Make the install script independent from the ubuntu keyserver by using
the sks-keyservers pool instead.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Upstream-commit: f058e9c43c8752dedcd4d251ddf105b22d0ed1d5
Component: engine
Fix typos in setup docs where tcp://:2376 is used without the $HOST
parameter.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Upstream-commit: 6a1da678de2150a0dcf943614b6c1a1a2012ab38
Component: engine
Fixes a few typos in IPv6 addresses. Will make it easier for users who
actually try and copy/paste or use the example addresses directly.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 5945de43b02406dbc0eee44954eb21e5926bde00
Component: engine
Colon was bold, but regular at other occurences.
Blame cf27b310c4fc8d2c13ba181398a628d03e1e3c58
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Upstream-commit: a51554988e615b317e95125f5612a28c3bff8e8a
Component: engine
* Adjust header to match _page_title
* Add instructions on deletion of CSRs and setting permissions
* Simplify some path expressions and commands
* Consqeuently use ~ instead of ${HOME}
* Precise formulation ('key' vs. 'public key')
* Fix wrong indentation of output of `openssl req`
* Use dash ('--') instead of minus ('-')
Remark on permissions:
It's not a problem to `chmod 0400` the private keys, because the
Docker daemon runs as root (can read the file anyway) and the Docker
client runs as user.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Upstream-commit: 02a793c6a133f46129d0fc83ce218d3a92f1e644
Component: engine
This fixes the container start issue for containers which were started
on a daemon prior to the resolv.conf updater PR. The update code will
now safely ignore these containers (given they don't have a sha256 hash
to compare against) and will not attempt to update the resolv.conf
through their lifetime.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 30eff2720a110f3ece0e429ef1897a254f0d9e71
Component: engine
Only modifies non-running containers resolv.conf bind mount, and only if
the container has an unmodified resolv.conf compared to its contents at
container start time (so we don't overwrite manual/automated changes
within the container runtime). For containers which are running when
the host resolv.conf changes, the update will only be applied to the
container version of resolv.conf when the container is "bounced" down
and back up (e.g. stop/start or restart)
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 63a7ccdd2372d87f56f7a86da07c72ea51332c2a
Component: engine
since we can control it with --mac-address.
Signed-off-by: Tangi COLIN <tangicolin@gmail.com>
Upstream-commit: d9ec04e18d5e1fede1afcec27a0d2c69d514a123
Component: engine
Using --insecure is (you guessed it) *insecure* as the server side
certificate is not being validated. To offer the same degree of
security as invocations of the docker client in "Secure by default"
with cURL, the trusted CA certificate must be supplied.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Upstream-commit: 26187bd851141236a909c0bada5a2743fc237e0e
Component: engine
With -CAcreateserial the serial file will be automatically created
and initialized if it is missing.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Upstream-commit: 131c62d7661ace86453de540cb1a58956b59e347
Component: engine
Do not encrypt private keys in the first place, if the encryption
is stripped anyway.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Upstream-commit: f957f258d722fa563ead0a14978acca7c6745d3f
Component: engine
Moves some information around, expanding information on
user namespaces, pull/load security, cap add/drop.
Also includes various grammar improvements and edits.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: e704dd31e79114a2156c4fdda3247a181ad6435d
Component: engine
Copying the entire docker service file isn't necessary to add an
environment variable, instead use a drop-in configuration file. The nice
side-effect is that the user gets any vendor updates to the
docker.service file.
Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
Upstream-commit: 2d51d71561565987fc6a600234f2e2d15e0ecf31
Component: engine
Minor but important typo in the new systemd guide introduced in #9347.
Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
Upstream-commit: 1ae7be716eadf6efdc7ee033c83127e975222a76
Component: engine
