chef-docker Build Status


Installs/Configures Docker. Please see for more information about Docker versions that are tested and supported by cookbook versions along with LWRP features.

This cookbook was inspired by @thoward's docker-cookbook:



  • Chef 11+


  • Amazon 2014.03.1 (experimental)
  • CentOS 6
  • Debian 7
  • Fedora 19, 20
  • Mac OS X (only docker installation currently)
  • Oracle 6
  • RHEL 6
  • Ubuntu 12.04, 12.10, 13.04, 13.10, 14.04 (experimental)


Opscode Cookbooks

Third-Party Cookbooks


Default Installation

  • Add recipe[docker] to your node's run list

Execution Drivers

If your system is runs a Docker version before 0.9, you'll need to explicitly set up LXC outside of this cookbook. This will likely be true for most distros after Docker 1.0 and chef-docker 1.0 is released.

Storage Drivers

Beginning in chef-docker 1.0, storage driver installation and configuration is expected to be handled before this cookbook's execution, except where required by Docker.


If you need AUFS support, consider adding the aufs cookbook to your node/recipe before docker.

Then, set the storage_driver attribute of this cookbook to aufs.


If you need device-mapper support, consider adding the device-mapper cookbook to your node/recipe before docker.

Then, set the storage_driver attribute of this cookbook to devicemapper (please note lack of dash).

Ubuntu 14.04 Package Installation via Docker PPA

By default, this cookbook will use the package from Ubuntu 14.04's repository. To use the Docker PPA package, just set the repo_url attribute to the Docker PPA URL. e.g. node.set['docker']['package']['repo_url'] = ''


Installation/System Attributes

These attributes are under the node['docker'] namespace.

Attribute Description Type Default
arch Architecture for docker binary (note: Docker only currently supports x86_64) String auto-detected (see attributes/default.rb)
group_members Users to manage in node['docker']['group'] Array of Strings []
init_type Init type for docker ("runit", "systemd", "sysv", or "upstart") String auto-detected (see attributes/default.rb)
install_dir Installation directory for docker binary (custom setting only valid for non-package installations) String auto-detected (see attributes/default.rb)
install_type Installation type for docker ("binary", "package" or "source") String package
ipv4_forward Sysctl set net.ipv4.ip_forward to 1 TrueClass, FalseClass true
ipv6_forward Sysctl set net.ipv6.conf.all.forwarding to 1 TrueClass, FalseClass true
version Version of docker String nil

Binary Installation Attributes

These attributes are under the node['docker']['binary'] namespace.

Attribute Description Type Default
checksum Optional SHA256 checksum for docker binary String auto-detected (see attributes/default.rb)
version Version of docker binary String node['docker']['version'] (if set) or latest
url URL for downloading docker binary String{node['kernel']['name']}/#{node['docker']['arch']}/docker-#{node['docker']['binary']['version']}

Package Installation Attributes

These attributes are under the node['docker']['package'] namespace.

Attribute Description Type Default
action Action for docker packages ("install", "update", etc.) String install
distribution Distribution for docker packages String auto-detected (see attributes/default.rb)
repo_url Repository URL for docker packages String auto-detected (see attributes/default.rb)
repo_key Repository GPG key URL for docker packages String

Source Installation Attributes

These attributes are under the node['docker']['source'] namespace.

Attribute Description Type Default
ref Repository reference for docker source String master
url Repository URL for docker source String

Docker Daemon Attributes

For more information:

These attributes are under the node['docker'] namespace.

