150. EPMO Open Source Coordination Office Redaction File Detail Report

Produced by Araxis Merge on 10/2/2017 1:40:11 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

150.1 Files compared

#	Location	File	Last Modified
1	chef-repo.zip\chef-repo\third_party_cookbooks\docker	README.md	Mon May 8 19:59:53 2017 UTC
2	chef-repo.zip\chef-repo\third_party_cookbooks\docker	README.md	Mon Oct 2 15:35:51 2017 UTC

150.2 Comparison summary

Description	Between Files 1 and 2
Description	Text Blocks	Lines
Unchanged	4	2540
Changed	3	8
Inserted	0	0
Removed	0	0

150.3 Comparison options

Whitespace
Character case	Differences in character case are significant
Line endings	Differences in line endings (`CR` and `LF` characters) are ignored
CR/LF characters	Not shown in the comparison detail

150.4 Active regular expressions

No regular expressions were active.

150.5 Comparison detail

	1	# Docker C ookbook
	2
	3	[![Build S tatus](htt ps://travi s-ci.org/c hef-cookbo oks/docker .svg?branc h=master)] (https://t ravis-ci.o rg/chef-co okbooks/do cker) [![C ookbook Ve rsion](htt ps://img.s hields.io/ cookbook/v /docker.sv g)](https: //supermar ket.chef.i o/cookbook s/docker) [![Gitter] (https://b adges.gitt er.im/Join Chat.svg) ](https:// gitter.im/ someara/ch ef-docker? utm_source =badge&utm _medium=ba dge&utm_ca mpaign=pr- badge&utm_ content=ba dge)
	4
	5	The Docker Cookbook is a libra ry cookboo k that pro vides cust om resourc es for use in recipe s.
	6
	7	## Scope
	8
	9	This cookb ook is con cerned wit h the [Doc ker](http: //docker.i o) contain er engine as distrib uted by Do cker, Inc. It does n ot address Docker ec osystem to oling or p rerequisit e technolo gy such as cgroups o r aufs.
	10
	11	## Require ments
	12
	13	- Chef 12. 5.x or hig her. Chef 11 is NOT SUPPORTED, please do not open issues abo ut it.
	14	- Ruby 2.1 or higher (preferab ly, the Ch ef full-st ack instal ler)
	15	- Network accessible web serve r hosting the docker binary.
	16	- SELinux permissive /disabled if CentOS [Docker Is sue #15498 ](https:// github.com /docker/do cker/issue s/15498)
	17
	18	## Platfor m Support
	19
	20	The follow ing platfo rms have b een tested with Test Kitchen: You may be able to g et it work ing on oth er platfor ms, with a ppropriate configura tion of cg roups and storage ba ck ends.
	21
	22	```
	23	\|--------- -----+---- ---+------ -+-------\| --------\|- -------\|
	24	\| \| 1.7 .1 \| 1.8.3 \| 1.9.1 \| 1.10.3 \| 1.11.1 \|
	25	\|--------- -----+---- ---+------ -+-------\| --------\|- -------\|
	26	\| debian-7 \| X \| X \| X \| X \| X \|
	27	\|--------- -----+---- ---+------ -+-------\| --------\|- -------\|
	28	\| debian-8 \| X \| X \| X \| X \| X \|
	29	\|--------- -----+---- ---+------ -+-------\| --------\|- -------\|
	30	\| centos-7 \| X \| X \| X \| X \| X \|
	31	\|--------- -----+---- ---+------ -+-------\| --------\|- -------\|
	32	\| fedora-2 3 \| \| \| X \| X \| X \|
	33	\|--------- -----+---- ---+------ -+-------\| --------\|- -------\|
	34	\| ubuntu-1 2.04 \| X \| X \| X \| X \| X \|
	35	\|--------- -----+---- ---+------ -+-------\| --------\|- -------\|
	36	\| ubuntu-1 4.04 \| X \| X \| X \| X \| X \|
	37	\|--------- -----+---- ---+------ -+-------\| --------\|- -------\|
	38	\| ubuntu-1 6.04 \| \| \| \| \| X \|
	39	\|--------- -----+---- ---+------ -+-------\| --------\|- -------\|
	40	```
	41
	42	## Cookboo k Dependen cies
	43
	44	- [compat_ resource]( https://su permarket. chef.io/co okbooks/co mpat_resou rce)
	45
	46	## Usage
	47
	48	- Add `dep ends 'dock er', '~> 2 .0'` to yo ur cookboo k's metada ta.rb
	49	- Use the resources shipped in cookbook in a recip e, the sam e way you' d use core Chef reso urces (fil e, templat e, directo ry, packag e, etc).
	50
	51	```ruby
	52	docker_ser vice 'defa ult' do
	53	action [ :create, : start]
	54	end
	55
	56	docker_ima ge 'busybo x' do
	57	action : pull
	58	end
	59
	60	docker_con tainer 'an -echo-serv er' do
	61	repo 'bu sybox'
	62	port '12 34:1234'
	63	command "nc -ll -p 1234 -e / bin/cat"
	64	end
	65	```
	66
	67	## Test Co okbooks as Examples
	68
	69	The cookbo oks ran un der test-k itchen mak e excellen t usage ex amples.
	70
	71	The test r ecipes are found at:
	72
	73	```ruby
	74	test/cookb ooks/docke r_test/
	75	```
	76
	77	## Cgroups , Executio n and Stor age driver s
	78
	79	Beginning in chef-do cker 1.0, support fo r LXC exec ution driv er has bee n removed in favor o f native. Cgroups an d storage drivers ar e now loos ely couple d dependen cies and s hould be c onfigured using othe r cookbook s if neede d.
	80
	81	Storage dr ivers can be selecte d with the `storage_ driver` pr operty on the `docke r_service` resource like this:
	82
	83	```ruby
	84	docker_ser vice 'defa ult' do
	85	storage _driver 'z fs'
	86	end
	87	```
	88
	89	Configurat ion of the backing s torage dri ver, inclu ding kerne l module l oading, is out of sc ope for th is cookboo k.
	90
	91	## Resourc es Overvie w
	92
	93	- [docker_ service](# docker_ser vice): com posite res ource that uses dock er_install ation and docker_ser vice_manag er
	94
	95	- [docker_ installati on](#docke r_installa tion): aut omatically select an installat ion method
	96
	97	- [docker_ service_ma nager](#do cker_servi ce_manager ): automat ically sel ects a ser vice manag er
	98
	99	- [docker_ installati on_binary] (#docker_i nstallatio n_binary): copies a pre-compil ed docker binary ont o disk
	100
	101	- [docker_ installati on_script] (#docker_i nstallatio n_script): curl \| ba sh
	102
	103	- [docker_ installati on_package ](#docker_ installati on_package ): package 'docker-e ngine'
	104
	105	- [docker_ service_ma nager_exec ute](#dock er_service _manager_e xecute): m anage dock er daemon with Chef
	106
	107	- [docker_ service_ma nager_sysv init](#doc ker_servic e_manager_ sysvinit): manage do cker daemo n with a s ysvinit sc ript
	108
	109	- [docker_ service_ma nager_upst art](#dock er_service _manager_u pstart): m anage dock er daemon with upsta rt script
	110
	111	- [docker_ service_ma nager_syst emd](#dock er_service _manager_s ystemd): m anage dock er daemon with syste md unit fi les
