Despite being wrong we are kinda calling our users dumb, I feel it is a bit
demeaning. As well as just wrong.
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Upstream-commit: 6009f2eac4d8d707b64bfada507345e11977643d
Component: engine
Fixes: #10701
Updates the IPv6 documentation and images to reflect the more modern
`ip -6` command set versus `route` and `ifconfig`. Also removes the
use of the special 2002: address range as that is reserved for 6to4
addressing, as well as use of any public address range and re-works the
switched routing example to use 3 subnets of the documentation IPv6
prefix range.
Also conformed all use of addresses to the same doc range per @MalteJ's
commit.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Signed-off-by: Malte Janduda <mail@janduda.net>
Upstream-commit: 95668ed128c77b373bac54b721231bd320fa174d
Component: engine
Make the install script independent from the ubuntu keyserver by using
the sks-keyservers pool instead.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Upstream-commit: f058e9c43c8752dedcd4d251ddf105b22d0ed1d5
Component: engine
subjectAltName=IP:x.x.x.x
this allows for connecting to the docker server from docker client
using the dns name OR using the IP address (lots of docker stuff
prefers IP addresses)
Signed-off-by: Greg Fausak <greg@tacodata.com>
Upstream-commit: df8d80710297385aa7c8db41fdd1ef6795e39ae3
Component: engine
Fix typos in setup docs where tcp://:2376 is used without the $HOST
parameter.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Upstream-commit: 6a1da678de2150a0dcf943614b6c1a1a2012ab38
Component: engine
Fixes a few typos in IPv6 addresses. Will make it easier for users who
actually try and copy/paste or use the example addresses directly.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 5945de43b02406dbc0eee44954eb21e5926bde00
Component: engine
Colon was bold, but regular at other occurences.
Blame cf27b310c4fc8d2c13ba181398a628d03e1e3c58
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Upstream-commit: a51554988e615b317e95125f5612a28c3bff8e8a
Component: engine
* Adjust header to match _page_title
* Add instructions on deletion of CSRs and setting permissions
* Simplify some path expressions and commands
* Consqeuently use ~ instead of ${HOME}
* Precise formulation ('key' vs. 'public key')
* Fix wrong indentation of output of `openssl req`
* Use dash ('--') instead of minus ('-')
Remark on permissions:
It's not a problem to `chmod 0400` the private keys, because the
Docker daemon runs as root (can read the file anyway) and the Docker
client runs as user.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Upstream-commit: 02a793c6a133f46129d0fc83ce218d3a92f1e644
Component: engine
This fixes the container start issue for containers which were started
on a daemon prior to the resolv.conf updater PR. The update code will
now safely ignore these containers (given they don't have a sha256 hash
to compare against) and will not attempt to update the resolv.conf
through their lifetime.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 30eff2720a110f3ece0e429ef1897a254f0d9e71
Component: engine
Only modifies non-running containers resolv.conf bind mount, and only if
the container has an unmodified resolv.conf compared to its contents at
container start time (so we don't overwrite manual/automated changes
within the container runtime). For containers which are running when
the host resolv.conf changes, the update will only be applied to the
container version of resolv.conf when the container is "bounced" down
and back up (e.g. stop/start or restart)
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 63a7ccdd2372d87f56f7a86da07c72ea51332c2a
Component: engine
since we can control it with --mac-address.
Signed-off-by: Tangi COLIN <tangicolin@gmail.com>
Upstream-commit: d9ec04e18d5e1fede1afcec27a0d2c69d514a123
Component: engine
Using --insecure is (you guessed it) *insecure* as the server side
certificate is not being validated. To offer the same degree of
security as invocations of the docker client in "Secure by default"
with cURL, the trusted CA certificate must be supplied.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Upstream-commit: 26187bd851141236a909c0bada5a2743fc237e0e
Component: engine
With -CAcreateserial the serial file will be automatically created
and initialized if it is missing.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Upstream-commit: 131c62d7661ace86453de540cb1a58956b59e347
Component: engine
Do not encrypt private keys in the first place, if the encryption
is stripped anyway.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Upstream-commit: f957f258d722fa563ead0a14978acca7c6745d3f
Component: engine
Moves some information around, expanding information on
user namespaces, pull/load security, cap add/drop.
Also includes various grammar improvements and edits.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: e704dd31e79114a2156c4fdda3247a181ad6435d
Component: engine
