Installs/Configures Docker. Please see COMPATIBILITY.md for more information about Docker versions that are tested and supported by cookbook versions along with LWRP features.
This cookbook was inspired by @thoward's docker-cookbook: https://github.com/thoward/docker-cookbook
- Chef 11+
- Amazon 2014.03.1 (experimental)
- CentOS 6
- Debian 7
- Fedora 19, 20
- Mac OS X (only docker installation currently)
- Oracle 6
- RHEL 6
- Ubuntu 12.04, 12.10, 13.04, 13.10, 14.04 (experimental)
Third-Party Cookbooks
- Add
recipe[docker]to your node's run list
If your system is running a Docker version before 0.9, you'll need to explicitly set up LXC outside of this cookbook. This will likely be true for most distros after Docker 1.0 and chef-docker 1.0 is released.
Beginning in chef-docker 1.0, storage driver installation and configuration is expected to be handled before this cookbook's execution, except where required by Docker.
If you need AUFS support, consider adding the aufs cookbook to your node/recipe before docker.
Then, set the storage_driver attribute of this cookbook to aufs.
If you need device-mapper support, consider adding the device-mapper cookbook to your node/recipe before docker.
Then, set the storage_driver attribute of this cookbook to devicemapper (please note lack of dash).
By default, this cookbook will use the docker.io package from Ubuntu 14.04's repository. To use the Docker PPA package, just set the repo_url attribute to the Docker PPA URL. e.g. node.set['docker']['package']['repo_url'] = 'https://get.docker.io/ubuntu'
These attributes are under the node['docker'] namespace.
| Attribute | Description | Type | Default |
|---|---|---|---|
| arch | Architecture for docker binary (note: Docker only currently supports x86_64) | String | auto-detected (see attributes/default.rb) |
| group_members | Users to manage in node['docker']['group'] | Array of Strings | [] |
| init_type | Init type for docker ("runit", "systemd", "sysv", or "upstart") | String | auto-detected (see attributes/default.rb) |
| install_dir | Installation directory for docker binary (custom setting only valid for non-package installations) | String | auto-detected (see attributes/default.rb) |
| install_type | Installation type for docker ("binary", "package" or "source") | String | package |
| ipv4_forward | Sysctl set net.ipv4.ip_forward to 1 | TrueClass, FalseClass | true |
| ipv6_forward | Sysctl set net.ipv6.conf.all.forwarding to 1 | TrueClass, FalseClass | true |
| version | Version of docker | String | nil |
These attributes are under the node['docker']['binary'] namespace.
| Attribute | Description | Type | Default |
|---|---|---|---|
| checksum | Optional SHA256 checksum for docker binary | String | auto-detected (see attributes/default.rb) |
| version | Version of docker binary | String | node['docker']['version'] (if set) or latest |
| url | URL for downloading docker binary | String | http://get.docker.io/builds/#{node['kernel']['name']}/#{node['docker']['arch']}/docker-#{node['docker']['binary']['version']} |
These attributes are under the node['docker']['package'] namespace.
| Attribute | Description | Type | Default |
|---|---|---|---|
| action | Action for docker packages ("install", "update", etc.) | String | install |
| distribution | Distribution for docker packages | String | auto-detected (see attributes/default.rb) |
| name | Override Docker package name | String | auto-detected (see attributes/default.rb) |
| repo_url | Repository URL for docker packages | String | auto-detected (see attributes/default.rb) |
| repo_key | Repository GPG key URL for docker packages | String | https://get.docker.io/gpg |
These attributes are under the node['docker']['source'] namespace.
| Attribute | Description | Type | Default |
|---|---|---|---|
| ref | Repository reference for docker source | String | master |
| url | Repository URL for docker source | String | https://github.com/dotcloud/docker.git |
For more information: http://docs.docker.io/en/latest/reference/commandline/cli/#daemon
These attributes are under the node['docker'] namespace.