	112
	113	- [docker_ image](#do cker_image ): image/r epository operations
	114
	115	- [docker_ container] (#docker_c ontainer): container operation s
	116
	117	- [docker_ tag](#dock er_tag): i mage taggi ng operati ons
	118
	119	- [docker_ registry]( #docker_re gistry): r egistry op erations
	120
	121	- [docker_ network](# docker_net work): net work opera tions
	122
	123	- [docker_ volume](#d ocker_volu me): volum e operatio ns
	124
	125	## Getting Started
	126
	127	Here's a q uick examp le of pull ing the la test image and runni ng a conta iner with exposed po rts.
	128
	129	```ruby
	130	# Pull lat est image
	131	docker_ima ge 'nginx' do
	132	tag 'lat est'
	133	action : pull
	134	notifies :redeploy , 'docker_ container[ my_nginx]'
	135	end
	136
	137	# Run cont ainer expo sing ports
	138	docker_con tainer 'my _nginx' do
	139	repo 'ng inx'
	140	tag 'lat est'
	141	port '80 :80'
	142	host_nam e 'www'
	143	domain_n ame 'compu ters.biz'
	144	env 'FOO =bar'
	145	volumes [ '/some/l ocal/files /:/etc/ngi nx/conf.d' ]
	146	end
	147	```
	148
	149	You might run a priv ate regist ry and mul tiple Dock er hosts.
	150
	151	```ruby
	152	# Login to private r egistry
	153	docker_reg istry 'htt ps://regis try.comput ers.biz/' do
	154	username 'shipper'
	155	password 'iloveshi pping'
	156	email 's hipper@com puters.biz '
	157	end
	158
	159	# Pull tag ged image
	160	docker_ima ge 'regist ry.compute rs.biz:443 /my_projec t/my_conta iner' do
	161	tag 'lat est'
	162	action : pull
	163	host 'tc p://host-1 .computers .biz:2376'
	164	end
	165
	166	# Run cont ainer
	167	docker_con tainer 'cr owsnest' d o
	168	repo 're gistry.com puters.biz :443/my_pr oject/my_c ontainer'
	169	tag 'lat est'
	170	host 'tc p://host-2 .computers .biz:2376'
	171	tls_veri fy true
	172	tls_ca_c ert "/path /to/ca.pem "
	173	tls_clie nt_cert "/ path/to/ce rt.pem"
	174	tls_clie nt_key "/p ath/to/key .pem"
	175	action : run
	176	end
	177	```
	178
	179	You can ma nipulate D ocker volu mes and ne tworks
	180
	181	```ruby
	182	docker_net work 'my_n etwork' do
	183	subnet ' IP '
	184	gateway ' IP '
	185	end
	186
	187	docker_vol ume 'my_vo lume' do
	188	action : create
	189	end
	190
	191	docker_con tainer 'my _container ' do
	192	repo 'al pine'
	193	tag '3.1 '
	194	command "nc -ll -p 1234 -e / bin/cat"
	195	volumes 'my_volume :/my_data'
	196	network_ mode 'my_n etwork'
	197	action : run
	198	end
	199	```
	200
	201	See full d ocumentati on for eac h resource and actio n below fo r more inf ormation.
	202
	203	## Resourc es Details
	204
	205	## docker_ installati on
	206
	207	The `docke r_installa tion` reso urce auto- selects on e of the b elow resou rces with the provid er resolut ion system .
	208
	209	### Exampl e
	210
	211	```ruby
	212	docker_ins tallation 'default' do
	213	repo 'te st'
	214	action : create
	215	end
	216	```
	217
	218	## docker_ installati on_binary
	219
	220	The `docke r_installa tion_binar y` resourc e copies t he precomp iled Go bi nary onto the disk. It exists to help ru n older Do cker versi ons. It sh ould not b e used in production , especial ly with de vicemapper .
	221
	222	### Exampl e
	223
	224	```ruby
	225	docker_ins tallation_ binary 'de fault' do
	226	version '1.8.2'
	227	source ' https://my .computers .biz/dist/ docker'
	228	checksum '97a3f592 4b0b831a31 0efa8bf0a4 c91956cd63 87c4a8667d 27e2b2dd3d a67e4d'
	229	action : create
	230	end
	231	```
	232
	233	### Proper ties
	234
	235	- `version ` - The de sired vers ion of doc ker. Used to calcula te source.
	236	- `source` - Path to network a ccessible Docker bin ary. Ignor es version
	237	- `checksu m` - SHA-2 56
	238
	239	## docker_ installati on_tarball
	240
	241	The `docke r_installa tion_tarba ll` resour ce copies the precom piled Go b inary tarb all onto t he disk. I t exists t o help run newer Doc ker versio ns from 1. 11.0 onwar ds. It sho uld not be used in p roduction, especiall y with dev icemapper.
	242
	243	### Exampl e
	244
	245	```ruby
	246	docker_ins tallation_ tarball 'd efault' do
	247	version '1.11.0'
	248	source ' https://my .computers .biz/dist/ docker.tgz '
	249	checksum '97a3f592 4b0b831a31 0efa8bf0a4 c91956cd63 87c4a8667d 27e2b2dd3d a67e4d'
	250	action : create
	251	end
	252	```
	253
	254	### Proper ties
	255
	256	- `version ` - The de sired vers ion of doc ker. Used to calcula te source.
	257	- `source` - Path to network a ccessible Docker bin ary tarbal l. Ignores version
	258	- `checksu m` - SHA-2 56
	259
	260	## docker_ installati on_script
	261
	262	The `docke r_installa tion_scrip t` resourc e runs the script ho sted by Do cker, Inc at <http:/ /get.docke r.com>. It configure s package repositori es and ins talls a dy namically compiled b inary.
	263
	264	### Exampl e
	265
	266	```ruby
	267	docker_ins tallation_ script 'de fault' do
	268	repo 'ma in'
	269	script_u rl 'https: //my.compu ters.biz/d ist/script s/docker.s h'
	270	action : create
	271	end
	272	```
	273
	274	### Proper ties
	275
	276	- `repo` - One of 'm ain', 'tes t', or 'ex perimental '. Used to calculate script_ur l in its a bsense. De faults to 'main'
	277	- `script_ url` - 'UR L of scrip t to pipe into /bin/ sh as root .
	278
	279	## docker_ installati on_package
	280
	281	The `docke r_installa tion_packa ge` resour ce uses th e system p ackage man ager to in stall Dock er. It rel ies on the pre-confi guration o f the syst em's packa ge reposit ories. The `chef-yum -docker` a nd `chef-a pt-docker` Supermark et cookboo ks are use d to do th is in test -kitchen.
	282
	283	This is th e recommen ded produc tion insta llation me thod.
	284
	285	### Exampl e
	286
	287	```ruby
	288	docker_ins tallation_ package 'd efault' do
	289	version '1.8.3'
	290	action : create
	291	package_ options %q \|--force-y es -o Dpkg ::Options: :='--force -confold' -o Dpkg::O ptions::=' --force-al l'\| # if U buntu for example
	292	end
	293	```
	294
	295	### Proper ties
	296
	297	- `version ` - Used t o calculat e package_ version st ring
	298	- `package _version` - Manually specify t he package version s tring
	299	- `package _name` - N ame of pac kage to in stall. Def aults to ' docker-eng ine'
	300	- `package _options` - Manually specify a dditional options, l ike apt-ge t directiv es for exa mple
	301
	302	## docker_ service_ma nager
	303
	304	The `docke r_service_ manager` r esource au to-selects a strateg y from the `docker_s ervice_man ager_*` gr oup of res ources bas ed on plat form and v ersion. Th e `docker_ service` f amily shar e a common set of pr operties.
