32 lines
1.2 KiB
Django/Jinja
Executable File
32 lines
1.2 KiB
Django/Jinja
Executable File
mkdir -p /home/core/.docker
|
|
cp /home/core/keys/ca.pem /home/core/.docker/
|
|
cp /home/core/keys/cert.pem /home/core/.docker/
|
|
cp /home/core/keys/key.pem /home/core/.docker/
|
|
|
|
echo 'subjectAltName = @alt_names' >> /home/core/keys/openssl.cnf
|
|
echo '[alt_names]' >> /home/core/keys/openssl.cnf
|
|
|
|
cd /home/core/keys
|
|
|
|
echo 'IP.1 = {{ swarmnode.openstack.public_v4 }}' >> openssl.cnf
|
|
echo 'DNS.1 = {{ app_env.fqdn }}' >> openssl.cnf
|
|
echo 'DNS.2 = {{ swarmnode.openstack.public_v4 }}.xip.io' >> openssl.cnf
|
|
|
|
openssl req -new -key key.pem -out cert.csr -subj '/CN=docker-client' -config openssl.cnf
|
|
openssl x509 -req -in cert.csr -CA ca.pem -CAkey ca-key.pem \
|
|
-CAcreateserial -out cert.pem -days 365 -extensions v3_req -extfile openssl.cnf
|
|
|
|
sudo mkdir -p /etc/docker/ssl
|
|
sudo cp ca.pem /etc/docker/ssl/
|
|
sudo cp cert.pem /etc/docker/ssl/
|
|
sudo cp key.pem /etc/docker/ssl/
|
|
|
|
# Apply localized settings to services
|
|
sudo mkdir -p /etc/systemd/system/{docker,swarm-agent,swarm-manager}.service.d
|
|
|
|
sudo mv /home/core/keys/dockerservice.cnf /etc/systemd/system/docker.service.d/10-docker-service.conf
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl restart docker.service
|
|
sudo systemctl start swarm-agent.service
|
|
sudo systemctl start swarm-manager.service
|