Attribute Description Type Default
api_enable_cors Enable CORS headers in API TrueClass, FalseClass nil
bind_socket (DEPRECATED) Socket path that docker should bind String unix:///var/run/docker.sock
bind_uri (DEPRECATED) TCP URI docker should bind String nil
bip Use this CIDR notation address for the network bridge's IP, not compatible with bridge String nil
bridge Attach containers to a pre-existing network bridge; use 'none' to disable container networking String nil
debug Enable debug mode TrueClass, FalseClass nil (implicitly false)
dns DNS server(s) for containers String, Array nil
dns_search DNS search domain(s) for containers String, Array nil
exec_driver Execution driver for docker String nil (implicitly native as of 0.9.0)
graph Path to use as the root of the docker runtime String nil (implicitly /var/lib/docker)
group Group for docker socket and group_members String nil (implicitly docker)
host Socket(s) that docker should bind String, Array unix:///var/run/docker.sock
http_proxy HTTP_PROXY environment variable String nil
icc Enable inter-container communication TrueClass, FalseClass nil (implicitly true)
ip Default IP address to use when binding container ports String nil (implicitly
iptables Enable Docker's addition of iptables rules TrueClass, FalseClass nil (implicitly true)
logfile Set custom DOCKER_LOGFILE String nil
mtu Set the containers network MTU Fixnum nil (implicitly default route MTU or 1500 if no default route is available)
options Additional options to pass to docker. These could be flags like "-api-enable-cors". String nil
pidfile Path to use for daemon PID file String nil (implicitly /var/run/
ramdisk Set DOCKER_RAMDISK when using RAM disk TrueClass or FalseClass false
storage_driver Storage driver for docker String nil
tls Use TLS TrueClass, FalseClass nil (implicitly false)
tlscacert Trust only remotes providing a certificate signed by the CA given here String nil (implicitly ~/.docker/ca.pem)
tlscert Path to TLS certificate file String nil (implicitly ~/.docker/cert.pem)
tlskey Path to TLS key file String nil (implicitly ~/.docker/key.pem)
tlsverify Use TLS and verify the remote (daemon: verify client, client: verify daemon) TrueClass, FalseClass nil (implicitly false)
tmpdir TMPDIR environment variable String nil

LWRP Attributes

These attributes are under the node['docker'] namespace.

Attribute Description Type Default
docker_daemon_timeout Timeout to wait for the docker daemon to start in seconds for LWRP commands Fixnum 10

docker_container Attributes

These attributes are under the node['docker'] namespace.

Attribute Description Type Default
container_cmd_timeout container LWRP default cmd_timeout seconds Fixnum 60
container_init_type Init type for docker containers (nil, "runit", "systemd", "sysv", or "upstart") String node['docker']['init_type']

docker_image Attributes

These attributes are under the node['docker'] namespace.

Attribute Description Type Default
image_cmd_timeout image LWRP default cmd_timeout seconds Fixnum 300

docker_registry Attributes

These attributes are under the node['docker'] namespace.

Attribute Description Type Default
registry_cmd_timeout registry LWRP default cmd_timeout seconds Fixnum 60


  • recipe[docker] Installs/Configures Docker
  • recipe[docker::aufs] Installs/Loads AUFS Linux module
  • recipe[docker::binary] Installs Docker binary
  • recipe[docker::cgroups] Installs/configures default platform Control Groups support
  • recipe[docker::devicemapper] Installs/Configures Device Mapper
  • recipe[docker::group] Installs/Configures docker group
  • recipe[docker::lxc] Installs/configures default platform LXC support
  • recipe[docker::package] Installs Docker via package
  • recipe[docker::runit] Installs/Starts Docker via runit
  • recipe[docker::source] Installs Docker via source
  • recipe[docker::systemd] Installs/Starts Docker via systemd
  • recipe[docker::sysv] Installs/Starts Docker via SysV
  • recipe[docker::upstart] Installs/Starts Docker via Upstart


  • docker_container: container operations
  • docker_image: image/repository operations
  • docker_registry: registry operations

Getting Started

Here's a quick example of pulling the latest image and running a container with exposed ports (creates service automatically):

# Pull latest image
docker_image 'samalba/docker-registry'

# Run container exposing ports
docker_container 'samalba/docker-registry' do
  detach true
  port '5000:5000'
  env 'SETTINGS_FLAVOR=local'
  volume '/mnt/docker:/docker-storage'

Maybe you want to automatically update your private registry with changes from your container?

# Login to private registry
docker_registry '' do
  username 'shipper'
  password 'iloveshipping'

# Pull tagged image
docker_image 'apps/crowsnest' do
  tag 'not-latest'

# Run container
docker_container 'crowsnest'

# Save current timestamp
timestamp ='%Y%m%d%H%M')

# Commit container changes
docker_container 'crowsnest' do
  repository 'apps'
  tag timestamp
  action :commit

# Push image
docker_image 'crowsnest' do
  repository 'apps'
  tag timestamp
  action :push

See full documentation for each LWRP and action below for more information.


