Dedicated script should be called on the ADB/CDK VM to generate the TLS certificates

[hferentschik]

Currently we have in docker.rb:

sudo rm /etc/docker/ca.pem && sudo systemctl restart docker

Which is from behind through the chest into the eye. This works, because the Docker service scripts check for the existence of ca.pem and then re-creates the certificates. At least this should be documented or even better docker.rb should call a dedicated properly named script. This script could also do the daemon restart.

[navidshaikh]

At least this should be documented or even better docker.rb should call a dedicated properly named script. This script could also do the daemon restart.

We have a counter issue filed in ADB repo https://github.com/projectatomic/adb-atomic-developer-bundle/issues/266. Idea is to configure the docker daemon only on unix socket (since the default TLS certs generated are invalid) and have daemon configured to run on TCP as well Unix socket when the box boots up (when it gets the private network IP).

The re-configuration of the docker daemon to run on TCP and Unix socket can either be done via a script in the box or via plugin itself.

[hferentschik]

We have a counter issue filed in ADB repo

+1. This needs for sure improving.

[bexelbie]

Agreed. sccli should be extended to manage docker. @praveenkumar

[praveenkumar]

@bexelbie +1, yes if we make those changes to KS file then we need to extend sccli to make sure docker daemon run on TCP as well.

[brgnepal]

+1 Good to have this approach.

[navidshaikh]

@praveenkumar : ping