Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FLOC-4480, FLOC-4483] Fix docker systemd dropin configuration files and add docker plugin ID for Docker 1.12 #2880

Merged
merged 6 commits into from
Aug 4, 2016
Merged

[FLOC-4480, FLOC-4483] Fix docker systemd dropin configuration files and add docker plugin ID for Docker 1.12 #2880

merged 6 commits into from
Aug 4, 2016

Conversation

wallnerryan
Copy link
Contributor

@wallnerryan wallnerryan commented Aug 3, 2016
edited
Loading

In order for one of these to pass, its needs the other. Creating one branch for both.

See:

NOTE- this only fixes acceptance testing for Docker >= 1.12. This will likely break acceptance tests for older versions of docker < 1.12. If we plan on fixing that we should create a seperate issue that allows us to flip flop these type of configurations based on the docker version we want to test.

This was referenced Aug 3, 2016
Closed
Closed
@wallrj wallrj changed the title Fix acceptance and add docker plugin id floc 4480 floc 4483 [FLOC-4480, FLOC-4483] Fix docker systemd dropin configuration files and add docker plugin ID for Docker 1.12 Aug 4, 2016
wallrj
wallrj reviewed Aug 4, 2016
View reviewed changes
flocker/provision/_install.py
@@ -834,10 +834,13 @@ def task_enable_docker(distribution):
# Use the Flocker node TLS certificate, since it's readily
# available.
docker_tls_options = (
'--tlsverify --tlscacert=/etc/flocker/cluster.crt'
'--tls=true --tlscacert=/etc/flocker/cluster.crt'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should keep '--tlsverify. It ensures that docker daemon only accepts TLS connections from clients with a certificates signed by the Docker CA.

  --tls                                    Use TLS; implied by --tlsverify
  --tlscacert=~/.docker/ca.pem             Trust certs signed only by this CA
  --tlscert=~/.docker/cert.pem             Path to TLS certificate file
  --tlskey=~/.docker/key.pem               Path to TLS key file
  --tlsverify                              Use TLS and verify the remote

@wallrj
Copy link
Contributor

wallrj commented Aug 4, 2016

Thanks @wallnerryan

Looks good.

  • A couple of the Rackspace acceptance test nodes got killed before the tests finished....I've restarted those.
  • I'd like to put back the --tlsverify flag for security.

I'll do that and kick off the tests again and then merge.

@wallrj wallrj merged commit 1019383 into master Aug 4, 2016
@wallrj wallrj deleted the fix-acceptance-add-id-FLOC-4480-FLOC-4483 branch August 4, 2016 10:58
@wallnerryan wallnerryan mentioned this pull request Aug 4, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wallnerryan @wallrj