0

Previously to trying out docker swarm mode api I have set up docker remote api with tls authentication with the help of https://docs.docker.com/engine/security/https/. Now i have my /usr/lib/systemd/system/docker.service configured with

ExecStart=/usr/bin/dockerd -H unix://var/run/docker.sock --tlsverify --tlscacert=/root/.docker/ca.pem --tlscert=/root/.docker/new-certs/server-cert.pem --tlskey=/root/.docker/new-certs/server-key.pem -H=0.0.0.0:2376

It works perfectly, i am able to run bellow command and get results

curl https://$HOSTNAME:2376/tasks --cert ~/.docker/new-certs/cert.pem --key ~/.docker/new-certs/key.pem --cacert ~/.docker/new-certs/ca.pem

Now i create a swarm

docker swarm init

*:2377 is now being listed on

But for some reason the command bellow returns "curl: (60) Peer's certificate issuer has been marked as not trusted by the user"

curl https://$HOSTNAME:2377/tasks --cert ~/.docker/new-certs/cert.pem --key ~/.docker/new-certs/key.pem --cacert ~/.docker/new-certs/ca.pem

I am unable to find any proper examples of such scenario, all of them are about legacy swarm , example https://docs.docker.com/swarm/configure-tls

Stobor
  • 65
  • 1
  • 6

1 Answers1

0

Port 2377 is only used to manage the swarm mode functions init and so on. For container,tasks,... you need to keed adressing 2376 in your case. You don't get the equivalent to port 4000 like in the previous swarm.

Mgccon
  • 425
  • 3
  • 11
  • The problem is that if i curl for /events on :2376 i only get events of that particular worker/master but not the swarm overall. By listening for events i want to know about all events of the swarm not a particular node – Stobor Oct 06 '16 at 12:13
  • Two control things overall you need to use /service the rest works in a node by node basis. – Mgccon Oct 06 '16 at 19:49