Below are the available actions for the LWRP, default being run.

These attributes are associated with all LWRP actions.

Attribute Description Type Default
cmd_timeout Timeout for docker commands (catchable exception: Chef::Provider::Docker::Container::CommandTimeout) Integer node['docker']['container_cmd_timeout']
command Command to run in or identify container String nil
container_name Name for container/service String nil

docker_container action :commit

These attributes are associated with this LWRP action.

Attribute Description Type Default
author Author for commit String nil
message Message for commit String nil
repository Remote repository String nil
run Configuration to be applied when the image is launched with docker run String nil
tag Specific tag for image String nil

Commit a container with optional repository, run specification, and tag:

docker_container 'myApp' do
  repository 'myRepo'
  run '{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}'
  action :commit

docker_container action :cp

These attributes are associated with this LWRP action.

Attribute Description Type Default
destination Host path to copy file String nil
source Container path to get file String nil

Copying a file from container to host:

docker_container 'myApp' do
  source '/path/to/container/file'
  destination '/path/to/save/on/host'
  action :cp

docker_container action :export

These attributes are associated with this LWRP action.

Attribute Description Type Default
destination Host path to save tarball String nil

Exporting container to host:

docker_container 'myApp' do
  destination '/path/to/save/on/host.tgz'
  action :export

docker_container action :kill

These attributes are associated with this LWRP action.

Attribute Description Type Default
cookbook Cookbook to grab any templates String docker
init_type Init type for container service handling FalseClass, String node['docker']['container_init_type']
init_template Template to use for init configuration String nil
signal Signal to send to the container String nil (implicitly KILL)
socket_template Template to use for configuring socket (relevent for init_type systemd only) String nil

Kill a running container:

docker_container 'shipyard' do
  action :kill

Send SIGQUIT to a running container:

docker_container 'shipyard' do
  signal 'QUIT'
  action :kill

docker_container action :redeploy

Stops, removes, and runs a container. Useful for notifications from image build/pull.

Attributes for this action can be found in the stop, remove, and run actions.

Redeploy container when new image is pulled:

docker_image 'shipyard/shipyard' do
  action :pull
  notifies :redeploy, 'docker_container[shipyard]', :immediately

docker_container 'shipyard' do
  # Other attributes
  action :run

docker_container action :remove

These attributes are associated with this LWRP action.

Attribute Description Type Default
cookbook Cookbook to grab any templates String docker
force Force removal TrueClass, FalseClass nil
init_type Init type for container service handling FalseClass, String node['docker']['container_init_type']
init_template Template to use for init configuration String nil
socket_template Template to use for configuring socket (relevent for init_type systemd only) String nil

Remove a container:

docker_container 'shipyard' do
  action :remove

docker_container action :remove_link

These attributes are associated with this LWRP action.

Attribute Description Type Default
link Link to remove from container String nil

Remove a container:

docker_container 'shipyard' do
  link 'foo'
  action :remove_link

docker_container action :remove_volume

These attributes are associated with this LWRP action.

Attribute Description Type Default
volume Volume(s) to remove from container String, Array nil

Remove a container:

docker_container 'shipyard' do
  volume %w(/extravol1 /extravol2)
  action :remove_volume

docker_container action :restart

These attributes are associated with this LWRP action.

Attribute Description Type Default
cookbook Cookbook to grab any templates String docker
init_type Init type for container service handling FalseClass, String node['docker']['container_init_type']
init_template Template to use for init configuration String nil
socket_template Template to use for configuring socket (relevent for init_type systemd only) String nil

Restart a container:

docker_container 'shipyard' do
  action :restart

docker_container action :run

By default, this will handle creating a service for the container when action is run or start. set['docker']['container_init_type'] = false or add init_type false for LWRP to disable this behavior.

These attributes are associated with this LWRP action.

