github.com/mmcquillan/packer@v1.1.1-0.20171009221028-c85cf0483a5d/website/source/docs/builders/docker.html.md (about) 1 --- 2 description: | 3 The docker Packer builder builds Docker images using Docker. The builder 4 starts a Docker container, runs provisioners within this container, then 5 exports the container for reuse or commits the image. 6 layout: docs 7 page_title: 'Docker - Builders' 8 sidebar_current: 'docs-builders-docker' 9 --- 10 11 # Docker Builder 12 13 Type: `docker` 14 15 The `docker` Packer builder builds [Docker](https://www.docker.io) images using 16 Docker. The builder starts a Docker container, runs provisioners within this 17 container, then exports the container for reuse or commits the image. 18 19 Packer builds Docker containers *without* the use of 20 [Dockerfiles](https://docs.docker.com/engine/reference/builder/). By not using 21 `Dockerfiles`, Packer is able to provision containers with portable scripts or 22 configuration management systems that are not tied to Docker in any way. It also 23 has a simple mental model: you provision containers much the same way you 24 provision a normal virtualized or dedicated server. For more information, read 25 the section on [Dockerfiles](#dockerfiles). 26 27 The Docker builder must run on a machine that has Docker installed. Therefore 28 the builder only works on machines that support Docker. You can learn about 29 what [platforms Docker supports and how to install onto them](https://docs.docker.com/engine/installation/) in the Docker documentation. 30 31 ## Basic Example: Export 32 33 Below is a fully functioning example. It doesn't do anything useful, since no 34 provisioners are defined, but it will effectively repackage an image. 35 36 ``` json 37 { 38 "type": "docker", 39 "image": "ubuntu", 40 "export_path": "image.tar" 41 } 42 ``` 43 44 ## Basic Example: Commit 45 46 Below is another example, the same as above but instead of exporting the running 47 container, this one commits the container to an image. The image can then be 48 more easily tagged, pushed, etc. 49 50 ``` json 51 { 52 "type": "docker", 53 "image": "ubuntu", 54 "commit": true 55 } 56 ``` 57 58 ## Basic Example: Changes to Metadata 59 60 Below is an example using the changes argument of the builder. This feature 61 allows the source images metadata to be changed when committed back into the 62 Docker environment. It is derived from the `docker commit --change` command 63 line [option to 64 Docker](https://docs.docker.com/engine/reference/commandline/commit/). 65 66 Example uses of all of the options, assuming one is building an NGINX image 67 from ubuntu as an simple example: 68 69 ``` json 70 { 71 "type": "docker", 72 "image": "ubuntu", 73 "commit": true, 74 "changes": [ 75 "USER www-data", 76 "WORKDIR /var/www", 77 "ENV HOSTNAME www.example.com", 78 "VOLUME /test1 /test2", 79 "EXPOSE 80 443", 80 "LABEL version=1.0", 81 "ONBUILD RUN date", 82 "CMD [\"nginx\", \"-g\", \"daemon off;\"]", 83 "ENTRYPOINT /var/www/start.sh" 84 ] 85 } 86 ``` 87 88 Allowed metadata fields that can be changed are: 89 90 - CMD 91 - String, supports both array (escaped) and string form 92 - EX: `"CMD [\"nginx\", \"-g\", \"daemon off;\"]"` 93 - EX: `"CMD nginx -g daemon off;"` 94 - ENTRYPOINT 95 - String 96 - EX: `"ENTRYPOINT /var/www/start.sh"` 97 - ENV 98 - String, note there is no equal sign: 99 - EX: `"ENV HOSTNAME www.example.com"` not `"ENV HOSTNAME=www.example.com"` 100 - EXPOSE 101 - String, space separated ports 102 - EX: `"EXPOSE 80 443"` 103 - LABEL 104 - String, space separated key=value pairs 105 - EX: `"LABEL version=1.0"` 106 - ONBUILD 107 - String 108 - EX: `"ONBUILD RUN date"` 109 - MAINTAINER 110 - String, deprecated in Docker version 1.13.0 111 - EX: `"MAINTAINER NAME"` 112 - USER 113 - String 114 - EX: `"USER USERNAME"` 115 - VOLUME 116 - String 117 - EX: `"VOLUME FROM TO"` 118 - WORKDIR 119 - String 120 - EX: `"WORKDIR PATH"` 121 122 ## Configuration Reference 123 124 Configuration options are organized below into two categories: required and 125 optional. Within each category, the available options are alphabetized and 126 described. 127 128 In addition to the options listed here, a 129 [communicator](/docs/templates/communicator.html) can be configured for this 130 builder. 131 132 ### Required: 133 134 You must specify (only) one of `commit`, `discard`, or `export_path`. 135 136 - `commit` (boolean) - If true, the container will be committed to an image 137 rather than exported. 138 139 - `discard` (boolean) - Throw away the container when the build is complete. 140 This is useful for the [artifice 141 post-processor](https://www.packer.io/docs/post-processors/artifice.html). 