	305
	306	### Exampl e
	307
	308	```ruby
	309	docker_ser vice_manag er 'defaul t' do
	310	action : start
	311	end
	312	```
	313
	314	## docker_ service_ma nager_exec ute
	315
	316	### Exampl e
	317
	318	```ruby
	319	docker_ser vice_manag er_execute 'default' do
	320	action : start
	321	end
	322	```
	323
	324	## docker_ service_ma nager_sysv init
	325
	326	### Exampl e
	327
	328	```ruby
	329	docker_ser vice_manag er_sysvini t 'default ' do
	330	host 'un ix:///var/ run/docker .sock'
	331	action : stop
	332	end
	333	```
	334
	335	## docker_ service_ma nager_upst art
	336
	337	### Exampl e
	338
	339	```ruby
	340	docker_ser vice_manag er_upstart 'default' do
	341	host ['u nix:///var /run/docke r.sock', ' tcp://127. 0.0.1:2376 ']
	342	action : start
	343	end
	344	```
	345
	346	## docker_ service_ma nager_syst emd
	347
	348	### Exampl e
	349
	350	```ruby
	351	docker_ser vice_manag er_systemd 'default' do
	352	host ['u nix:///var /run/docke r.sock', ' tcp://127. 0.0.1:2376 ']
	353	tls_veri fy true
	354	tls_ca_c ert "/path /to/ca.pem "
	355	tls_serv er_cert "/ path/to/se rver.pem"
	356	tls_serv er_key "/p ath/to/ser ver-key.pe m"
	357	tls_clie nt_cert "/ path/to/ce rt.pem"
	358	tls_clie nt_key "/p ath/to/key .pem"
	359	action : start
	360	end
	361	```
	362
	363	## docker_ service
	364
	365	The `docke r_service` : resource is a comp osite reso urce that uses `dock er_install ation` and `docker_s ervice_man ager` reso urces.
	366
	367	- The `:cr eate` acti on uses a `docker_in stallation `
	368	- The `:de lete` acti on uses a `docker_in stallation `
	369	- The `:st art` actio n uses a ` docker_ser vice_manag er`
	370	- The `:st op` action uses a `d ocker_serv ice_manage r`
	371
	372	The servic e manageme nt strateg y for the host platf orm is dyn amically c hosen base d on platf orm, but c an be over ridden.
	373
	374	### Exampl e
	375
	376	```ruby
	377	docker_ser vice 'tls_ test:2376' do
	378	host [ " tcp://#{no de['ipaddr ess']}:237 6", 'unix: ///var/run /docker.so ck' ]
	379	tls_veri fy true
	380	tls_ca_c ert '/path /to/ca.pem '
	381	tls_serv er_cert '/ path/to/se rver.pem'
	382	tls_serv er_key '/p ath/to/ser ver-key.pe m'
	383	tls_clie nt_cert '/ path/to/cl ient.pem'
	384	tls_clie nt_key '/p ath/to/cli ent-key.pe m'
	385	action [ :create, : start]
	386	end
	387	```
	388
	389	WARNING - When creat ing multip le `docker _service` resources on the sam e machine, you will need to sp ecify uniq ue graph p roperties to avoid u nexpected behavior a nd possibl e data cor ruption.
	390
	391	### Proper ties
	392
	393	The `docke r_service` resource property l ist mostly correspon ds to the options fo und in the [Docker C ommand Lin e Referenc e](https:/ /docs.dock er.com/ref erence/com mandline/c li/)
	394
	395	- `source` - URL to the pre-co mpiled Doc ker binary used for installati on. Defaul ts to a ca lculated U RL based o n kernel v ersion, Do cker versi on, and pl atform arc h. By defa ult, this will try t o get to " <http://ge t.docker.i o/builds/> ".
	396	- `version ` - Docker version t o install
	397	- `checksu m` - sha25 6 checksum of Docker binary
	398	- `instanc e` - Ident ity for `d ocker_serv ice` resou rce. Defau lts to nam e. Mostly unimportan t for the 1.0 versio n because of its sin gleton sta tus. \| Str ing \| nil
	399	- `api_cor s_header` - Set CORS headers i n the remo te API
	400	- `bridge` - Attach containers to a netw ork bridge
	401	- `bip` - Specify ne twork brid ge IP
	402	- `debug` - Enable d ebug mode
	403	- `cluster _store` - Cluster st ore to use
	404	- `cluster _advertise ` - Ip and port that this daem on should advertise to the clu ster
	405	- `cluster _store_opt s` - Clust er store o ptions
	406	- `daemon` - Enable daemon mod e
	407	- `dns` - DNS server (s) to use
	408	- `dns_sea rch` - DNS search do mains to u se
	409	- `exec_dr iver` - Ex ec driver to use
	410	- `fixed_c idr` - IPv 4 subnet f or fixed I Ps
	411	- `fixed_c idr_v6` - IPv6 subne t for fixe d IPs
	412	- `group` - Posix gr oup for th e unix soc ket
	413	- `graph` - Root of the Docker runtime - Effective ly, the "d ata direct ory"
	414	- `host` - Daemon so cket(s) to connect t o - `tcp:/ /host:port `, `unix:/ //path/to/ socket`, ` fd://*` or `fd://soc ketfd`
	415	- `icc` - Enable int er-contain er communi cation
	416	- `insecur e_registry ` - Enable insecure registry c ommunicati on
	417	- `ip` - D efault IP when bindi ng contain er ports
	418	- `ip_forw ard` - Ena ble ip for warding
	419	- `ipv4_fo rward` - E nable net. ipv4.ip_fo rward
	420	- `ipv6_fo rward` - E nable net. ipv6.ip_fo rward
	421	- `ip_masq ` - Enable IP masque rading
	422	- `iptable s` - Enabl e addition of iptabl es rules
	423	- `ipv6` - Enable IP v6 network ing
	424	- `log_lev el` - Set the loggin g level
	425	- `labels` A string or array t o set meta data on th e daemon i n the form ['foo:bar ', 'hello: world']`
	426	- `log_dri ver` - Con tainer's l ogging dri ver (json- file/syslo g/journald /gelf/flue ntd/none)
	427	- `log_opt s` - Conta iner's log ging drive r options (driver-sp ecific)
	428	- `mtu` - Set the co ntainers n etwork MTU
	429	- `pidfile ` - Path t o use for daemon PID file
	430	- `registr y_mirror` - Preferre d Docker r egistry mi rror
	431	- `storage _driver` - Storage d river to u se
	432	- `selinux _enabled` - Enable s elinux sup port
	433	- `storage _opts` - S et storage driver op tions
	434	- `tls` - Use TLS; i mplied by --tlsverif y. Default s to ENV[' DOCKER_TLS '] if set
	435	- `tls_ver ify` - Use TLS and v erify the remote. De faults to ENV['DOCKE R_TLS_VERI FY'] if se t
	436	- `tls_ca_ cert` - Tr ust certs signed onl y by this CA. Defaul ts to ENV[ 'DOCKER_CE RT_PATH'] if set
	437	- `tls_ser ver_cert` - Path to TLS certif icate file for docke r service
	438	- `tls_ser ver_key` - Path to T LS key fil e for dock er service
	439	- `tls_cli ent_cert` - Path to TLS certif icate file for docke r cli. Def aults to E NV['DOCKER _CERT_PATH '] if set
	440	- `tls_cli ent_key` - Path to T LS key fil e for dock er cli. De faults to ENV['DOCKE R_CERT_PAT H'] if set
	441	- `default _ulimit` - Set defau lt ulimit settings f or contain ers
	442	- `http_pr oxy` - ENV variable set before for Docke r daemon s tarts
	443	- `https_p roxy` - EN V variable set befor e for Dock er daemon starts
	444	- `no_prox y` - ENV v ariable se t before f or Docker daemon sta rts
	445	- `tmpdir` - ENV var iable set before for Docker da emon start s
	446	- `logfile ` - Locati on of Dock er daemon log file
	447	- `userlan d_proxy`- Enables or disables docker-pro xy
	448	- `disable _legacy_re gistry` - Do not con tact legac y registri es
	449	- `userns_ remap` - E nable user namespace remapping options - `default` , `uid`, ` uid:gid`, `username` , `usernam e:groupnam e` (see: [ Docker Use r Namespac es](see: h ttps://doc s.docker.c om/v1.10/e ngine/refe rence/comm andline/da emon/#daem on-user-na mespace-op tions))
	450
	451	##### Misc ellaneous Options
	452	- `misc_op ts` - Pass the docke r daemon a ny other o ptions byp assing fla g validati on, suppli ed as `--f lag=value`
	453
	454	### Action s
	455
	456	- `:create ` - Lays t he Docker bits out o n disk
	457	- `:delete ` - Remove s the Dock er bits fr om the dis k
	458	- `:start` - Makes s ure the se rvice prov ider is se t up prope rly and st art it
	459	- `:stop` - Stops th e service
	460	- `:restar t` - Resta rts the se rvice
	461
	462	### `docke r_service` implement ations
	463
	464	- `docker_ service_ex ecute` - T he simples t docker_s ervice. Ju st starts a process. Fire and forget.
