this change improves the instructions for
swarm join-token and swarm init;
- only print the join-token command for workers
instead of for both managers and workers, to
prevent users from copying the wrong command.
An extra line is added to explain how to obtain
the manager token.
- print a message that a token was rotated
sucesfully if '--rotate' is used.
- add some extra white-space before / after
the join commands, to make copy/pasting
easier.
this change also does some refactoring of join-token;
- move flagname-constants together with other constants
- use variables for selected role ("worker" / "manager")
to prevent checking for them multiple times, and to
keep the "worker" / "manager" sting centralized
- add an extra blank line after "join-token" instructions
this makes it easier to copy, and cleans up the
code a tiny bit
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: ebebd4176940bc907ba4e8f5fbe62f6a050f8ed4
Component: engine
In #24159, the title field of `docker node ls` has been
changed from NAME to HOSTNAME. However, in the docs the
NAMEs are still used for the output of `docker node ls`.
This fix updates docs so that NAME field is changed to
HOSTNAME for all `docker node ls`.
This fix is related to #24159 and #24090.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 668b8a998f5ebbe66c7376c432a5fd87208add73
Component: engine
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.
This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.
`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.
Closes#23785
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 7342e42fcecbc243bcb8723b8422879662452017
Component: engine