142 143 - `export_path` (string) - The path where the final container will be exported 144 as a tar file. 145 146 - `image` (string) - The base image for the Docker container that will 147 be started. This image will be pulled from the Docker registry if it doesn't 148 already exist. 149 150 ### Optional: 151 152 - `author` (string) - Set the author (e-mail) of a commit. 153 154 - `aws_access_key` (string) - The AWS access key used to communicate with AWS. 155 [Learn how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials) 156 157 - `aws_secret_key` (string) - The AWS secret key used to communicate with AWS. 158 [Learn how to set this.](/docs/builders/amazon.html#specifying-amazon-credentials) 159 160 - `aws_token` (string) - The AWS access token to use. This is different from the 161 access key and secret key. If you're not sure what this is, then you 162 probably don't need it. This will also be read from the `AWS_SESSION_TOKEN` 163 environmental variable. 164 165 - `changes` (array of strings) - Dockerfile instructions to add to the commit. 166 Example of instructions are `CMD`, `ENTRYPOINT`, `ENV`, and `EXPOSE`. Example: 167 `[ "USER ubuntu", "WORKDIR /app", "EXPOSE 8080" ]` 168 169 - `ecr_login` (boolean) - Defaults to false. If true, the builder will login in 170 order to pull the image from 171 [Amazon EC2 Container Registry (ECR)](https://aws.amazon.com/ecr/). 172 The builder only logs in for the duration of the pull. If true 173 `login_server` is required and `login`, `login_username`, and 174 `login_password` will be ignored. For more information see the 175 [section on ECR](#amazon-ec2-container-registry). 176 177 * `exec_user` (string) - Username or UID (format: <name|uid>[:<group|gid>]) 178 to run remote commands with. You may need this if you get permission errors 179 trying to run the `shell` or other provisioners. 180 181 - `login` (boolean) - Defaults to false. If true, the builder will login in 182 order to pull the image. The builder only logs in for the duration of 183 the pull. It always logs out afterwards. For log into ECR see `ecr_login`. 184 185 - `login_email` (string) - The email to use to authenticate to login. 186 187 - `login_username` (string) - The username to use to authenticate to login. 188 189 - `login_password` (string) - The password to use to authenticate to login. 190 191 - `login_server` (string) - The server address to login to. 192 193 - `message` (string) - Set a message for the commit. 194 195 - `privileged` (boolean) - If true, run the docker container with the 196 `--privileged` flag. This defaults to false if not set. 197 198 - `pull` (boolean) - If true, the configured image will be pulled using 199 `docker pull` prior to use. Otherwise, it is assumed the image already 200 exists and can be used. This defaults to true if not set. 201 202 - `run_command` (array of strings) - An array of arguments to pass to 203 `docker run` in order to run the container. By default this is set to 204 `["-d", "-i", "-t", "{{.Image}}", "/bin/bash"]`. As you can see, you have a 205 couple template variables to customize, as well. 206 207 - `volumes` (map of strings to strings) - A mapping of additional volumes to 208 mount into this container. The key of the object is the host path, the value 209 is the container path. 210 211 - `container_dir` (string) - The directory inside container to mount 212 temp directory from host server for work [file provisioner](/docs/provisioners/file.html). 213 By default this is set to `/packer-files`. 214 215 ## Using the Artifact: Export 216 217 Once the tar artifact has been generated, you will likely want to import, tag, 218 and push it to a container repository. Packer can do this for you automatically 219 with the [docker-import](/docs/post-processors/docker-import.html) and 220 [docker-push](/docs/post-processors/docker-push.html) post-processors. 221 222 **Note:** This section is covering how to use an artifact that has been 223 *exported*. More specifically, if you set `export_path` in your configuration. 224 If you set `commit`, see the next section. 225 226 The example below shows a full configuration that would import and push the 227 created image. This is accomplished using a sequence definition (a collection of 228 post-processors that are treated as as single pipeline, see 229 [Post-Processors](/docs/templates/post-processors.html) for more information): 230 231 ``` json 232 { 233 "post-processors": [ 234 [ 235 { 236 "type": "docker-import", 237 "repository": "hashicorp/packer", 238 "tag": "0.7" 239 }, 240 "docker-push" 241 ] 242 ] 243 } 244 ``` 245 246 In the above example, the result of each builder is passed through the defined 247 sequence of post-processors starting first with the `docker-import` 248 post-processor which will import the artifact as a docker image. The resulting 249 docker image is then passed on to the `docker-push` post-processor which handles 250 pushing the image to a container repository. 