docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Included updates from https://github.com/docker/docker-core-backlog/issues/375.

This commit is contained in:
Anne Henmi 2018-10-03 14:03:10 -06:00
parent 306fe4c56e
commit 7d80bd0202
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
engine/swarm/join-nodes.md
View File

@ -26,6 +26,10 @@ the `docker swarm join` command. The node only uses the token at join time. If
you subsequently rotate the token, it doesn't affect existing swarm nodes. Refer
to [Run Docker Engine in swarm mode](swarm-mode.md#view-the-join-command-or-update-a-swarm-join-token).
**NOTE:** Docker allows a non-FIPS enabled worker or manager nodes to a FIPS-enabled
swarm cluster. This can cause issues with upgrading a swarm if nodes are FIPS-enabled and other
nodes are not FIPS-enabled.
## Join as a worker node
To retrieve the join command including the join token for worker nodes, run the

15
install/linux/docker-ee/rhel.md
View File

@ -50,6 +50,13 @@ On {{ linux-dist-long }}, Docker EE supports storage drivers, `overlay2` and `de
With Docker EE Basic license for versions 18.03 and later, Docker provides FIPS 140-2 support in RHEL 7.3, 7.4 and 7.5. This includes a FIPS support cryptographic module. If the RHEL implementation already has FIPS support enabled, FIPS is automatically enabled in the Docker engine.
To verify the FIPS-140-2 module is enabled in the Linux kernel, confirm the file `/proc/sys/crypto/fips_enabled` contains `1`.
```
$ cat /proc/sys/crypto/fips_enabled
1
```
**NOTE:** FIPS is only supported in the Docker EE engine. UCP and DTR currently do not have support for FIPS-140-2.
To enable FIPS 140-2 compliance on a system that is not in FIPS 140-2 mode, do the following:
@ -72,7 +79,13 @@ $ docker info --format '{{ .SecurityOptions }}'
[name=selinux name=fips]
```
**NOTE:** If the system has the FIPS 140-2 cryptographic module installed on the operating system, it is possible to disable FIPS-140-2 compliance. To disable FIPS 140-2 in Docker but not the operating system, set the value `DOCKER_FIPS=0` in the `/etc/systemd/system/docker.service.d/fips-module`.
### Disabling FIPS-140-2
If the system has the FIPS 140-2 cryptographic module installed on the operating system,
it is possible to disable FIPS-140-2 compliance.
To disable FIPS 140-2 in Docker but not the operating system, set the value `DOCKER_FIPS=0`
in the `/etc/systemd/system/docker.service.d/fips-module`.
### Find your Docker EE repo URL