	465
	466	- `docker_ service_sy svinit` - Uses a Sys temV init script to manage the service s tate.
	467
	468	- `docker_ service_up start` - U ses an Ups tart scrip t to manag e the serv ice state.
	469
	470	- `docker_ service_sy stemd` - U ses an Sys temd unit file to ma nage the s ervice sta te. NOTE: This does NOT enable systemd s ocket acti vation.
	471
	472	## docker_ image
	473
	474	The `docke r_image` i s responsi ble for ma naging Doc ker image pulls, bui lds, and d eletions. It speaks directly t o the [Doc ker remote API](http s://docs.d ocker.com/ reference/ api/docker _remote_ap i_v1.20/).
	475
	476	### Exampl es
	477
	478	- default action, de fault prop erties
	479
	480	```ruby
	481	docker_i mage 'hell o-world'
	482	```
	483
	484	- non-defa ult name a ttribute
	485
	486	```ruby
	487	docker_i mage "Tom' s containe r" do
	488	repo 'td uffield/te stcontaine rd'
	489	action : pull
	490	end
	491	```
	492
	493	- pull eve ry time
	494
	495	```ruby
	496	docker_i mage 'busy box' do
	497	action : pull
	498	end
	499	```
	500
	501	- specify a tag
	502
	503	```ruby
	504	docker_i mage 'alpi ne' do
	505	tag '3.1 '
	506	end
	507	```
	508
	509	- specify read/write timeouts
	510
	511	```ruby
	512	docker_i mage 'alpi ne' do
	513	read_tim eout 60
	514	write_ti meout 60
	515	end
	516	```
	517
	518	```ruby
	519	docker_ima ge 'vbatts /slackware ' do
	520	action : remove
	521	end
	522	```
	523
	524	- save
	525
	526	```ruby
	527	docker_i mage 'save hello-wor ld' do
	528	repo 'he llo-world'
	529	destinat ion '/tmp/ hello-worl d.tar'
	530	not_if { ::File.ex ist?('/tmp /hello-wor ld.tar') }
	531	action : save
	532	end
	533	```
	534
	535	- build fr om a Docke rfile on e very chef- client run
	536
	537	```ruby
	538	docker_i mage 'imag e_1' do
	539	tag 'v0. 1.0'
	540	source ' /src/mypro ject/conta iner1/Dock erfile'
	541	action : build
	542	end
	543	```
	544
	545	- build fr om a direc tory, only if image is missing
	546
	547	```ruby
	548	docker_i mage 'imag e_2' do
	549	tag 'v0. 1.0'
	550	source ' /src/mypro ject/conta iner2'
	551	action : build_if_m issing
	552	end
	553	```
	554
	555	- build fr om a tarba ll NOTE: t his is not an "expor t" tarball generated from an a n image sa ve. The co ntents sho uld be a D ockerfile, and anyth ing it ref erences to COPY or A DD
	556
	557	```ruby
	558	docker_ima ge 'image_ 3' do
	559	tag 'v0. 1.0'
	560	source ' /tmp/image _3.tar'
	561	action : build
	562	end
	563	```
	564
	565	```ruby
	566	docker_ima ge 'hello- again' do
	567	tag 'v0. 1.0'
	568	source ' /tmp/hello -world.tar '
	569	action : import
	570	end
	571	```
	572
	573	- push
	574
	575	```ruby
	576	docker_i mage 'my.c omputers.b iz:5043/so meara/hell o-again' d o
	577	action : push
	578	end
	579	```
	580
	581	- Connect to an exte rnal docke r daemon a nd pull an image
	582
	583	```ruby
	584	docker_ima ge 'alpine ' do
	585	host 'tc p://127.0. 0.1:2376'
	586	tag '2.7 '
	587	end
	588	```
	589
	590	### Proper ties
	591
	592	The `docke r_image` r esource pr operties m ostly corr esponds to the [Dock er Remote API](https ://docs.do cker.com/r eference/a pi/docker_ remote_api _v1.20/#2- 2-images) as driven by the [Sw ipley dock er-api Rub y gem](htt ps://githu b.com/swip ely/docker -api)
	593
	594	A `docker_ image`'s f ull identi fier is a string in the form " \<repo\>:\ <tag\>". T here is so me nuance around nam ing using the public
	595	registry v s a privat e one.
	596
	597	- `repo` - aka `imag e_name` - The first half of a Docker ima ge's ident ity. This is a strin g in the f orm: `regi stry:port/ owner/imag e_name`. I f the `reg istry:port ` portion is left of f, Docker will impli citly use the Docker public re gistry. "O fficial Im ages" omit the owner part. Thi s means a repo id ca n look as short as ` busybox`, `alpine`, or `centos `, to refe r to offic ial images on the pu blic regis try, and a s long as `my.comput ers.biz:50 43/what/ev er` to ref er to cust om images on an priv ate regist ry. Often you'll see something like `som eara/chef` to refer to private images on the publi c registry . - Defaul ts to reso urce name.
	598	- `tag` - The second half of a Docker im age's iden tity. - De faults to `latest`
	599	- `source` - Path to input for the `:imp ort`, `:bu ild` and ` :build_if_ missing` a ctions. Fo r building , this can be a Dock erfile, a tarball co ntaining a Dockerfil e in its r oot, or a directory containing a Dockerf ile. For i mport, thi s should b e a tarbal l containi ng Docker formatted image, as generated with `:sav e`.
	600	- `destina tion` - Pa th for out put from t he `:save` action.