251 252 If you want to do this manually, however, perhaps from a script, you can import 253 the image using the process below: 254 255 ``` shell 256 $ docker import - registry.mydomain.com/mycontainer:latest < artifact.tar 257 ``` 258 259 You can then add additional tags and push the image as usual with `docker tag` 260 and `docker push`, respectively. 261 262 ## Using the Artifact: Committed 263 264 If you committed your container to an image, you probably want to tag, save, 265 push, etc. Packer can do this automatically for you. An example is shown below 266 which tags and pushes an image. This is accomplished using a sequence definition 267 (a collection of post-processors that are treated as as single pipeline, see 268 [Post-Processors](/docs/templates/post-processors.html) for more information): 269 270 ``` json 271 { 272 "post-processors": [ 273 [ 274 { 275 "type": "docker-tag", 276 "repository": "hashicorp/packer", 277 "tag": "0.7" 278 }, 279 "docker-push" 280 ] 281 ] 282 } 283 ``` 284 285 In the above example, the result of each builder is passed through the defined 286 sequence of post-processors starting first with the `docker-tag` post-processor 287 which tags the committed image with the supplied repository and tag information. 288 Once tagged, the resulting artifact is then passed on to the `docker-push` 289 post-processor which handles pushing the image to a container repository. 290 291 Going a step further, if you wanted to tag and push an image to multiple 292 container repositories, this could be accomplished by defining two, 293 nearly-identical sequence definitions, as demonstrated by the example below: 294 295 ``` json 296 { 297 "post-processors": [ 298 [ 299 { 300 "type": "docker-tag", 301 "repository": "hashicorp/packer", 302 "tag": "0.7" 303 }, 304 "docker-push" 305 ], 306 [ 307 { 308 "type": "docker-tag", 309 "repository": "hashicorp/packer", 310 "tag": "0.7" 311 }, 312 "docker-push" 313 ] 314 ] 315 } 316 ``` 317 318 <span id="amazon-ec2-container-registry"></span> 319 320 ## Amazon EC2 Container Registry 321 322 Packer can tag and push images for use in 323 [Amazon EC2 Container Registry](https://aws.amazon.com/ecr/). The post 324 processors work as described above and example configuration properties are 325 shown below: 326 327 ``` json 328 { 329 "post-processors": [ 330 [ 331 { 332 "type": "docker-tag", 333 "repository": "12345.dkr.ecr.us-east-1.amazonaws.com/packer", 334 "tag": "0.7" 335 }, 336 { 337 "type": "docker-push", 338 "ecr_login": true, 339 "aws_access_key": "YOUR KEY HERE", 340 "aws_secret_key": "YOUR SECRET KEY HERE", 341 "login_server": "https://12345.dkr.ecr.us-east-1.amazonaws.com/" 342 } 343 ] 344 ] 345 } 346 ``` 347 348 [Learn how to set Amazon AWS credentials.](/docs/builders/amazon.html#specifying-amazon-credentials) 349 350 ## Dockerfiles 351 352 This builder allows you to build Docker images *without* Dockerfiles. 353 354 With this builder, you can repeatably create Docker images without the use of a 355 Dockerfile. You don't need to know the syntax or semantics of Dockerfiles. 356 Instead, you can just provide shell scripts, Chef recipes, Puppet manifests, 357 etc. to provision your Docker container just like you would a regular 358 virtualized or dedicated machine. 359 360 While Docker has many features, Packer views Docker simply as an container 361 runner. To that end, Packer is able to repeatably build these containers 362 using portable provisioning scripts. 363 364 Dockerfiles have some additional features that Packer doesn't support which are 365 able to be worked around. Many of these features will be automated by Packer in 366 the future: 367 368 - Dockerfiles will snapshot the container at each step, allowing you to go 369 back to any step in the history of building. Packer doesn't do this yet, but 370 inter-step snapshotting is on the way. 371 372 - Dockerfiles can contain information such as exposed ports, shared volumes, 373 and other metadata. Packer builds a raw Docker container image that has none 374 of this metadata. You can pass in much of this metadata at runtime with 375 `docker run`. 376 377 ## Overriding the host directory 378 379 By default, Packer creates a temporary folder under your home directory, and 380 uses that to stage files for uploading into the container. If you would like to 381 change the path to this temporary folder, you can set the `PACKER_TMP_DIR` 382 environment variable. This can be useful, for example, if you have your home 383 directory permissions set up to disallow access from the docker daemon.