Phusion white papers Phusion overview

Phusion Blog

Your Docker image might be broken without you knowing it

By Hongli Lai on February 18th, 2014

Docker is an awesome new technology for the creation of lightweight containers. It has many purposes and serves as a good building block for PaaS, application deployments, continuous integration systems and more. No wonder it’s becoming more and more popular every day.

However what a lot of people may not realize is that the operating system inside the container must be configured correctly, and that this is not easy to do. Unix has many strange corner cases that are hard to get right if you are not intimately familiar with the Unix system model. This can cause a lot of strange problems. In other words, your Docker image might be broken, without you knowing it.

To raise awareness about this problem, we’ve published a website which explains the problem in detail. It explains what exactly could be broken, why it’s broken that way, and what can be done to fix them.

And to make it easier for other Docker users to get things right, we’ve published a preconfigured image — baseimage-docker — which does get everything right. This potentially saves you a lot of time.

Learn the right way to build your Dockerfile.

One of the gripes we have with random Docker images on the Docker registry is that they’re often very poorly documented, and do not provide the original Dockerfile from which they’re created. With baseimage-docker, we’re breaking that tradition by providing excellent documentation and by making the entire build reproducible. The Dockerfile and all other sources are available at Github, for everyone to see and to modify.

Happy Docking!

Docker-friendly Vagrant boxes

By Hongli Lai on November 8th, 2013


We heavily utilize Vagrant in our development workflow. Vagrant is a tool for easily setting up virtual machines as development environments, making it easy to distribute development environments and making them reconstructible and resetable. It has proven to be an indispensable tool when working in development teams with more than 1 person, especially when not everybody uses the same operating system.

Lately we’ve been working with Docker, which is a cool new OS-level virtualization technology. Docker officially describes it as “iPhone apps for your server”, but being the hardcore system-level guys that we are, we dislike this description. Instead we’d like to describe Docker as “FreeBSD jails for Linux + an ecosystem to make it a joy to use”. Docker, while still young and not production-ready, is very promising and can make virtualization cheap and efficient.

Googling for Vagrant and Docker will yield plenty of information and tutorials.

Today, we are releasing Docker-friendly Vagrant boxes based on Ubuntu 12.04. Docker requires at least kernel 3.8, but all the Ubuntu 12.04 Vagrant boxes that we’ve encountered so far come with kernel 3.2 or 3.5, so that installing Docker on them requires a reboot. This makes provisioning a VM to be significantly more painful than it should be.

Update April 23 2014: we now also provide Vagrant boxes based on Ubuntu 14.04. The 12.04 boxes are still available. See the website for more information.

These boxes differ from the ones provided by in the following ways as well:

  • We provide 2 virtual CPUs by default, so that the boxes can make better use of multicore hosts.
  • We provide more RAM by default: 1 GB.
  • We provide a bigger virtual hard disk: around 40 GB. So that you don’t have to worry about running out of disk space inside your VM.
  • We use LVM so that partitioning is easier.
  • The memory cgroup and swap accounting are turned on, for some Docker features.
  • Chef is installed via the Ubuntu packages that they provide, instead of via RubyGems. This way the box doesn’t have to come with Ruby by default, making the environment cleaner.
  • Our VMWare Fusion boxes recompile VMWare Tools on every kernel upgrade, so that Shared Folders keep working even if you change the kernel.

These base boxes are automatically built from Veewee definitions. These definitions makes building boxes quick and unambigious. The entire building process is described in the definitions; no manual intervention is required.

We provide prebuilt boxes at, but you can build them yourself if you so wish.

The boxes are also available on Vagrant Cloud.

Related resources: Github | Prebuilt boxes | Vagrant Cloud | Discussion forum | Twitter

Using these boxes in Vagrant

If you have Vagrant 1.5, you can use our boxes through Vagrant Cloud:

vagrant init phusion/ubuntu-14.04-amd64
# -OR-
vagrant init phusion/ubuntu-12.04-amd64

On older Vagrant versions, you can modify your Vagrantfile to use our boxes. Here is an example Vagrantfile which works with both VirtualBox and VMWare Fusion. It also automatically installs the latest version of Docker.

# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| = "phusion-open-ubuntu-14.04-amd64"
  config.vm.box_url = ""
  # Or, for Ubuntu 12.04: = "phusion-open-ubuntu-12.04-amd64"
  #config.vm.box_url = ""

  config.vm.provider :vmware_fusion do |f, override|
    override.vm.box_url = ""
    #override.vm.box_url = ""

  if Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty?
    # Install Docker
    pkg_cmd = "wget -q -O - | apt-key add -;" \
      "echo deb docker main > /etc/apt/sources.list.d/docker.list;" \
      "apt-get update -qq; apt-get install -q -y --force-yes lxc-docker; "
    # Add vagrant user to the docker group
    pkg_cmd << "usermod -a -G docker vagrant; "
    config.vm.provision :shell, :inline => pkg_cmd

You can login with username vagrant and password vagrant. This user has sudo privileges. The root user also has password vagrant.

The prebuilt boxes are available at

Final words

Enjoy these Vagrant boxes!

You may also want to check our other products, such as Phusion Passenger, which is an application server which makes Ruby, Python, Node.js and Meteor deployment extremely simple. Or simply follow us on Twitter.