall container from system

atomic-unmount(1) unmount previously mounted image or container

atomic-update(1) Downloads the latest container image.


By default, atomic command connects to docker engine via UNIX domain socket located at /var/run/docker.sock. You can use different connection method via setting several environment variables:

DOCKER_HOST — this variable specifies connection string. If your engine listens on UNIX domain socket, you can specify the path via http+unix://<path>, e.g. http+unix://var/run/docker2.sock. For TCP the string has this form: tcp://<ip>:<port>, e.g. tcp://

DOCKER_TLS_VERIFY — enables TLS verification if it contains any value, otherwise it disables the verification

DOCKER_CERT_PATH — path to directory with TLS certificates, files in the directory need to have specific names:

cert.pem — client certificate

key.pem — client key

ca.pem — CA certificate

For more info, please visit upstream docs:



January 2015, Originally compiled by Daniel Walsh (dwalsh at redhat dot com) November, 2015 Addition of scan and diff by Brent Baude (bbaude at dot com)