| Attribute | Description | Type | Default |
|---|---|---|---|
| api_enable_cors | Enable CORS headers in API | TrueClass, FalseClass | nil |
| bind_socket (DEPRECATED) | Socket path that docker should bind | String | unix:///var/run/docker.sock |
| bind_uri (DEPRECATED) | TCP URI docker should bind | String | nil |
| bip | Use this CIDR notation address for the network bridge's IP, not compatible with bridge | String | nil |
| bridge | Attach containers to a pre-existing network bridge; use 'none' to disable container networking | String | nil |
| debug | Enable debug mode | TrueClass, FalseClass | nil (implicitly false) |
| dns | DNS server(s) for containers | String, Array | nil |
| dns_search | DNS search domain(s) for containers | String, Array | nil |
| exec_driver | Execution driver for docker | String | nil (implicitly native as of 0.9.0) |
| graph | Path to use as the root of the docker runtime | String | nil (implicitly /var/lib/docker) |
| group | Group for docker socket and group_members | String | nil (implicitly docker) |
| host | Socket(s) that docker should bind | String, Array | unix:///var/run/docker.sock |
| http_proxy | HTTP_PROXY environment variable | String | nil |
| icc | Enable inter-container communication | TrueClass, FalseClass | nil (implicitly true) |
| ip | Default IP address to use when binding container ports | String | nil (implicitly 0.0.0.0) |
| iptables | Enable Docker's addition of iptables rules | TrueClass, FalseClass | nil (implicitly true) |
| logfile | Set custom DOCKER_LOGFILE | String | nil |
| mtu | Set the containers network MTU | Fixnum | nil (implicitly default route MTU or 1500 if no default route is available) |
| options | Additional options to pass to docker. These could be flags like "-api-enable-cors". | String | nil |
| pidfile | Path to use for daemon PID file | String | nil (implicitly /var/run/docker.pid) |
| ramdisk | Set DOCKER_RAMDISK when using RAM disk | TrueClass or FalseClass | false |
| selinux_enabled | Enable SELinux | TrueClass or FalseClass | nil |
| storage_driver | Storage driver for docker | String | nil |
| storage_opt | Storage driver options | String, Array | nil |
| tls | Use TLS | TrueClass, FalseClass | nil (implicitly false) |
| tlscacert | Trust only remotes providing a certificate signed by the CA given here | String | nil (implicitly ~/.docker/ca.pem) |
| tlscert | Path to TLS certificate file | String | nil (implicitly ~/.docker/cert.pem) |
| tlskey | Path to TLS key file | String | nil (implicitly ~/.docker/key.pem) |
| tlsverify | Use TLS and verify the remote (daemon: verify client, client: verify daemon) | TrueClass, FalseClass | nil (implicitly false) |
| tmpdir | TMPDIR environment variable | String | nil |
These attributes are under the node['docker'] namespace.
| Attribute | Description | Type | Default |
|---|---|---|---|
| docker_daemon_timeout | Timeout to wait for the docker daemon to start in seconds for LWRP commands | Fixnum | 10 |
These attributes are under the node['docker'] namespace.
| Attribute | Description | Type | Default |
|---|---|---|---|
| container_cmd_timeout | container LWRP default cmd_timeout seconds | Fixnum | 60 |
| container_init_type | Init type for docker containers (nil, "runit", "systemd", "sysv", or "upstart") | String | node['docker']['init_type'] |
These attributes are under the node['docker'] namespace.
| Attribute | Description | Type | Default |
|---|---|---|---|
| image_cmd_timeout | image LWRP default cmd_timeout seconds | Fixnum | 300 |
These attributes are under the node['docker'] namespace.
| Attribute | Description | Type | Default |
|---|---|---|---|
| registry_cmd_timeout | registry LWRP default cmd_timeout seconds | Fixnum | 60 |
recipe[docker]Installs/Configures Dockerrecipe[docker::aufs]Installs/Loads AUFS Linux modulerecipe[docker::binary]Installs Docker binaryrecipe[docker::cgroups]Installs/configures default platform Control Groups supportrecipe[docker::devicemapper]Installs/Configures Device Mapperrecipe[docker::group]Installs/Configures docker grouprecipe[docker::lxc]Installs/configures default platform LXC supportrecipe[docker::package]Installs Docker via packagerecipe[docker::runit]Installs/Starts Docker via runitrecipe[docker::source]Installs Docker via sourcerecipe[docker::systemd]Installs/Starts Docker via systemdrecipe[docker::sysv]Installs/Starts Docker via SysVrecipe[docker::upstart]Installs/Starts Docker via Upstart
- docker_container: container operations
- docker_image: image/repository operations
- docker_registry: registry operations
Here's a quick example of pulling the latest image and running a container with exposed ports (creates service automatically):
# Pull latest imagedocker_image'samalba/docker-registry'# Run container exposing portsdocker_container'samalba/docker-registry'dodetachtrueport'5000:5000'env'SETTINGS_FLAVOR=local'volume'/mnt/docker:/docker-storage'endMaybe you want to automatically update your private registry with changes from your container?