	601	- `force` - A force boolean us ed in vari ous action s - Defaul ts to fals e
	602	- `nocache ` - Used i n `:build` operation s. - Defau lts to fal se
	603	- `noprune ` - Used i n `:remove ` operatio ns - Defau lts to fal se
	604	- `rm` - R emove inte rmediate c ontainers after a su ccessful b uild (defa ult behavi or) - Defa ults to `t rue`
	605	- `read_ti meout` - M ay need to increase for long i mage build s/pulls
	606	- `write_t imeout` - May need t o increase for long image buil ds/pulls
	607	- `host` - A string containing the host the API sh ould commu nicate wit h. Default s to ENV[' DOCKER_HOS T'] if set
	608	- `tls` - Use TLS; i mplied by --tlsverif y. Default s to ENV[' DOCKER_TLS '] if set
	609	- `tls_ver ify` - Use TLS and v erify the remote. De faults to ENV['DOCKE R_TLS_VERI FY'] if se t
	610	- `tls_ca_ cert` - Tr ust certs signed onl y by this CA. Defaul ts to ENV[ 'DOCKER_CE RT_PATH'] if set
	611	- `tls_cli ent_cert` - Path to TLS certif icate file for docke r cli. Def aults to E NV['DOCKER _CERT_PATH '] if set
	612	- `tls_cli ent_key` - Path to T LS key fil e for dock er cli. De faults to ENV['DOCKE R_CERT_PAT H'] if set
	613
	614	### Action s
	615
	616	The follow ing action s are avai lable for a `docker_ image` res ource. Def aults to ` pull_if_mi ssing`
	617
	618	- `:pull` - Pulls an image fro m the regi stry
	619	- `:pull_i f_missing` - Pulls a n image fr om the reg istry, onl y if it mi ssing
	620	- `:build` - Builds an image f rom a Dock erfile, di rectory, o r tarball
	621	- `:build_ if_missing ` - Same b uild, but only if it is missin g
	622	- `:save` - Exports an image t o a tarbal l at `dest ination`
	623	- `:import ` - Import s an image from a ta rball at ` destinatio n`
	624	- `:remove ` - Remove s (untags) an image
	625	- `:push` - Pushes a n image to the regis try
	626
	627	## docker_ tag
	628
	629	Docker tag s work ver y much lik e hard lin ks in a Un ix filesys tem. They are just r eferences to an exis ting image . Therefor e, the doc ker_tag re source has taken ins piration f rom the Ch ef `link` resource.
	630
	631	### Exampl es
	632
	633	```ruby
	634	docker_tag 'private repo tag f or hello-a gain:1.0.1 ' do
	635	target_r epo 'hello -again'
	636	target_t ag 'v0.1.0 '
	637	to_repo 'localhost :5043/some ara/hello- again'
	638	to_tag ' latest'
	639	action : tag
	640	end
	641	```
	642
	643	### Proper ties
	644
	645	- `target_ repo` - Th e repo hal f of the s ource imag e identifi er.
	646	- `target_ tag` - The tag half of the sou rce image identifier .
	647	- `to_repo ` - The re po half of the new i mage ident ifier
	648	- `to_tag` - The tag half of th e new imag e identifi er
	649
	650	### Action s
	651
	652	- `:tag` - Tags the image
	653
	654	## docker_ container
	655
	656	The `docke r_containe r` is resp onsible fo r managing Docker co ntainer ac tions. It speaks dir ectly to t he [Docker remote AP I](https:/ /docs.dock er.com/ref erence/api /docker_re mote_api_v 1.20/).
	657
	658	Containers are proce ss oriente d, and mov e through an event c ycle. Than ks to [Gli der Labs]( http://gli derlabs.co m/) for th is excelle nt diagram . ![alt ta g](http:// gliderlabs .com/image s/docker_e vents.png)
	659
	660	### Exampl es
	661
	662	- Create a container without s tarting it .
	663
	664	```ruby
	665	docker_con tainer 'he llo-world' do
	666	command '/hello'
	667	action : create
	668	end
	669	```
	670
	671	- This com mand will exit succe sfully. Th is will ha ppen on ev ery chef-c lient run.
	672
	673	```ruby
	674	docker_con tainer 'bu sybox_ls' do
	675	repo 'bu sybox'
	676	command 'ls -la /'
	677	action : run
	678	end
	679	```
	680
	681	- The :run _if_missin g action w ill only r un once. I t is the d efault act ion.
	682
	683	```ruby
	684	docker_con tainer 'al pine_ls' d o
	685	repo 'al pine'
	686	tag '3.1 '
	687	command 'ls -la /'
	688	action : run_if_mis sing
	689	end
	690	```
	691
	692	- Set envi ronment va riables in a contain er
	693
	694	```ruby
	695	docker_con tainer 'en v' do
	696	repo 'de bian'
	697	env ['PA TH=/usr/bi n', 'FOO=b ar']
	698	command 'env'
	699	action : run_if_mis sing
	700	end
	701	```
	702
	703	- This pro cess remai ns running between c hef-client runs, :ru n will do nothing on subsequen t converge s.
	704
	705	```ruby
	706	docker_con tainer 'an _echo_serv er' do
	707	repo 'al pine'
	708	tag '3.1 '
	709	command 'nc -ll -p 7 -e /bin /cat'
	710	port '7: 7'
	711	action : run
	712	end
	713	```
	714
	715	- Let dock er pick th e host por t
	716
	717	```ruby
	718	docker_con tainer 'an other_echo _server' d o
	719	repo 'al pine'
	720	tag '3.1 '
	721	command 'nc -ll -p 7 -e /bin /cat'
	722	port '7'
	723	action : run
	724	end
	725	```
	726
	727	- Specify the udp pr otocol
	728
	729	```ruby
	730	docker_con tainer 'an _udp_echo_ server' do
	731	repo 'al pine'
	732	tag '3.1 '
	733	command 'nc -ul -p 7 -e /bin /cat'
	734	port '50 07:7/udp'
	735	action : run
	736	end
	737	```
	738
	739	- Kill a c ontainer
	740
	741	```ruby
	742	docker_con tainer 'bi ll' do
	743	action : kill
	744	end
	745	```
	746
	747	- Stop a c ontainer
	748
	749	```ruby
	750	docker_con tainer 'ha mmer_time' do
	751	action : stop
	752	end
	753	```
	754
	755	- Force-st op a conta iner after 30 second s
	756
	757	```ruby
	758	docker_con tainer 'ha mmer_time' do
	759	kill_aft er 30
	760	action : stop
	761	end
	762	```
	763
	764	- Pause a container
	765
	766	```ruby
	767	docker_con tainer 're d_light' d o
	768	action : pause
	769	end
	770	```
	771
	772	- Unpause a containe r
	773
	774	```ruby
	775	docker_con tainer 'gr een_light' do
	776	action : unpause
	777	end
	778	```
	779
	780	- Restart a containe r
	781
	782	```ruby
	783	docker_con tainer 're starter' d o
	784	action : restart
	785	end
	786	```
	787
	788	- Delete a container
	789
	790	```ruby
	791	docker_con tainer 'de leteme' do
	792	remove_v olumes tru e
	793	action : delete
	794	end
	795	```
	796
	797	- Redeploy a contain er
	798
	799	```ruby
	800	docker_con tainer 're deployer' do
	801	repo 'al pine'
	802	tag '3.1 '
	803	command 'nc -ll -p 7777 -e / bin/cat'
	804	port '7'
	805	action : run
	806	end
	807
	808	execute 'r edeploy re deployer' do
	809	notifies :redeploy , 'docker_ container[ redeployer ]', :immed iately
	810	action : run
	811	end
	812	```
