Docker Quick Start
Create Fifo CA and Update Service Configs
Docker remote api certificates for both securing traffic and for user authentication. As a way to get started faster you can use a script that will generate all the necessary keys and update your service configurations. Please note that if you have multiple Fifo servers you will need to copy the keys, certificates, and configurations to all others after updating the first server.
Start by downloading the quick start script to your Fifo server.
curl -O https://gist.githubusercontent.com/kevinmeziere/987ef39a59117bb389ca/raw/c3adf2e0aae40c3d7332455e8d6a37db18555c20/fifo_ca.sh
chmod +x fifo_ca.sh
Once you have downloaded you can (optionally) open in your favorite editor and modify the "CERTSUBJECT" variable. If you wish you can leave the defaults.
Run the script with ./fifo_ca.sh
Upon successful completion you should see a notice about restarting Fifo services.
Install Docker on Client
Version 0.7.1 of Kennel supports Docker API version 1.20. Your client will need Docker 1.8.3 installed to use this API version. You can download the correct binary for your platform using the following links:
| Platform | URL |
|---|---|
| Mac OSX 32bit | https://get.docker.com/builds/Darwin/i386/docker-1.8.3 |
| Mac OSX 64bit | https://get.docker.com/builds/Darwin/x86_64/docker-1.8.3 |
| Linux 32bit | https://get.docker.com/builds/Linux/i386/docker-1.8.3 |
| Linux 64bit | https://get.docker.com/builds/Linux/x86_64/docker-1.8.3 |
| Windows 32bit | https://get.docker.com/builds/Windows/i386/docker-1.8.3.exe |
| Windows 64bit | https://get.docker.com/builds/Windows/x86_64/docker-1.8.3.exe |
OSX and Linux users must set the file's execute bit (chmod +x)
Prepare Client Certificates
PyFi Required
This step requires PyFi to be installed on your client. If you do not yet have Pyfi please see [LINK TO PYFI INSTALL PAGE (HOW TO COPY FROM 0.7.0 DOCS?)]
Due to the possibility of a man in the middle attack it is up to the user to use a secure method to copy the Fifo CA certificate (/var/db/fifo/fifo-ca.pem) to your Docker directory (SCP, Snail Mail, Carrier Pigeon, ect). The default location for the Fifo CA certificate is /var/db/fifo/fifo-ca.pem The correct location for this file on the client is ~/.docker/ca.pem
Make sure you are operating in the Docker directory. cd ~/.docker
Create a private key for the user with the following command: openssl genrsa -out key.pem 2048
With the newly created key create a request to send to the server:
openssl req -new -key key.pem -out client.csr
Now that a certificate signing request has been requested we must sign it with the Fifo CA and add it the the correct user account.
fifo users sign {{FIFO_USER_UUID}} --csr client.csr > cert.pem
Run Docker
Docker should now be setup and ready to run. Test everything out by running a simple command: ./docker-1.8.3 -H 172.16.2.210:8443 --tlsverify version which should show server OS of SunOS.
Make your life easier!
export DOCKER_HOST="tcp://172.16.2.210:8443"
export DOCKER_TLS_VERIFY="1"
Which would make the previous command:docker version
Updated less than a minute ago