系统重启后,DOCKER_OPTS被重置
我正在/ etc / default / docker中指定我的TLS证书,如下所示:
DOCKER_OPTS="-H=unix:// --tlsverify --tlscacert=/etc/docker/mynewca.pem --tlscert=/etc/docker/mynewcert.pem --tlskey=/etc/docker/mynewkey.pem -H=0.0.0.0:2376" 但是,每当我的Docker主机重新启动时,我的设置都将被默认设置覆盖:
DOCKER_OPTS="-H=unix:// --tlsverify --tlscacert=/etc/docker/ca.pem --tlscert=/etc/docker/cert.pem --tlskey=/etc/docker/key.pem -H=0.0.0.0:2376"
这意味着我无法远程与Docker守护程序进行通信,直到我重新configurationDOCKER_OPTS并运行
sudo service restart docker
upstart启动Docker守护进程,看起来像/etc/init/docker.conf的脚本部分覆盖了DOCKER_OPTS,尽pipe我找不到从哪里获取默认值。
script # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker) DOCKERD=/usr/bin/dockerd DOCKER_OPTS= if [ -f /etc/default/$UPSTART_JOB ]; then . /etc/default/$UPSTART_JOB fi exec "$DOCKERD" $DOCKER_OPTS --raw-logs end script # Don't emit "started" event until docker.sock is ready. # See https://github.com/docker/docker/issues/6647 post-start script DOCKER_OPTS= DOCKER_SOCKET= if [ -f /etc/default/$UPSTART_JOB ]; then . /etc/default/$UPSTART_JOB fi if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then DOCKER_SOCKET=/var/run/docker.sock else DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)' | sed 1q) fi if [ -n "$DOCKER_SOCKET" ]; then while ! [ -e "$DOCKER_SOCKET" ]; do initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1 echo "Waiting for $DOCKER_SOCKET" sleep 0.1 done echo "$DOCKER_SOCKET is up" fi end script
哪一个
您可能需要使用通常位于/etc/docker/daemon.json中的/etc/docker/daemon.jsonconfiguration文件。 有关configuration的更多信息,请参阅这里: https : //docs.docker.com/engine/reference/commandline/dockerd//#daemon-configuration-file
在你的情况下, "tlscacert"选项可能是特别感兴趣的。
不过,configuration文件的位置可能真的取决于操作系统和发行版(我记得着名的Gentoo /etc/conf.d/目录)