Convert files to Unix format.

Change-Id: I51fabb809e0f446a4dcf2108af10a3f137b177d3 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
author: Cédric Ollivier <cedric.ollivier@orange.com> 2016-12-15 15:14:50 +0100
committer: Cédric Ollivier <cedric.ollivier@orange.com> 2016-12-15 18:09:30 +0100
commit: 41ccc6e8a54f11e0014707730bf3ef80385a01fa (patch)
tree: d3976e428b55b6dd136cddda63331b47adf804bd /docker
parent: 1041e01969b98b37b4c697aa2e8b99ff7df60ad7 (diff)
2 files changed, 158 insertions, 158 deletions
diff --git a/docker/docker_remote_api/docs/TLS-intro.rst b/docker/docker_remote_api/docs/TLS-intro.rst
index 934f99a8b..44fdd4aed 100644
--- a/docker/docker_remote_api/docs/TLS-intro.rst
+++ b/docker/docker_remote_api/docs/TLS-intro.rst
@@ -1,107 +1,107 @@
-Encrypt the docker remote API via TLS for Ubuntu and CentOS
-
-[Introduction]
-The Docker daemon can listen to Docker Remote API requests via three types of
-Socket: unix, tcp and fd. By default, a unix domain socket (or IPC socket) is
-created at /var/run/docker.sock, requiring either root permission, or docker
-group membership.
-
-Port 2375 is conventionally used for un-encrypted communition with Docker daemon
-remotely, where docker server can be accessed by any docker client via tcp socket
-in local area network. You can listen to port 2375 on all network interfaces with
--H tcp://0.0.0.0:2375, where 0.0.0.0 means any available IP address on host, and
-tcp://0.0.0.0:2375 indicates that port 2375 is listened on any IP of daemon host.
-If we want to make docker server open on the Internet via TCP port, and only trusted
-clients have the right to access the docker server in a safe manner, port 2376 for
-encrypted communication with the daemon should be listened. It can be achieved to
-create certificate and distribute it to the trusted clients.
-
-Through creating self-signed certificate, and using --tlsverify command when running
-Docker daemon, Docker daemon opens the TLS authentication. Thus only the clients
-with related private key files can have access to the Docker daemon's server. As
-long as the key files for encryption are secure between docker server and client,
-the Docker daemon can keep secure.
-In summary,
-Firstly we should create docker server certificate and related key files, which
-are distributed to the trusted clients.
-Then the clients with related key files can access docker server.
-
-[Steps]
-1.0. Create a CA, server and client keys with OpenSSL.
-    OpenSSL is used to generate certificate, and can be installed as follows.
-    apt-get install openssl openssl-devel
-
-1.1 First generate CA private and public keys.
-    openssl genrsa -aes256 -out ca-key.pem 4096
-    openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
-
-    You are about to be asked to enter information that will be incorporated
-    into your certificate request, where the instance of $HOST should be replaced
-    with the DNS name of your Docker daemon's host, here the DNS name of my Docker
-    daemon is ly.
-       Common Name (e.g. server FQDN or YOUR name) []:$HOST
-
-1.2 Now we have a CA (ca-key.pem and ca.pem), you can create a server key and
-certificate signing request.
-    openssl genrsa -out server-key.pem 4096
-    openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr
-
-1.3 Sign the public key with our CA.
-    TLS connections can be made via IP address as well as DNS name, they need to be
-    specified when creating the certificate.
-
-    echo subjectAltName = IP:172.16.10.121,IP:127.0.0.1 > extfile.cnf
-    openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-    -CAcreateserial -out server-cert.pem -extfile extfile.cnf
-
-1.4 For client authentication, create a client key and certificate signing request.
-    openssl genrsa -out key.pem 4096
-    openssl req -subj '/CN=client' -new -key key.pem -out client.csr
-
-1.5 To make the key suitable for client authentication, create an extensions config file.
-    echo extendedKeyUsage = clientAuth > extfile.cnf
-
-1.6 Sign the public key and after generating cert.pem and server-cert.pem, two certificate
-    signing requests can be removed.
