我在/ etc / default / docker中指定我的TLS证书,如下所示:
DOCKER_OPTS="-H=unix:// --tlsverify --tlscacert=/etc/docker/mynewca.pem
--tlscert=/etc/docker/mynewcert.pem
--tlskey=/etc/docker/mynewkey.pem -H=0.0.0.0:2376"
但是,每次我的Docker主机重新启动时,我的设置都会被默认值覆盖:
DOCKER_OPTS="-H=unix:// --tlsverify --tlscacert=/etc/docker/ca.pem
--tlscert=/etc/docker/cert.pem
--tlskey=/etc/docker/key.pem -H=0.0.0.0:2376"
这意味着我无法远程与Docker守护进程通信,直到我重新配置DOCKER_OPTS并运行
sudo service restart docker
upstart正在启动Docker守护程序,看起来/etc/init/docker.conf的脚本部分正在覆盖DOCKER_OPTS,尽管我无法找到它的默认值。< / p>
script
# modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
DOCKERD=/usr/bin/dockerd
DOCKER_OPTS=
if [ -f /etc/default/$UPSTART_JOB ]; then
. /etc/default/$UPSTART_JOB
fi
exec "$DOCKERD" $DOCKER_OPTS --raw-logs
end script
# Don't emit "started" event until docker.sock is ready.
# See https://github.com/docker/docker/issues/6647
post-start script
DOCKER_OPTS=
DOCKER_SOCKET=
if [ -f /etc/default/$UPSTART_JOB ]; then
. /etc/default/$UPSTART_JOB
fi
if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then
DOCKER_SOCKET=/var/run/docker.sock
else
DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)' | sed 1q)
fi
if [ -n "$DOCKER_SOCKET" ]; then
while ! [ -e "$DOCKER_SOCKET" ]; do
initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1
echo "Waiting for $DOCKER_SOCKET"
sleep 0.1
done
echo "$DOCKER_SOCKET is up"
fi
end script
哪个
答案 0 :(得分:0)
您可能希望使用通常位于/etc/docker/daemon.json中的泊坞窗配置文件。有关配置的更多信息,请参见此处:
https://docs.docker.com/engine/reference/commandline/dockerd//#daemon-configuration-file
在您的情况下,"tlscacert"选项可能特别有用。
然而,配置文件的位置可能真的取决于操作系统和发行版(我记得着名的Gentoo /etc/conf.d/目录)