This PR allows to configure the discovery path using the
--discovery-opt flag (with "kv.path=path/to/nodes"). We
can point to "docker/nodes" and use the docker discovery.
If docker instances are advertising to the cluster using
the `--cluster-advertise` flag, the swarm join command
becomes unnecessary.
Signed-off-by: Alexandre Beslic <abronan@docker.com>
This adds TLS support into the KV store for swarm. The manage, join,
and list commands all have a new CLI argument, matching the docker engine
discovery backend. This required adding the tlsconfig utility
package from docker engine.
Here's an example showing re-use of the cluster certs for the KV store:
swarm manage --tlsverify \
--tlscacert /etc/docker/ssl/ca.pem
--tlscert /etc/docker/ssl/cert.pem
--tlskey /etc/docker/ssl/key.pem
--discovery-opt kv.cacertfile=/etc/docker/ssl/ca.pem
--discovery-opt kv.certfile=/etc/docker/ssl/cert.pem
--discovery-opt kv.keyfile=/etc/docker/ssl/key.pem
--advertise 192.168.122.47:3376
etcd://192.168.122.47:2379
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
"consul://addr1" will store discovery entries into "docker/swarm/nodes"
"consul://addr2/foo" will store entries in "foo/docker/swarm/nodes"
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Alexandre Beslic