docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Included updates from https://github.com/docker/docker-core-backlog/issues/375.

This commit is contained in:
Anne Henmi 2018-10-03 14:03:10 -06:00
parent 306fe4c56e
commit 7d80bd0202
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
engine/swarm/join-nodes.md
View File

@ -26,6 +26,10 @@ the `docker swarm join` command. The node only uses the token at join time. If
you subsequently rotate the token, it doesn't affect existing swarm nodes. Refer you subsequently rotate the token, it doesn't affect existing swarm nodes. Refer
to [Run Docker Engine in swarm mode](swarm-mode.md#view-the-join-command-or-update-a-swarm-join-token). to [Run Docker Engine in swarm mode](swarm-mode.md#view-the-join-command-or-update-a-swarm-join-token).
**NOTE:** Docker allows a non-FIPS enabled worker or manager nodes to a FIPS-enabled
swarm cluster. This can cause issues with upgrading a swarm if nodes are FIPS-enabled and other
nodes are not FIPS-enabled.
## Join as a worker node ## Join as a worker node
To retrieve the join command including the join token for worker nodes, run the To retrieve the join command including the join token for worker nodes, run the

15
install/linux/docker-ee/rhel.md
View File

@ -50,6 +50,13 @@ On {{ linux-dist-long }}, Docker EE supports storage drivers, `overlay2` and `de
With Docker EE Basic license for versions 18.03 and later, Docker provides FIPS 140-2 support in RHEL 7.3, 7.4 and 7.5. This includes a FIPS support cryptographic module. If the RHEL implementation already has FIPS support enabled, FIPS is automatically enabled in the Docker engine. With Docker EE Basic license for versions 18.03 and later, Docker provides FIPS 140-2 support in RHEL 7.3, 7.4 and 7.5. This includes a FIPS support cryptographic module. If the RHEL implementation already has FIPS support enabled, FIPS is automatically enabled in the Docker engine.
To verify the FIPS-140-2 module is enabled in the Linux kernel, confirm the file `/proc/sys/crypto/fips_enabled` contains `1`.
```
$ cat /proc/sys/crypto/fips_enabled
1
```
**NOTE:** FIPS is only supported in the Docker EE engine. UCP and DTR currently do not have support for FIPS-140-2. **NOTE:** FIPS is only supported in the Docker EE engine. UCP and DTR currently do not have support for FIPS-140-2.
To enable FIPS 140-2 compliance on a system that is not in FIPS 140-2 mode, do the following: To enable FIPS 140-2 compliance on a system that is not in FIPS 140-2 mode, do the following:
@ -72,7 +79,13 @@ $ docker info --format '{{ .SecurityOptions }}'
[name=selinux name=fips] [name=selinux name=fips]
``` ```
**NOTE:** If the system has the FIPS 140-2 cryptographic module installed on the operating system, it is possible to disable FIPS-140-2 compliance. To disable FIPS 140-2 in Docker but not the operating system, set the value `DOCKER_FIPS=0` in the `/etc/systemd/system/docker.service.d/fips-module`. ### Disabling FIPS-140-2
If the system has the FIPS 140-2 cryptographic module installed on the operating system,
it is possible to disable FIPS-140-2 compliance.
To disable FIPS 140-2 in Docker but not the operating system, set the value `DOCKER_FIPS=0`
in the `/etc/systemd/system/docker.service.d/fips-module`.
### Find your Docker EE repo URL ### Find your Docker EE repo URL