	813
	814	- Bind mou nt local d irectories
	815
	816	```ruby
	817	docker_con tainer 'bi nd_mounter ' do
	818	repo 'bu sybox'
	819	command 'ls -la /b its /more- bits'
	820	volumes ['/hostbit s:/bits', '/more-hos tbits:/mor e-bits']
	821	action : run_if_mis sing
	822	end
	823	```
	824
	825	- Mount vo lumes from another c ontainer
	826
	827	```ruby
	828	docker_con tainer 'ch ef_contain er' do
	829	command 'true'
	830	volumes '/opt/chef '
	831	action : create
	832	end
	833
	834	docker_con tainer 'oh ai_debian' do
	835	command '/opt/chef /embedded/ bin/ohai p latform'
	836	repo 'de bian'
	837	volumes_ from 'chef _container '
	838	end
	839	```
	840
	841	- Set a co ntainer's entrypoint
	842
	843	```ruby
	844	docker_con tainer 'oh ai_again_d ebian' do
	845	repo 'de bian'
	846	volumes_ from 'chef _container '
	847	entrypoi nt '/opt/c hef/embedd ed/bin/oha i'
	848	command 'platform'
	849	action : run_if_mis sing
	850	end
	851	```
	852
	853	- Automati cally remo ve a conta iner after it exits
	854
	855	```ruby
	856	docker_con tainer 'se an_was_her e' do
	857	command "touch /op t/chef/sea n_was_here -#{Time.ne w.strftime ('%Y%m%d%H %M')}"
	858	repo 'de bian'
	859	volumes_ from 'chef _container '
	860	autoremo ve true
	861	action : run
	862	end
	863	```
	864
	865	- Grant NE T_ADMIN ri ghts to a container
	866
	867	```ruby
	868	docker_con tainer 'ca p_add_net_ admin' do
	869	repo 'de bian'
	870	command 'b ash -c "ip addr add IP /24 brd + dev eth0 l abel eth0: 0 ; ip add r list"'
	871	cap_add 'NET_ADMIN '
	872	action : run_if_mis sing
	873	end
	874	```
	875
	876	- Revoke M KNOD right s to a con tainer
	877
	878	```ruby
	879	docker_c ontainer ' cap_drop_m knod' do
	880	repo 'de bian'
	881	command 'bash -c " mknod -m 4 44 /dev/ur andom2 c 1 9 ; ls -l a /dev/ura ndom2"'
	882	cap_drop 'MKNOD'
	883	action : run_if_mis sing
	884	end
	885	```
	886
	887	- Set a co ntainer's hostname a nd domainn ame
	888
	889	```ruby
	890	docker_con tainer 'fq dn' do
	891	repo 'de bian'
	892	command 'hostname -f'
	893	host_nam e 'compute rs'
	894	domain_n ame 'biz'
	895	action : run_if_mis sing
	896	end
	897	```
	898
	899	- Set a co ntainer's DNS resolu tion
	900
	901	```ruby
	902	docker_con tainer 'dn s' do
	903	repo 'de bian'
	904	command 'cat /etc/ resolv.con f'
	905	host_nam e 'compute rs'
	906	dns ['4. 3.2.1', '1 .2.3.4']
	907	dns_sear ch ['compu ters.biz', 'chef.io' ]
	908	action : run_if_mis sing
	909	end
	910	```
	911
	912	- Add extr a hosts to a contain er's `/etc /hosts`
	913
	914	```ruby
	915	docker_con tainer 'ex tra_hosts' do
	916	repo 'de bian'
	917	command 'cat /etc/ hosts'
	918	extra_ho sts ['east :4.3.2.1', 'west:1.2 .3.4']
	919	action : run_if_mis sing
	920	end
	921	```
	922
	923	- Manage c ontainer's restart_p olicy
	924
	925	```ruby
	926	docker_con tainer 'tr y_try_agai n' do
	927	repo 'al pine'
	928	tag '3.1 '
	929	command 'grep asda sdasd /etc /passwd'
	930	restart_ policy 'on -failure'
	931	restart_ maximum_re try_count 2
	932	action : run_if_mis sing
	933	end
	934
	935	docker_con tainer 're boot_survi vor' do
	936	repo 'al pine'
	937	tag '3.1 '
	938	command 'nc -ll -p 123 -e /b in/cat'
	939	port '12 3'
	940	restart_ policy 'al ways'
	941	action : run_if_mis sing
	942	end
	943	```
	944
	945	- Manage c ontainer l inks
	946
	947	```ruby
	948	docker_con tainer 'li nk_source' do
	949	repo 'al pine'
	950	tag '3.1 '
	951	env ['FO O=bar', 'B IZ=baz']
	952	command 'nc -ll -p 321 -e /b in/cat'
	953	port '32 1'
	954	action : run_if_mis sing
	955	end
	956
	957	docker_con tainer 'li nk_target_ 1' do
	958	repo 'al pine'
	959	tag '3.1 '
	960	env ['AS D=asd']
	961	command 'ping -c 1 hello'
	962	links [' link_sourc e:hello']
	963	action : run_if_mis sing
	964	end
	965
	966	docker_con tainer 'li nk_target_ 2' do
	967	repo 'al pine'
	968	tag '3.1 '
	969	command 'env'
	970	links [' link_sourc e:hello']
	971	action : run_if_mis sing
	972	end
	973
	974	execute 'r edeploy_li nk_source' do
	975	command 'touch /ma rker_conta iner_redep loy_link_s ource'
	976	creates '/marker_c ontainer_r edeploy_li nk_source'
	977	notifies :redeploy , 'docker_ container[ link_sourc e]', :imme diately
	978	notifies :redeploy , 'docker_ container[ link_targe t_1]', :im mediately
	979	notifies :redeploy , 'docker_ container[ link_targe t_2]', :im mediately
	980	action : run
	981	end
	982	```
	983
	984	- Mutate a container between c hef-client runs
	985
	986	```ruby
	987	docker_tag 'mutator_ from_busyb ox' do
	988	target_r epo 'busyb ox'
	989	target_t ag 'latest '
	990	to_repo 'someara/m utator'
	991	target_t ag 'latest '
	992	end
	993
	994	docker_con tainer 'mu tator' do
	995	repo 'so meara/muta tor'
	996	tag 'lat est'
	997	command "sh -c 'to uch /mutat or-`date + \"%Y-%m-%d _%H-%M-%S\ "`'"
	998	outfile '/mutator. tar'
	999	force tr ue
	1000	action : run_if_mis sing
	1001	end
	1002
	1003	execute 'c ommit muta tor' do
	1004	command 'true'
	1005	notifies :commit, 'docker_co ntainer[mu tator]', : immediatel y
	1006	notifies :export, 'docker_co ntainer[mu tator]', : immediatel y
	1007	notifies :redeploy , 'docker_ container[ mutator]', :immediat ely
	1008	action : run
	1009	end
	1010	```
	1011
	1012	- Specify read/write timeouts
	1013
	1014	```ruby
	1015	docker_con tainer 'ap i_timeouts ' do
	1016	repo 'al pine'
	1017	read_tim eout 60
	1018	write_ti meout 60
	1019	end
	1020	```
	1021
	1022	- Specify a custom l ogging dri ver and it s options
	1023
	1024	```ruby
	1025	docker_con tainer 'sy slogger' d o
	1026	repo 'al pine'
	1027	tag '3.1 '
	1028	command 'nc -ll -p 780 -e /b in/cat'
	1029	log_driv er 'syslog '
	1030	log_opts 'syslog-t ag=contain er-syslogg er'
	1031	end
	1032	```
	1033
	1034	- Connect to an exte rnal docke r daemon a nd create a containe r
	1035
	1036	```ruby
	1037	docker_con tainer 'ex ternal_dae mon' do
	1038	repo 'al pine'
	1039	host 'tc p://1.2.3. 4:2376'
	1040	action : create
	1041	end
	1042	```
	1043
	1044	### Proper ties
	1045
	1046	Most `dock er_contain er` proper ties are t he `snake_ case` vers ion of the `CamelCas e` keys fo und in the [Docker R emote Api] (https://d ocs.docker .com/refer ence/api/d ocker_remo te_api_v1. 20/)
	1047
	1048	- `contain er_name` - The name of the con tainer. De faults to the name o f the `doc ker_contai ner` resou rce.
