kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
moby--moby/docs/swarm/swarm-tutorial/create-swarm.md
Aaron Lehmann 7342e42fce Generate a swarm joining secret if none is specified 
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.

This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.

`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.

Closes #23785

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-07-06 13:04:50 -07:00

2.4 KiB
Raw Blame History

Create a swarm

After you complete the tutorial setup steps, you're ready to create a swarm. Make sure the Docker Engine daemon is started on the host machines.

  1. Open a terminal and ssh into the machine where you want to run your manager node. For example, the tutorial uses a machine named manager1.

  2. Run the following command to create a new swarm:

    docker swarm init --listen-addr <MANAGER-IP>:<PORT>

    In the tutorial, the following command creates a swarm on the manager1 machine:

    $ docker swarm init --listen-addr 192.168.99.100:2377
No --secret provided. Generated random secret:
4ao565v9jsuogtq5t8s379ulb

Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager.

To add a worker to this swarm, run the following command:
docker swarm join --secret 4ao565v9jsuogtq5t8s379ulb \
--ca-hash sha256:07ce22bd1a7619f2adc0d63bd110479a170e7c4e69df05b67a1aa2705c88ef09 \
192.168.99.100:2377

    The --listen-addr flag configures the manager node to listen on port 2377. The other nodes in the swarm must be able to access the manager at the IP address.

  3. Run docker info to view the current state of the swarm:

    $ docker info

Containers: 2
 Running: 0
 Paused: 0
 Stopped: 2
...snip...
Swarm: active
 NodeID: dxn1zf6l61qsb1josjja83ngz
 IsManager: Yes
 Managers: 1
 Nodes: 1
 CACertHash: sha256:b7986d3baeff2f5664dfe350eec32e2383539ec1a802ba541c4eb829056b5f61
...snip...

  4. Run the docker node ls command to view information about nodes:

    $ docker node ls

ID                           NAME      MEMBERSHIP  STATUS  AVAILABILITY  MANAGER STATUS  LEADER
dxn1zf6l61qsb1josjja83ngz *  manager1  Accepted    Ready   Active        Reachable       Yes

    The * next to the node id, indicates that you're currently connected on this node.

    Docker Engine swarm mode automatically names the node for the machine host name. The tutorial covers other columns in later steps.

What's next?

In the next section of the tutorial, we'll add two more nodes to the cluster.