-    openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
-    -CAcreateserial -out cert.pem -extfile extfile.cnf
-
-1.7 In order to protect your keys from accidental damage, you may change file modes to
-    be only readable.
-    chmod -v 0400 ca-key.pem key.pem server-key.pem
-    chmod -v 0444 ca.pem server-cert.pem cert.pem
-
-1.8 Build docker server
-    dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \
-    -H=0.0.0.0:2376
-    Then, it can be seen from the command 'netstat -ntlp' that port 2376 has been listened
-    and the Docker daemon only accept connections from clients providing a certificate
-    trusted by our CA.
-
-1.9 Distribute the keys to the client
-    scp /etc/docker/ca.pem wwl@172.16.10.121:/etc/docker
-    scp /etc/docker/cert.pem wwl@172.16.10.121:/etc/docker
-    scp /etc/docker/key.pem wwl@172.16.10.121:/etc/docker
-    Where, wwl and 172.16.10.121 is the username and IP of the client respectively.
-    And the password of the client is needed when you distribute the keys to the client.
-
-1.10 To access Docker daemon from the client via keys.
-    docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \
-    -H=$HOST:2376 version
-
-    Then we can operate docker in the Docker daemon from the client vis keys, for example:
-    1) create container from the client
-    docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 run -d \
-    -it --name w1 grafana/grafana
-    2) list containers from the client
-    docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 pa -a
-    3) stop/start containers from the client
-    docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 stop w1
-    docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 start w1
-
-
-
-
-
-
-
+Encrypt the docker remote API via TLS for Ubuntu and CentOS
+
+[Introduction]
+The Docker daemon can listen to Docker Remote API requests via three types of
+Socket: unix, tcp and fd. By default, a unix domain socket (or IPC socket) is
+created at /var/run/docker.sock, requiring either root permission, or docker
+group membership.
+
+Port 2375 is conventionally used for un-encrypted communition with Docker daemon
+remotely, where docker server can be accessed by any docker client via tcp socket
+in local area network. You can listen to port 2375 on all network interfaces with
+-H tcp://0.0.0.0:2375, where 0.0.0.0 means any available IP address on host, and
+tcp://0.0.0.0:2375 indicates that port 2375 is listened on any IP of daemon host.
+If we want to make docker server open on the Internet via TCP port, and only trusted
+clients have the right to access the docker server in a safe manner, port 2376 for
+encrypted communication with the daemon should be listened. It can be achieved to
+create certificate and distribute it to the trusted clients.
+
+Through creating self-signed certificate, and using --tlsverify command when running
+Docker daemon, Docker daemon opens the TLS authentication. Thus only the clients
+with related private key files can have access to the Docker daemon's server. As
+long as the key files for encryption are secure between docker server and client,
+the Docker daemon can keep secure.
+In summary,
+Firstly we should create docker server certificate and related key files, which
+are distributed to the trusted clients.
+Then the clients with related key files can access docker server.
+
+[Steps]
+1.0. Create a CA, server and client keys with OpenSSL.
+    OpenSSL is used to generate certificate, and can be installed as follows.
+    apt-get install openssl openssl-devel
+
+1.1 First generate CA private and public keys.
+    openssl genrsa -aes256 -out ca-key.pem 4096
+    openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
+
+    You are about to be asked to enter information that will be incorporated
+    into your certificate request, where the instance of $HOST should be replaced
+    with the DNS name of your Docker daemon's host, here the DNS name of my Docker
+    daemon is ly.
+       Common Name (e.g. server FQDN or YOUR name) []:$HOST
+
+1.2 Now we have a CA (ca-key.pem and ca.pem), you can create a server key and
+certificate signing request.
+    openssl genrsa -out server-key.pem 4096
+    openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr
+
+1.3 Sign the public key with our CA.
+    TLS connections can be made via IP address as well as DNS name, they need to be
+    specified when creating the certificate.