	1049	- `repo` - aka `imag e_name`. T he first h alf of a t he complet e identifi er for a D ocker Imag e.
	1050	- `tag` - The second half of a Docker im age's iden tity. - De faults to `latest`.
	1051	- `command ` - The co mmand to r un when st arting the container .
	1052	- `autorem ove` - Boo lean - Aut omatically delete a container when it's command ex its. Defau lts to `fa lse`.
	1053	- `volumes ` - An arr ay of volu me binding s for this container . Each vol ume bindin g is a str ing in one of these forms: `co ntainer_pa th` to cre ate a new volume for the conta iner. `hos t_path:con tainer_pat h` to bind -mount a h ost path i nto the co ntainer. ` host_path: container_ path:ro` t o make the bind-moun t read-onl y inside t he contain er.
	1054	- `cap_add ` - An arr ay Linux C apabilitie s (`man 7 capabiliti es`) to ad d to grant the conta iner beyon d what it normally g ets.
	1055	- `cap_dro p` - An ar ray Linux Capabiliti es (`man 7 capabilit ies`) to r evoke that the conta iner norma lly has.
	1056	- `cpu_sha res` - An integer va lue contai ning the C PU Shares for the co ntainer.
	1057	- `devices ` - A Hash of device s to add t o the cont ainer.
	1058	- `dns` - An array o f DNS serv ers the co ntainer wi ll use for name reso lution.
	1059	- `dns_sea rch` - An array of d omains the container will sear ch for nam e resoluti on.
	1060	- `domain_ name` - Se t's the co ntainer's dnsdomainn ame as ret urned by t he `dnsdom ainname` c ommand.
	1061	- `entrypo int` - Set the entry point for the conta iner as a string or an array o f strings.
	1062	- `env` - Set enviro nment vari ables in t he contain er in the form `['FO O=bar', 'B IZ=baz']`
	1063	- `extra_h osts` - An array of hosts to a dd to the container' s `/etc/ho sts` in th e form `[' host_a: IP ', 'host_b : IP ']`
	1064	- `force` - A boolea n to use i n containe r operatio ns that su pport a `f orce` opti on. Defaul ts to `fal se`
	1065	- `host` - A string containing the host the API sh ould commu nicate wit h. Default s to ENV[' DOCKER_HOS T'] if set
	1066	- `host_na me` - The hostname f or the con tainer.
	1067	- `labels` A string, array, or hash to s et metadat a on the c ontainer i n the form ['foo:bar ', 'hello: world']`
	1068	- `links` - An array of source container /alias pai rs to link the conta iner to in the form `[containe r_a:www', container_ b:db']`
	1069	- `log_dri ver` - Set s a custom logging d river for the contai ner (json- file/syslo g/journald /gelf/flue ntd/none).
	1070	- `log_opt s` - Confi gures the above logg ing driver options ( driver-spe cific).
	1071	- `mac_add ress` - Th e mac addr ess for th e containe r to use.
	1072	- `memory` - Memory limit in b ytes.
	1073	- `memory_ swap` - To tal memory limit (me mory + swa p); set `- 1` to disa ble swap l imit (unli mited). Yo u must use this with memory an d make the swap valu e larger t han memory .
	1074	- `network _disabled` - Boolean to disabl e networki ng. Defaul ts to `fal se`.
	1075	- `network _mode` - S ets the ne tworking m ode for th e containe r. One of `bridge`, `host`, `c ontainer`.
	1076	- `open_st din` - Boo lean value , opens st din. Defau lts to `fa lse`.
	1077	- `outfile ` - The pa th to writ e the file when usin g `:export ` action.
	1078	- `port` - The port configurat ion to use in the co ntainer. M atches the syntax us ed by the `docker` C LI tool.
	1079	- `privile ged` - Boo lean to st art the co ntainer in privilege d more. De faults to `false`
	1080	- `publish _all_ports ` - Alloca tes a rand om host po rt for all of a cont ainer's ex posed port s.
	1081	- `remove_ volumes` - A boolean to clean up "dangli ng" volume s when rem oving the last conta iner with a referenc e to it. D efault to `false` to match the Docker CL I behavior .
	1082	- `restart _policy` - One of `n o`, `on-fa ilure`, `u nless-stop ped`, or ` always`. U se `always ` if you w ant a serv ice contai ner to sur vive a Doc kerhost re boot. Defa ults to `n o`.
	1083	- `restart _maximum_r etry_count ` - Maximu m number o f restarts to try wh en `restar t_policy` is `on-fai lure`. Def aults to a n ever inc reasing de lay (doubl e the prev ious delay , starting at 100mS) , to preve nt floodin g the serv er.
	1084	- `securit y_opts` - A list of string val ues to cus tomize lab els for ML S systems, such as S ELinux.
	1085	- `signal` - The sig nal to sen d when usi ng the `:k ill` actio n. Default s to `SIGT ERM`.
	1086	- `tty` - Boolean va lue to all ocate a ps eudo-TTY. Defaults t o `false`.
	1087	- `user` - A string value spec ifying the user insi de the con tainer.
	1088	- `volumes ` - An Arr ay of path s inside t he contain er to expo se. Does t he same th ing as the `VOLUME` directive in a Docke rfile, but works on container creation.
	1089	- `volumes _from` - A list of v olumes to inherit fr om another container . Specifie d in the f orm `<cont ainer name >[:<ro\|rw> ]`
	1090	- `working _dir` - A string spe cifying th e working directory for comman ds to run in.
	1091	- `read_ti meout` - M ay need to increase for commit s or expor ts that ar e slow
	1092	- `write_t imeout` - May need t o increase for commi ts or expo rts that a re slow
	1093	- `kill_af ter` - Num ber of sec onds to wa it before killing th e containe r. Default s to wait indefinite ly; eventu ally will hit read_t imeout lim it.
	1094	- `timeout ` - Second s to wait for an att ached cont ainer to r eturn
	1095	- `tls` - Use TLS; i mplied by --tlsverif y. Default s to ENV[' DOCKER_TLS '] if set
	1096	- `tls_ver ify` - Use TLS and v erify the remote. De faults to ENV['DOCKE R_TLS_VERI FY'] if se t
	1097	- `tls_ca_ cert` - Tr ust certs signed onl y by this CA. Defaul ts to ENV[ 'DOCKER_CE RT_PATH'] if set
	1098	- `tls_cli ent_cert` - Path to TLS certif icate file for docke r cli. Def aults to E NV['DOCKER _CERT_PATH '] if set
	1099	- `tls_cli ent_key` - Path to T LS key fil e for dock er cli. De faults to ENV['DOCKE R_CERT_PAT H'] if set
	1100	- `userns_ mode` - Mo dify the u ser namesp ace mode - Defaults to `nil`, example op tion: `hos t`
	1101	- `pid_mod e` - Set t he PID (Pr ocess) Nam espace mod e for the container. `host`: u se the hos t's PID na mespace in side the c ontainer.
	1102	- `ipc_mod e` - Set t he IPC mod e for the container - Defaults to `nil`, example o ption: `ho st`
	1103	- `uts_mod e` - Set t he UTS nam espace mod e for the container. The UTS n amespace i s for sett ing the ho stname and the domai n that is visible to running p rocesses i n that nam espace. By default, all contai ners, incl uding thos e with `-- network=ho st`, have their own UTS namesp ace. The h ost settin g will res ult in the container using the same UTS namespace as the hos t. Note th at --hostn ame is inv alid in ho st UTS mod e.