# Login to private registrydocker_registry'https://docker-registry.example.com/'dousername'shipper'password'iloveshipping'end# Pull tagged imagedocker_image'apps/crowsnest'dotag'not-latest'end# Run containerdocker_container'crowsnest'# Save current timestamptimestamp=Time.new.strftime('%Y%m%d%H%M')# Commit container changesdocker_container'crowsnest'dorepository'apps'tagtimestampaction:commitend# Push imagedocker_image'crowsnest'dorepository'apps'tagtimestampaction:pushendSee full documentation for each LWRP and action below for more information.
Below are the available actions for the LWRP, default being run.
These attributes are associated with all LWRP actions.
| Attribute | Description | Type | Default |
|---|---|---|---|
| cmd_timeout | Timeout for docker commands (catchable exception: Chef::Provider::Docker::Container::CommandTimeout) | Integer | node['docker']['container_cmd_timeout'] |
| command | Command to run in or identify container | String | nil |
| container_name | Name for container/service | String | nil |
These attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| author | Author for commit | String | nil |
| message | Message for commit | String | nil |
| repository | Remote repository | String | nil |
| run | Configuration to be applied when the image is launched with docker run | String | nil |
| tag | Specific tag for image | String | nil |
Commit a container with optional repository, run specification, and tag:
docker_container'myApp'dorepository'myRepo'tagTime.new.strftime("%Y%m%d%H%M")run'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}'action:commitendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| destination | Host path to copy file | String | nil |
| source | Container path to get file | String | nil |
Copying a file from container to host:
docker_container'myApp'dosource'/path/to/container/file'destination'/path/to/save/on/host'action:cpendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| destination | Host path to save tarball | String | nil |
Exporting container to host:
docker_container'myApp'dodestination'/path/to/save/on/host.tgz'action:exportendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| cookbook | Cookbook to grab any templates | String | docker |
| init_type | Init type for container service handling | FalseClass, String | node['docker']['container_init_type'] |
| init_template | Template to use for init configuration | String | nil |
| signal | Signal to send to the container | String | nil (implicitly KILL) |
| socket_template | Template to use for configuring socket (relevent for init_type systemd only) | String | nil |
Kill a running container:
docker_container'shipyard'doaction:killendSend SIGQUIT to a running container:
docker_container'shipyard'dosignal'QUIT'action:killendStops, removes, and runs a container. Useful for notifications from image build/pull.
Attributes for this action can be found in the stop, remove, and run actions.
Redeploy container when new image is pulled:
docker_image'shipyard/shipyard'doaction:pullnotifies:redeploy,'docker_container[shipyard]',:immediatelyenddocker_container'shipyard'do# Other attributesaction:runendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| cookbook | Cookbook to grab any templates | String | docker |
| force | Force removal | TrueClass, FalseClass | nil |
| init_type | Init type for container service handling | FalseClass, String | node['docker']['container_init_type'] |
| init_template | Template to use for init configuration | String | nil |
| socket_template | Template to use for configuring socket (relevent for init_type systemd only) | String | nil |
Remove a container:
docker_container'shipyard'doaction:removeendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| link | Link to remove from container | String | nil |
Remove a container:
docker_container'shipyard'dolink'foo'action:remove_linkendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| volume | Volume(s) to remove from container | String, Array | nil |
Remove a container:
docker_container'shipyard'dovolume%w(/extravol1/extravol2)action:remove_volumeendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| cookbook | Cookbook to grab any templates | String | docker |
| init_type | Init type for container service handling | FalseClass, String | node['docker']['container_init_type'] |
| init_template | Template to use for init configuration | String | nil |
| socket_template | Template to use for configuring socket (relevent for init_type systemd only) | String | nil |
Restart a container:
docker_container'shipyard'doaction:restartendBy default, this will handle creating a service for the container when action is run or start. set['docker']['container_init_type'] = false or add init_type false for LWRP to disable this behavior.
These attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| attach | Attach container's stdout/stderr and forward all signals to the process | TrueClass, FalseClass | nil |
| cidfile | File to store container ID | String | nil |
| container_name | Name for container/service | String | nil |
| cookbook | Cookbook to grab any templates | String | docker |
| cpu_shares | CPU shares for container | Fixnum | nil |
| detach | Detach from container when starting | TrueClass, FalseClass | nil |
| dns | DNS servers for container | String, Array | nil |
| dns_search | DNS search domains for container | String, Array | nil |
| entrypoint | Overwrite the default entrypoint set by the image | String | nil |
| env | Environment variables to pass to container | String, Array | nil |
| env_file | Read in a line delimited file of ENV variables | String | nil |
| expose | Expose a port from the container without publishing it to your host | Fixnum, String, Array | nil |
| hostname | Container hostname | String | nil |
| image | Image for container | String | LWRP name |
| init_type | Init type for container service handling | FalseClass, String | node['docker']['container_init_type'] |
| init_template | Template to use for init configuration | String | nil |
| link | Add link to another container | String, Array | nil |
| label | Options to pass to underlying labeling system | String | nil |
| lxc_conf | Custom LXC options | String, Array | nil |
| memory | Set memory limit for container | Fixnum | nil |
| net | Configure networking for container | String | nil |
| networking (DEPRECATED) | Configure networking for container | TrueClass, FalseClass | true |
| opt | Custom driver options | String, Array | nil |
| port | Map network port(s) to the container | Fixnum (DEPRECATED), String, Array | nil |
| privileged | Give extended privileges | TrueClass, FalseClass | nil |
| public_port (DEPRECATED) | Map host port to container | Fixnum | nil |
| publish_exposed_ports | Publish all exposed ports to the host interfaces | TrueClass, FalseClass | false |
| remove_automatically | Automatically remove the container when it exits (incompatible with detach) | TrueClass, FalseClass | false |
| socket_template | Template to use for configuring socket (relevent for init_type systemd only) | String | nil |
| stdin | Attach container's stdin | TrueClass, FalseClass | nil |
| tty | Allocate a pseudo-tty | TrueClass, FalseClass | nil |
| user | User to run container | String | nil |
| volume | Create bind mount(s) with: [host-dir]:[container-dir]:[rw | ro]. If "container-dir" is missing, then docker creates a new volume. | String, Array |
| volumes_from | Mount all volumes from the given container(s) | String | nil |
| working_directory | Working directory inside the container | String | nil |
Run a container:
docker_container'myImage'dodetachtrueendRun a container via command:
docker_container'busybox'docommand'sleep 9999'detachtrueendRun a container from image (docker-registry for example):
docker_container'docker-registry'doimage'samalba/docker-registry'detachtruehostname'docker-registry.example.com'port'5000:5000'env'SETTINGS_FLAVOR=local'volume'/mnt/docker:/docker-storage'endThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| attach | Attach container's stdout/stderr and forward all signals to the cookbook | Cookbook to grab any templates | String |
| init_type | Init type for container service handling | FalseClass, String | node['docker']['container_init_type'] |
| init_template | Template to use for init configuration | String | nil |
| socket_template | Template to use for configuring socket (relevent for init_type systemd only) | String | nil |
| stdin | Attach container's stdin | TrueClass, FalseClass | nil |
Start a stopped container:
docker_container'shipyard'doaction:startendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| cookbook | Cookbook to grab any templates | String | docker |
| init_type | Init type for container service handling | FalseClass, String | node['docker']['container_init_type'] |
| init_template | Template to use for init configuration | String | nil |
| socket_template | Template to use for configuring socket (relevent for init_type systemd only) | String | nil |
Stop a running container:
docker_container'shipyard'doaction:stopendWait for a container to finish:
docker_container'busybox'docommand'sleep 9999'action:waitendBelow are the available actions for the LWRP, default being pull.
