diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 657b8d9778..7dc2323038 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -536,7 +536,7 @@ please check the [run](run.md) reference. `--cluster-advertise` specifies the 'host:port' combination that this particular daemon instance should use when advertising itself to the cluster. The daemon -should be reachable by remote hosts on this 'host:port' combination. +is reached by remote hosts on this 'host:port' combination. The daemon uses [libkv](https://github.com/docker/libkv/) to advertise the node within the cluster. Some Key/Value backends support mutual @@ -545,6 +545,7 @@ using the `--cluster-store-opt` flag, specifying the paths to PEM encoded files. For example: ```bash +docker daemon \ --cluster-advertise 192.168.1.2:2376 \ --cluster-store etcd://192.168.1.2:2379 \ --cluster-store-opt kv.cacertfile=/path/to/ca.pem \ @@ -552,6 +553,25 @@ files. For example: --cluster-store-opt kv.keyfile=/path/to/key.pem ``` +The currently supported cluster store options are: + +* `kv.cacertfile` + + Specifies the path to a local file with PEM encoded CA certificates to trust + +* `kv.certfile` + + Specifies the path to a local file with a PEM encoded certificate. This + certificate is used as the client cert for communication with the + Key/Value store. + +* `kv.keyfile` + + Specifies the path to a local file with a PEM encoded private key. This + private key is used as the client key for communication with the + Key/Value store. + + ## Miscellaneous options IP masquerading uses address translation to allow containers without a public diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index c9bec5d552..accc3b1dbb 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -9,6 +9,9 @@ docker-daemon - Enable daemon mode [**--api-cors-header**=[=*API-CORS-HEADER*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] +[**--cluster-store**[=*[]*]] +[**--cluster-advertise**[=*[]*]] +[**--cluster-store-opt**[=*map[]*]] [**-D**|**--debug**[=*false*]] [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] @@ -74,6 +77,16 @@ format. **--bip**="" Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b +**--cluster-store**="" + URL of the distributed storage backend + +**--cluster-advertise**="" + Specifies the 'host:port' combination that this particular daemon instance should use when advertising + itself to the cluster. The daemon is reached by remote hosts on this 'host:port' combination. + +**--cluster-store-opt**="" + Specifies options for the Key/Value store. + **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. @@ -422,6 +435,31 @@ this topic, see Otherwise, set this flag for migrating existing Docker daemons to a daemon with a supported environment. +# CLUSTER STORE OPTIONS + +The daemon uses libkv to advertise +the node within the cluster. Some Key/Value backends support mutual +TLS, and the client TLS settings used by the daemon can be configured +using the **--cluster-store-opt** flag, specifying the paths to PEM encoded +files. + +#### kv.cacertfile + +Specifies the path to a local file with PEM encoded CA certificates to trust + +#### kv.certfile + +Specifies the path to a local file with a PEM encoded certificate. This +certificate is used as the client cert for communication with the +Key/Value store. + +#### kv.keyfile + +Specifies the path to a local file with a PEM encoded private key. This +private key is used as the client key for communication with the +Key/Value store. + + # HISTORY Sept 2015, Originally compiled by Shishir Mahajan based on docker.com source material and internal work.