Attribute Description Type Default
attach Attach container's stdout/stderr and forward all signals to the process TrueClass, FalseClass nil
cidfile File to store container ID String nil
container_name Name for container/service String nil
cookbook Cookbook to grab any templates String docker
cpu_shares CPU shares for container Fixnum nil
detach Detach from container when starting TrueClass, FalseClass nil
dns DNS servers for container String, Array nil
dns_search DNS search domains for container String, Array nil
entrypoint Overwrite the default entrypoint set by the image String nil
env Environment variables to pass to container String, Array nil
env_file Read in a line delimited file of ENV variables String nil
expose Expose a port from the container without publishing it to your host Fixnum, String, Array nil
hostname Container hostname String nil
image Image for container String LWRP name
init_type Init type for container service handling FalseClass, String node['docker']['container_init_type']
init_template Template to use for init configuration String nil
link Add link to another container String, Array nil
label Options to pass to underlying labeling system String nil
lxc_conf Custom LXC options String, Array nil
memory Set memory limit for container Fixnum nil
networking Configure networking for container TrueClass, FalseClass true
opt Custom driver options String, Array nil
port Map network port(s) to the container Fixnum (DEPRECATED), String, Array nil
privileged Give extended privileges TrueClass, FalseClass nil
public_port (DEPRECATED) Map host port to container Fixnum nil
publish_exposed_ports Publish all exposed ports to the host interfaces TrueClass, FalseClass false
remove_automatically Automatically remove the container when it exits (incompatible with detach) TrueClass, FalseClass false
socket_template Template to use for configuring socket (relevent for init_type systemd only) String nil
stdin Attach container's stdin TrueClass, FalseClass nil
tty Allocate a pseudo-tty TrueClass, FalseClass nil
user User to run container String nil
volume Create bind mount(s) with: [host-dir]:[container-dir]:[rw ro]. If "container-dir" is missing, then docker creates a new volume. String, Array
volumes_from Mount all volumes from the given container(s) String nil
working_directory Working directory inside the container String nil

Run a container:

docker_container 'myImage' do
  detach true

Run a container via command:

docker_container 'busybox' do
  command 'sleep 9999'
  detach true

Run a container from image (docker-registry for example):

docker_container 'docker-registry' do
  image 'samalba/docker-registry'
  detach true
  hostname ''
  port '5000:5000'
  env 'SETTINGS_FLAVOR=local'
  volume '/mnt/docker:/docker-storage'

docker_container action :start

These attributes are associated with this LWRP action.

Attribute Description Type Default
attach Attach container's stdout/stderr and forward all signals to the cookbook Cookbook to grab any templates String
init_type Init type for container service handling FalseClass, String node['docker']['container_init_type']
init_template Template to use for init configuration String nil
socket_template Template to use for configuring socket (relevent for init_type systemd only) String nil
stdin Attach container's stdin TrueClass, FalseClass nil

Start a stopped container:

docker_container 'shipyard' do
  action :start

docker_container action :stop

These attributes are associated with this LWRP action.

Attribute Description Type Default
cookbook Cookbook to grab any templates String docker
init_type Init type for container service handling FalseClass, String node['docker']['container_init_type']
init_template Template to use for init configuration String nil
socket_template Template to use for configuring socket (relevent for init_type systemd only) String nil

Stop a running container:

docker_container 'shipyard' do
  action :stop

docker_container action :wait

Wait for a container to finish:

docker_container 'busybox' do
  command 'sleep 9999'
  action :wait


Below are the available actions for the LWRP, default being pull.

These attributes are associated with all LWRP actions.

Attribute Description Type Default
cmd_timeout Timeout for docker commands (catchable exception: Chef::Provider::Docker::Image::CommandTimeout) Integer node['docker']['image_cmd_timeout']

docker_image action :build and :build_if_missing

These attributes are associated with this LWRP action.

