Replace secrets with join tokens

Implement the proposal from https://github.com/docker/docker/issues/24430#issuecomment-233100121 Removes acceptance policy and secret in favor of an automatically generated join token that combines the secret, CA hash, and manager/worker role into a single opaque string. Adds a docker swarm join-token subcommand to inspect and rotate the tokens. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> Upstream-commit: 2cc5bd33eef038bf5721582e2410ba459bb656e9 Component: engine
2016-07-20 11:15:08 -07:00
parent 281fb0ce0f
commit b141a44de0
46 changed files with 451 additions and 893 deletions
--- a/components/engine/docs/reference/commandline/swarm_update.md
+++ b/components/engine/docs/reference/commandline/swarm_update.md
@ -14,23 +14,21 @@ parent = "smn_cli"
 ```markdown
 Usage:  docker swarm update [OPTIONS]

-Update the Swarm
+Update the swarm

 Options:
-      --auto-accept value               Auto acceptance policy (worker, manager or none)
      --cert-expiry duration            Validity period for node certificates (default 2160h0m0s)
      --dispatcher-heartbeat duration   Dispatcher heartbeat period (default 5s)
      --external-ca value               Specifications of one or more certificate signing endpoints
      --help                            Print usage
-      --secret string                   Set secret value needed to accept nodes into cluster
      --task-history-limit int          Task history retention limit (default 10)
 ```

-Updates a Swarm cluster with new parameter values. This command must target a manager node.
+Updates a swarm cluster with new parameter values. This command must target a manager node.


 ```bash
-$ docker swarm update --auto-accept manager
+$ docker swarm update --cert-expirty 4000h0m0s
 ```

 ## Related information