	1104	- `ro_root fs` - Moun t the cont ainer's ro ot filesys tem as rea d only. De faults to `false`
	1105
	1106	### Action s
	1107
	1108	- `:create ` - Create s the cont ainer but does not s tart it. U seful for Volume con tainers.
	1109	- `:start` - Starts the contai ner. Usefu l for cont ainers tha t run jobs .. command that exit .
	1110	- `:run` - The defau lt action. Both `:cr eate` and `:start` t he contain er in one action. Re deploys th e containe r on resou rce change .
	1111	- `:run_if _missing` - Runs a c ontainer o nly once.
	1112	- `:stop` - Stops th e containe r.
	1113	- `:restar t` - Stops the start s the cont ainer.
	1114	- `:kill` - Send a s ignal to t he contain er process . Defaults to `SIGKI LL`.
	1115	- `:pause` - Pauses the contai ner.
	1116	- `:unpaus e` - Unpau ses the co ntainer.
	1117	- `:delete ` - Delete s the cont ainer.
	1118	- `:redepl oy` - Dele tes and ru ns the con tainer.
	1119
	1120	## docker_ registry
	1121
	1122	The `docke r_registry ` resource is respon sible for managing t he connect ion auth i nformation to a Dock er registr y.
	1123
	1124	### docker _registry action :lo gin
	1125
	1126	- Log into or regist er with pu blic regis try:
	1127
	1128	```ruby
	1129	docker_reg istry 'htt ps://index .docker.io /v1/' do
	1130	username 'publicme '
	1131	password 'hope_thi s_is_in_en crypted_da tabag'
	1132	email 'p ublicme@co mputers.bi z'
	1133	end
	1134	```
	1135
	1136	Log into p rivate reg istry with optional port:
	1137
	1138	```ruby
	1139	docker_reg istry 'my local regi stry' do
	1140	servera ddress 'ht tps://regi stry.compu ters.biz:8 443/'
	1141	usernam e 'private me'
	1142	passwor d 'still_h ope_this_i s_in_encry pted_datab ag'
	1143	email ' privateme@ computers. biz'
	1144	end
	1145	```
	1146
	1147	## docker_ network
	1148
	1149	The `docke r_network` resource is respons ible for m anaging Do cker named networks. Usage of `overlay` driver req uires the `docker_se rvice` to be configu red to use a distrib uted key/v alue store like `etc d`, `consu l`, or `zo okeeper`.
	1150
	1151	### docker _network a ction :cre ate
	1152
	1153	```ruby
	1154	docker_net work 'my_n etwork' do
	1155	subnet ' 192.168.88 .0/24'
	1156	gateway '192.168.8 8.1'
	1157	action : create
	1158	end
	1159
	1160	docker_con tainer 'ec ho-base' d o
	1161	repo 'al pine'
	1162	tag '3.1 '
	1163	command 'nc -ll -p 1337 -e / bin/cat'
	1164	port '13 37'
	1165	network_ mode 'my_n etwork'
	1166	action : run
	1167	end
	1168	```
	1169
	1170	### Proper ties
	1171
	1172	- `driver` - The net work drive r to use. Defaults t o `bridge` , other op tions incl ude `overl ay`.
	1173	- `subnet` - Specify the subne t(s) for t he network . Ex: `192 .168.0.0/1 6`
	1174	- `gateway ` - Specif y the gate way(s) for the netwo rk. Ex: `1 92.168.0.1 `
	1175	- `ip_rang e` - Speci fy a range of IPs to allocate for contai ners. Ex: `192.168.1 .0/24`
	1176	- `aux_add ress` - Au xillary ad dresses fo r the netw ork. Ex: ` ['a=192.16 8.1.5', 'b =192.168.1 .6']`
	1177
	1178	### Exampl e
	1179
	1180	```ruby
	1181	docker_net work 'netw ork_g' do
	1182	driver ' overlay'
	1183	subnet [ '192.168.0 .0/16', '1 92.170.0.0 /16']
	1184	gateway ['192.168. 0.100', '1 92.170.0.1 00']
	1185	ip_range '192.168. 1.0/24'
	1186	aux_addr ess ['a=19 2.168.1.5' , 'b=192.1 68.1.6', ' a=192.170. 1.5', 'b=1 92.170.1.6 ']
	1187	end
	1188	```
	1189
	1190	### Action s
	1191
	1192	- `:create ` - create a network
	1193	- `:delete ` - create a network
	1194
	1195	## docker_ volume
	1196
	1197	The `docke r_volume` resource i s responsi ble for ma naging Doc ker named volumes.
	1198
	1199	### docker _volume ac tion :crea te
	1200
	1201	```ruby
	1202	docker_vol ume 'hello ' do
	1203	action : create
	1204	end
	1205
	1206	docker_con tainer 'fi le_writer' do
	1207	repo 'al pine'
	1208	tag '3.1 '
	1209	volumes 'hello:/he llo'
	1210	command 'touch /he llo/sean_w as_here'
	1211	action : run_if_mis sing
	1212	end
	1213	```
	1214
	1215	### Action s
	1216
	1217	- `:create ` - create a network
	1218	- `:remove ` - create a network
	1219
	1220	## docker_ execute
	1221
	1222	The `docke r_execute` resource allows you to execut e commands inside of a running container .
	1223
	1224	### Exampl es
	1225
	1226	```ruby
	1227	docker_exe c 'touch_i t' do
	1228	containe r 'busybox _exec'
	1229	command ['touch', '/tmp/onef ile']
	1230	end
	1231	```
	1232
	1233	### Proper ties
	1234
	1235	- `host` - Daemon so cket(s) to connect t o - `tcp:/ /host:port `, `unix:/ //path/to/ socket`, ` fd://*` or `fd://soc ketfd`.
	1236	- `command ` - A comm and struct ured as an Array sim ilar to `C MD` in a D ockerfile.
	1237	- `contain er` - Name of the co ntainer to execute t he command in.
	1238	- `timeout `- Seconds to wait f or an atta ched conta iner to re turn. Defa ults to 60 seconds.
	1239
	1240	### Action s
	1241
	1242	- `:run` - Runs the command
	1243
	1244	## Testing and Devel opment
	1245
	1246	- Full dev elopment a nd testing workflow with Test Kitchen an d friends:
	1247
	1248	<testing .md>
	1249	</testin g.md>
	1250
	1251	## Contrib uting
	1252
	1253	Please see contribut ing inform ation in:
	1254
	1255	<contribut ing.md>
	1256	</contribu ting.md>
	1257
	1258	## Maintai ners
	1259
	1260	- Sean OMe ara ([sean @sean.io]( mailto:sea n@sean.io) )
	1261	- Brian Fl ad ([bflad 417@gmail. com](mailt o:bflad417 @gmail.com ))
	1262	- Tom Duff ield (<htt p://tomduf field.com> )
	1263	- Fletcher Nichol ([ fnichol@ni chol.ca](m ailto:fnic hol@nichol .ca))
	1264	- Chase Bo lt ([chase .bolt@gmai l.com](mai lto:chase. bolt@gmail .com))
	1265
	1266	## License
	1267
	1268	Licensed u nder the A pache Lice nse, Versi on 2.0 (th e "License "); you ma y not use this file except in compliance with the License. Y ou may obt ain a copy of the Li cense at
	1269
	1270	```
	1271	http://www .apache.or g/licenses /LICENSE-2 .0
	1272	```
	1273
	1274	Unless req uired by a pplicable law or agr eed to in writing, s oftware di stributed under the License is distribut ed on an " AS IS" BAS IS, WITHOU T WARRANTI ES OR COND ITIONS OF ANY KIND, either exp ress or im plied. See the Licen se for the specific language g overning p ermissions and limit ations und er the Lic ense.