Removes --tls flag from docker and swarm-manager daemons

Previously, the --tls flag was being used along with other tls related flags to secure the docker daemon. The --tls flag should not be used to perform mutual authentication between the docker daemon and client. This patch removes the use of --tls throughout the code base. Closes-Bug: #1500982 Change-Id: I1def8e7a2725c0cdbb8862c6a8199b17e8ae841e
2015-09-29 19:15:14 +00:00 · 2015-09-29 19:15:14 +00:00 · dc7560362e
parent 2d76ef7cf5
commit dc7560362e
3 changed files with 1 additions and 3 deletions
--- a/doc/source/tls.rst
+++ b/doc/source/tls.rst
@ -99,7 +99,7 @@ is an example for Docker.

 ::

-    docker -H tcp://<bay_api_address>:2376 --tls --tlsverify \
+    docker -H tcp://<bay_api_address>:2376 --tlsverify \
        --tlscacert ca.crt \
        --tlskey client.key \
        --tlscert client.crt
--- a/magnum/templates/docker-swarm/fragments/write-docker-service.sh
+++ b/magnum/templates/docker-swarm/fragments/write-docker-service.sh
@ -23,7 +23,6 @@ END_SERVICE_TOP
 if [ $INSECURE == 'False'  ]; then

 cat >> /etc/systemd/system/docker.service << END_TLS
-          --tls \\
          --tlsverify \\
          --tlscacert="/etc/docker/ca.crt" \\
          --tlskey="/etc/docker/server.key" \\
--- a/magnum/templates/docker-swarm/fragments/write-swarm-master-service.sh
+++ b/magnum/templates/docker-swarm/fragments/write-swarm-master-service.sh
@ -25,7 +25,6 @@ END_SERVICE_TOP
 if [ $INSECURE = 'False'  ]; then

 cat >> /etc/systemd/system/swarm-manager.service << END_TLS
-                                  --tls \\
                                  --tlsverify \\
                                  --tlscacert=/etc/docker/ca.crt \\
                                  --tlskey=/etc/docker/server.key \\