+
+    echo subjectAltName = IP:172.16.10.121,IP:127.0.0.1 > extfile.cnf
+    openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
+    -CAcreateserial -out server-cert.pem -extfile extfile.cnf
+
+1.4 For client authentication, create a client key and certificate signing request.
+    openssl genrsa -out key.pem 4096
+    openssl req -subj '/CN=client' -new -key key.pem -out client.csr
+
+1.5 To make the key suitable for client authentication, create an extensions config file.
+    echo extendedKeyUsage = clientAuth > extfile.cnf
+
+1.6 Sign the public key and after generating cert.pem and server-cert.pem, two certificate
+    signing requests can be removed.
+    openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
+    -CAcreateserial -out cert.pem -extfile extfile.cnf
+
+1.7 In order to protect your keys from accidental damage, you may change file modes to
+    be only readable.
+    chmod -v 0400 ca-key.pem key.pem server-key.pem
+    chmod -v 0444 ca.pem server-cert.pem cert.pem
+
+1.8 Build docker server
+    dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \
+    -H=0.0.0.0:2376
+    Then, it can be seen from the command 'netstat -ntlp' that port 2376 has been listened
+    and the Docker daemon only accept connections from clients providing a certificate
+    trusted by our CA.
+
+1.9 Distribute the keys to the client
+    scp /etc/docker/ca.pem wwl@172.16.10.121:/etc/docker
+    scp /etc/docker/cert.pem wwl@172.16.10.121:/etc/docker
+    scp /etc/docker/key.pem wwl@172.16.10.121:/etc/docker
+    Where, wwl and 172.16.10.121 is the username and IP of the client respectively.
+    And the password of the client is needed when you distribute the keys to the client.
+
+1.10 To access Docker daemon from the client via keys.
+    docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \
+    -H=$HOST:2376 version
+
+    Then we can operate docker in the Docker daemon from the client vis keys, for example:
+    1) create container from the client
+    docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 run -d \
+    -it --name w1 grafana/grafana
+    2) list containers from the client
+    docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 pa -a
+    3) stop/start containers from the client
+    docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 stop w1
+    docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=ly:2376 start w1
+
+
+
+
+
+
+
diff --git a/docker/docker_remote_api/enable_remote_api.sh b/docker/docker_remote_api/enable_remote_api.sh
index 6867eeddf..76e59b850 100755
--- a/docker/docker_remote_api/enable_remote_api.sh
+++ b/docker/docker_remote_api/enable_remote_api.sh
@@ -1,51 +1,51 @@
-#!/bin/bash
-# SPDX-license-identifier: Apache-2.0
-
-# ******************************
-# Script to update the docker host configuration
-# to enable Docker Remote API
-# ******************************
-
-if [ -f /etc/lsb-release ]; then
-    #tested on ubuntu 14.04 and 16.04
-    if grep -q "#DOCKER_OPTS=" "/etc/default/docker"; then
-        cp /etc/default/docker /etc/default/docker.bak
-        sed -i 's/^#DOCKER_OPTS.*$/DOCKER_OPTS=\"-H unix:\/\/\/var\/run\/docker.sock -H tcp:\/\/0.0.0.0:2375\"/g' /etc/default/docker
-    else
-        echo DOCKER_OPTS=\"-H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375\" >> /etc/default/docker
-    fi
-    service docker restart
-    #docker start $(docker ps -aq)
-elif [ -f /etc/system-release ]; then
-        #tested on centos 7.2
-    if grep -q "ExecStart=\/usr\/bin\/docker-current daemon" "/lib/systemd/system/docker.service"; then
-            cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak
-            sed -i 's/^ExecStart=.*$/ExecStart=\/usr\/bin\/docker daemon -H tcp:\/\/0.0.0.0:2375 -H unix:\/\/\/var\/run\/docker.sock  \\/g' /lib/systemd/system/docker.service
-            systemctl daemon-reload
-            systemctl restart docker
-        else
-            echo "to be implemented"
-    fi
-else
-    echo "OS is not supported"
-fi
-
-# Issue Note for Ubuntu
-# 1. If the configuration of the file /etc/default/docker does not take effect after restarting docker service,
-#    you may try to modify /lib/systemd/system/docker.service
-#    commands:
-#    cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak
-#    sed -i '/^ExecStart/i\EnvironmentFile=-/etc/default/docker' /lib/systemd/system/docker.service
-#    sed -i '/ExecStart=\/usr\/bin\/dockerd/{;s/$/ \$DOCKER_OPTS/}' /lib/systemd/system/docker.service
-#    systemctl daemon-reload
-#    service docker restart
-# 2. Systemd is a system and session manager for Linux, where systemctl is one tool for systemd to view and control systemd.
