Commit Graph

10 Commits

Author SHA1 Message Date
selansen 587a94c935 Global Default Address Pool feature support
This feature brings new attribute/option for swarm init command.
default-addr-pool will take string input which can be in below format.
"CIDR,CIDR,CIDR...:SUBNET-SIZE".
Signed-off-by: selansen <elango.siva@docker.com>
2018-08-21 14:34:00 -04:00
Ying Li 4243440e1f Propagate the provided external CA certificate to the external CA object
in swarm.

Also, fix some CLI command confusions:
1. If the --external-ca flag is provided, require a --ca-cert flag as well, otherwise
   the external CA is set but the CA certificate is actually rotated to an internal
   cert
2. If a --ca-cert flag is provided, require a --ca-key or --external-ca flag be
   provided as well, otherwise either the server will say that the request is
   invalid, or if there was previously an external CA corresponding to the cert, it
   will succeed.  While that works, it's better to require the user to explicitly
   set all the parameters of the new desired root CA.

This also changes the `swarm update` function to set the external CA's CACert field,
which while not strictly necessary, makes the CA list more explicit.

Signed-off-by: Ying Li <ying.li@docker.com>
2018-07-02 17:14:21 -07:00
Daniel Nephin 81e9837859 Refactor caCommand
Split out a swarmCAOptions struct for options that are shared between
the ca and update commands.

Change the 'no trust root' message to an error.

Add some unit tests.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-29 17:57:06 -04:00
Daniel Nephin 3bf0317fea Add unconvert linter
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-14 16:54:27 -07:00
Ying Li 3fe8321d0c Provide command line tool to view and rotate swarm's currently CA root certificate.
Signed-off-by: Ying Li <ying.li@docker.com>
2017-05-16 14:31:15 -07:00
Vincent Demeester d7f6563efc
Update cli imports to using local package
Also, rename a bunch of variable to not *shadow* the `opts` package
name.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-05-15 14:45:19 +02:00
Flavio Crisciani 169160ba63 Inroduce SWARM --data-path-addr flag
This new flag will allow the configuration of an interface that
can be used for data path traffic to be isolated from control
plane traffic. This flag is simply percolated down to libnetwork
and will be used by all the global scope drivers (today overlay)

Negative test added for invalid flag arguments

Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
2017-05-03 18:45:48 -07:00
Ying Li 81f87595fe Add the CACert parameter to the ExternalCA object in order to match
swarmkit's API type.  Make sure this parameter gets propagated to
swarmkit, and also add an extra option to the CLI when providing
external CAs to parse the CA cert from a file.

Signed-off-by: Ying Li <ying.li@docker.com>
2017-05-03 18:45:48 -07:00
Daniel Nephin 8f73a12f9b Add deadcode linter.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-05-02 17:57:46 -04:00
Daniel Nephin 1630fc40f8 Import docker/docker/cli
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2017-04-17 17:40:59 -04:00