Puppet Class: dockerinstall::tls

Inherits:
dockerinstall::params
Defined in:
manifests/tls.pp

Summary

Protect the Docker daemon socket with TLS certificate

Overview

Protect the Docker daemon socket with TLS certificate

Examples:

include dockerinstall::tls

Parameters:

  • docker_tlsdir (Stdlib::Unixpath) (defaults to: $dockerinstall::params::docker_tlsdir) 


7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'manifests/tls.pp', line 7

class dockerinstall::tls (
  Stdlib::Unixpath
          $docker_tlsdir = $dockerinstall::params::docker_tlsdir,
) inherits dockerinstall::params
{
  include dockerinstall::params

  $localcacert = $dockerinstall::params::localcacert
  $hostcert    = $dockerinstall::params::hostcert
  $hostprivkey = $dockerinstall::params::hostprivkey

  # --tlscacert string                      Trust certs signed only by this CA (default "~/.docker/ca.pem")
  # --tlscert string                        Path to TLS certificate file (default "~/.docker/cert.pem")
  # --tlskey string                         Path to TLS key file (default ~/.docker/key.pem")

  # /etc/docker/tls/
  #    ├── cert.pem
  #    ├── key.pem
  #    └── ca.pem

  # CA certificate
  file { "${docker_tlsdir}/ca.pem":
      source  => "file://${localcacert}",
  }

  # Client certificate
  file { "${docker_tlsdir}/cert.pem":
      source  => "file://${hostcert}",
  }

  # Client private key
  file { "${docker_tlsdir}/key.pem":
      source => "file://${hostprivkey}",
      owner  => 'root',
      mode   => '0400',
  }
}