-#    If the file /lib/systemd/system/docker.service is modified, systemd has to be reloaded to scan new or changed units.
-#    1) systemd and related packages are available on the PPA. To use the PPA, first add it to your software sources list as follows.
-#       add-apt-repository ppa:pitti/systemd
-#       apt-get update
-#    2) system can be installed from the PPS as follows.
-#       apt-get install systemd libpam-systemd systemd-ui
-
-
-
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+
+# ******************************
+# Script to update the docker host configuration
+# to enable Docker Remote API
+# ******************************
+
+if [ -f /etc/lsb-release ]; then
+    #tested on ubuntu 14.04 and 16.04
+    if grep -q "#DOCKER_OPTS=" "/etc/default/docker"; then
+        cp /etc/default/docker /etc/default/docker.bak
+        sed -i 's/^#DOCKER_OPTS.*$/DOCKER_OPTS=\"-H unix:\/\/\/var\/run\/docker.sock -H tcp:\/\/0.0.0.0:2375\"/g' /etc/default/docker
+    else
+        echo DOCKER_OPTS=\"-H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375\" >> /etc/default/docker
+    fi
+    service docker restart
+    #docker start $(docker ps -aq)
+elif [ -f /etc/system-release ]; then
+        #tested on centos 7.2
+    if grep -q "ExecStart=\/usr\/bin\/docker-current daemon" "/lib/systemd/system/docker.service"; then
+            cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak
+            sed -i 's/^ExecStart=.*$/ExecStart=\/usr\/bin\/docker daemon -H tcp:\/\/0.0.0.0:2375 -H unix:\/\/\/var\/run\/docker.sock  \\/g' /lib/systemd/system/docker.service
+            systemctl daemon-reload
+            systemctl restart docker
+        else
+            echo "to be implemented"
+    fi
+else
+    echo "OS is not supported"
+fi
+
+# Issue Note for Ubuntu
+# 1. If the configuration of the file /etc/default/docker does not take effect after restarting docker service,
+#    you may try to modify /lib/systemd/system/docker.service
+#    commands:
+#    cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak
+#    sed -i '/^ExecStart/i\EnvironmentFile=-/etc/default/docker' /lib/systemd/system/docker.service
+#    sed -i '/ExecStart=\/usr\/bin\/dockerd/{;s/$/ \$DOCKER_OPTS/}' /lib/systemd/system/docker.service
+#    systemctl daemon-reload
+#    service docker restart
+# 2. Systemd is a system and session manager for Linux, where systemctl is one tool for systemd to view and control systemd.
+#    If the file /lib/systemd/system/docker.service is modified, systemd has to be reloaded to scan new or changed units.
+#    1) systemd and related packages are available on the PPA. To use the PPA, first add it to your software sources list as follows.
+#       add-apt-repository ppa:pitti/systemd
+#       apt-get update
+#    2) system can be installed from the PPS as follows.
+#       apt-get install systemd libpam-systemd systemd-ui
+
+
+
author	Cédric Ollivier <cedric.ollivier@orange.com>	2016-12-15 15:14:50 +0100
committer	Cédric Ollivier <cedric.ollivier@orange.com>	2016-12-15 18:09:30 +0100
commit	41ccc6e8a54f11e0014707730bf3ef80385a01fa (patch)
tree	d3976e428b55b6dd136cddda63331b47adf804bd /docker
parent	1041e01969b98b37b4c697aa2e8b99ff7df60ad7 (diff)