Magnum

Remove --tls flag from docker-swarm

Bug #1500982 reported by Adrian Otto on 2015-09-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Magnum	Fix Released	Critical	Daneyon Hansen	Magnum liberty-3 "liberty-3"

Bug Description

The following code appears in magnum/templates/docker-swarm/fragments/write-docker-service.sh:

cat >> /etc/systemd/system/docker.service << END_TLS
          --tls \\
          --tlsverify \\
          --tlscacert="/etc/docker/ca.crt" \\
          --tlskey="/etc/docker/server.key" \\
          --tlscert="/etc/docker/server.crt" \\
END_TLS

The line --tls should be dropped, as this allows anonymous TLS connections to the server. This should also be fixed in:

magnum/templates/docker-swarm/fragments/write-swarm-master-service.sh

See original description

Adrian Otto (aotto) on 2015-09-29

summary:	- Remove --tls flag from socker-swarm + Remove --tls flag from docker-swarm
description:	updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-09-29: Fix proposed to magnum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/229116

Changed in magnum:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-09-29: Fix merged to magnum (master)

Reviewed: https://review.openstack.org/229116
Committed: https://git.openstack.org/cgit/openstack/magnum/commit/?id=dc7560362e206b059f6a6c874053957e12fecb2b
Submitter: Jenkins
Branch: master

commit dc7560362e206b059f6a6c874053957e12fecb2b
Author: Daneyon Hansen <email address hidden>
Date: Tue Sep 29 19:15:14 2015 +0000

Removes --tls flag from docker and swarm-manager daemons

    Previously, the --tls flag was being used along with other tls
    related flags to secure the docker daemon. The --tls flag should
    not be used to perform mutual authentication between the docker
    daemon and client. This patch removes the use of --tls throughout
    the code base.

Closes-Bug: #1500982

Change-Id: I1def8e7a2725c0cdbb8862c6a8199b17e8ae841e

Changed in magnum:
status:	In Progress → Fix Committed

Adrian Otto (aotto) on 2015-11-24

Changed in magnum:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.