Attribute Description Type Default
dockerfile (DEPRECATED) Dockerfile to build image String nil
image_url (DEPRECATED) URL to grab image String nil
no_cache Do not use the cache when building the image TrueClass, FalseClass false
path (DEPRECATED) Local path to files String nil
rm Remove intermediate containers after a successful build TrueClass, FalseClass false
source Source dockerfile/directory/URL to build String nil
tag Optional tag for image String nil

Build image from Dockerfile:

docker_image 'myImage' do
  tag 'myTag'
  source 'myImageDockerfile'
  action :build_if_missing

Build image from remote repository:

docker_image 'myImage' do
  source ''
  tag 'myTag'
  action :build_if_missing

Conditionally rebuild image if changes upstream:

git "#{Chef::Config[:file_cache_path]}/docker-testcontainerd" do
  repository ''
  notifies :build, 'docker_image[bflad/testcontainerd]', :immediately

docker_image 'bflad/testcontainerd' do
  action :pull_if_missing

docker_image action :import

These attributes are associated with this LWRP action.

Attribute Description Type Default
image_url (DEPRECATED) URL to grab image String nil
repository Optional repository String nil
source Source file/directory/URL String nil
tag Optional tag for image String nil

Import image from local directory:

docker_image 'test' do
  source '/path/to/test'
  action :import

Import image from local file:

docker_image 'test' do
  source '/path/to/test.tgz'
  action :import

Import image from remote URL:

docker_image 'test' do
  source ''
  action :import

docker_image action :insert


These attributes are associated with this LWRP action.

Attribute Description Type Default
destination Destination path/URL String nil
source Source path/URL String nil

Insert file from remote URL:

docker_image 'test' do
  source ''
  destination '/container/path/for/some/file.txt'
  action :insert

docker_image action :load

These attributes are associated with this LWRP action.

Attribute Description Type Default
input Image source (via tar archive file) String nil
source Image source (via stdin) String nil

Load repository via input:

docker_image 'test' do
  input '/path/to/test.tar'
  action :load

Load repository via stdin:

docker_image 'test' do
  source '/path/to/test.tgz'
  action :load

docker_image action :pull and :pull_if_missing

These attributes are associated with this LWRP action.

Attribute Description Type Default
registry Optional registry server String nil
tag Optional tag for image String nil

Pull latest image every Chef run:

docker_image 'busybox'

Pull latest image only if missing:

docker_image 'busybox' do
  action :pull_if_missing

Pull tagged image:

docker_image 'bflad/test' do
  tag 'not-latest'

docker_image action :push

Push image (after logging in with docker_registry):

docker_image 'bflad/test' do
  action :push

docker_image action :remove

These attributes are associated with this LWRP action.

Attribute Description Type Default
force Force removal TrueClass, FalseClass nil
no_prune Do not delete untagged parents TrueClass, FalseClass nil

Remove image:

docker_image 'busybox' do
  action :remove

docker_image action :save

These attributes are associated with this LWRP action.

Attribute Description Type Default
destination Destination path (via stdout) String nil
output Destination path (via file) String nil
tag Save specific tag String nil

Save repository via file to path:

docker_image 'test' do
  destination '/path/to/test.tar'
  action :save

Save repository via stdout to path:

docker_image 'test' do
  destination '/path/to/test.tgz'
  action :save

docker_image action :tag

These attributes are associated with this LWRP action.

Attribute Description Type Default
force Force operation Boolean false
repository Remote repository String nil
tag Specific tag for image String nil

Tag image:

docker_image 'test' do
  repository 'bflad'
  tag '1.0.0'
  action :tag


These attributes are associated with all LWRP actions.

Attribute Description Type Default
cmd_timeout Timeout for docker commands (catchable exception: Chef::Provider::Docker::Registry::CommandTimeout) Integer node['docker']['registry_cmd_timeout']

docker_registry action :login

These attributes are associated with this LWRP action.

Attribute Description Type Default
email Registry email String nil
password Registry password String nil
username Registry username String nil

Log into or register with public registry:

docker_registry '' do
  email ''
  username 'publicme'
  password 'hope_this_is_in_encrypted_databag'

Log into private registry with optional port:

docker_registry '' do
  username 'privateme'
  password 'still_hope_this_is_in_encrypted_databag'

Testing and Development

  • Quickly testing with Vagrant:
  • Full development and testing workflow with Test Kitchen and friends:


Please see contributing information in:



Please see licensing information in: LICENSE