These attributes are associated with all LWRP actions.
| Attribute | Description | Type | Default |
|---|---|---|---|
| cmd_timeout | Timeout for docker commands (catchable exception: Chef::Provider::Docker::Image::CommandTimeout) | Integer | node['docker']['image_cmd_timeout'] |
These attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| dockerfile (DEPRECATED) | Dockerfile to build image | String | nil |
| image_url (DEPRECATED) | URL to grab image | String | nil |
| no_cache | Do not use the cache when building the image | TrueClass, FalseClass | false |
| path (DEPRECATED) | Local path to files | String | nil |
| rm | Remove intermediate containers after a successful build | TrueClass, FalseClass | false |
| source | Source dockerfile/directory/URL to build | String | nil |
| tag | Optional tag for image | String | nil |
Build image from Dockerfile:
docker_image'myImage'dotag'myTag'source'myImageDockerfile'action:build_if_missingendBuild image from remote repository:
docker_image'myImage'dosource'example.com/foo/myImage'tag'myTag'action:build_if_missingendConditionally rebuild image if changes upstream:
git"#{Chef::Config[:file_cache_path]}/docker-testcontainerd"dorepository'[email protected]:bflad/docker-testcontainerd.git'notifies:build,'docker_image[bflad/testcontainerd]',:immediatelyenddocker_image'bflad/testcontainerd'doaction:pull_if_missingendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| image_url (DEPRECATED) | URL to grab image | String | nil |
| repository | Optional repository | String | nil |
| source | Source file/directory/URL | String | nil |
| tag | Optional tag for image | String | nil |
Import image from local directory:
docker_image'test'dosource'/path/to/test'action:importendImport image from local file:
docker_image'test'dosource'/path/to/test.tgz'action:importendImport image from remote URL:
docker_image'test'dosource'https://example.com/testimage.tgz'action:importendACTION DEPRECATED AS OF DOCKER 0.10.0
These attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| destination | Destination path/URL | String | nil |
| source | Source path/URL | String | nil |
Insert file from remote URL:
docker_image'test'dosource'http://example.com/some/file.txt'destination'/container/path/for/some/file.txt'action:insertendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| input | Image source (via tar archive file) | String | nil |
| source | Image source (via stdin) | String | nil |
Load repository via input:
docker_image'test'doinput'/path/to/test.tar'action:loadendLoad repository via stdin:
docker_image'test'dosource'/path/to/test.tgz'action:loadendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| registry | Optional registry server | String | nil |
| tag | Optional tag for image | String | nil |
Pull latest image every Chef run:
docker_image'busybox'Pull latest image only if missing:
docker_image'busybox'doaction:pull_if_missingendPull tagged image:
docker_image'bflad/test'dotag'not-latest'endPush image (after logging in with docker_registry):
docker_image'bflad/test'doaction:pushendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| force | Force removal | TrueClass, FalseClass | nil |
| no_prune | Do not delete untagged parents | TrueClass, FalseClass | nil |
Remove image:
docker_image'busybox'doaction:removeendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| destination | Destination path (via stdout) | String | nil |
| output | Destination path (via file) | String | nil |
| tag | Save specific tag | String | nil |
Save repository via file to path:
docker_image'test'dodestination'/path/to/test.tar'action:saveendSave repository via stdout to path:
docker_image'test'dodestination'/path/to/test.tgz'action:saveendThese attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| force | Force operation | Boolean | false |
| repository | Remote repository | String | nil |
| tag | Specific tag for image | String | nil |
Tag image:
docker_image'test'dorepository'bflad'tag'1.0.0'action:tagendThese attributes are associated with all LWRP actions.
| Attribute | Description | Type | Default |
|---|---|---|---|
| cmd_timeout | Timeout for docker commands (catchable exception: Chef::Provider::Docker::Registry::CommandTimeout) | Integer | node['docker']['registry_cmd_timeout'] |
These attributes are associated with this LWRP action.
| Attribute | Description | Type | Default |
|---|---|---|---|
| Registry email | String | nil | |
| password | Registry password | String | nil |
| username | Registry username | String | nil |
Log into or register with public registry:
docker_registry 'https://index.docker.io/v1/' do email '[email protected]' username 'publicme' password 'hope_this_is_in_encrypted_databag' end Log into private registry with optional port:
docker_registry 'https://docker-registry.example.com:8443/' do username 'privateme' password 'still_hope_this_is_in_encrypted_databag' end - Quickly testing with Vagrant: VAGRANT.md
- Full development and testing workflow with Test Kitchen and friends: TESTING.md
Please see contributing information in: CONTRIBUTING.md
- Brian Flad ([email protected])
Please see licensing information in: LICENSE