-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Client certs for Xyhve removed in 17.06.0-rc2-ce-mac14 #1716
Comments
Double checked the release notes: this is an effect of the work for #1320. However, we don't use docker login to auth, just a client cert. How does one select which client cert should be sent a request? How can one debug what's being sent? |
with 17.06, you don't have to push your certs with git commands anymore, we copy |
You can check the docs here, it explains how it is used in the vm. |
It'll probably be obvious to the future users, but i wasn't expecting it, with all the work on the credential helper! Simple answer is sometimes that hardest to find. |
Closed issues are locked after 30 days of inactivity. If you have found a problem that seems similar to this, please open a new issue. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
Expected behavior
Docker for Mac would maintain the contents of the /etc/docker/certs.d directory from datakit git submission into the xhyve VM filesystem.
Or: Docker for Mac would provide a method to designate which registry hosts need which client certificates from the keychain, and provision them into the xhyve filesystem.
I'd love a pointer to the work that added this, since it looks like this is a new feature to implement #1320 , but I can't seem to find any open issues or if it's in data kit, credential-helper, or for-mac.
Actual behavior
Certs are added to /etc/docker/certs.d, committed to git [master], and are then removed by data kit.
Information
My docker diagnostic is just hanging right now, but it's
Version 17.06.0-rc2-ce-mac14 (18280)
Channel: edge
e4067577a3
Client:
Version: 17.06.0-ce-rc2
API version: 1.30
Go version: go1.8.1
Git commit: 402dd4a
Built: Wed Jun 7 10:02:52 2017
OS/Arch: darwin/amd64
Server:
Version: 17.06.0-ce-rc2
API version: 1.30 (minimum version 1.12)
Go version: go1.8.3
Git commit: 402dd4a
Built: Wed Jun 7 10:02:04 2017
OS/Arch: linux/amd64
Experimental: true
Steps to reproduce the behavior
Using the steps I mentioned in Use client cert to access secure private registry #1320 , add client certs.
Restart docker (automatic due to touching the right file, and committing it)
Check /etc/docker in xhyve, no files.
git log:
commit 1640d371f7e914c9afc4fcdf27383d6a6d138723
Author: datakit datakit@docker.com
Date: Fri Jun 9 18:07:42 2017 +0000
commit b2933386e872270b73cd320ff5be03237cedec39
Author: datakit datakit@docker.com
Date: Fri Jun 9 18:07:42 2017 +0000
commit f39a0d77c0a591444600c6d797c4bb6a5cddd491
Author: datakit datakit@docker.com
Date: Fri Jun 9 18:07:41 2017 +0000
commit fce1c9d6576a569fbbb929986bf9dbe2dc1c0380
Author: datakit datakit@docker.com
Date: Fri Jun 9 18:07:41 2017 +0000
commit 5601e441132d4c91f67ded1d665f0b9a9770716a
Author: datakit datakit@docker.com
Date: Fri Jun 9 18:07:41 2017 +0000
commit 88fd5149134174bc1c5b8a5a224fd6cde1d4b78a
Author: datakit datakit@docker.com
Date: Fri Jun 9 18:07:41 2017 +0000
commit 44870880bda94ddccbb575ae6ddd8b6ca5c95d6a
Author: datakit datakit@docker.com
Date: Fri Jun 9 18:07:41 2017 +0000
commit 56043316e882c4ec8134c65fe492461806532eda
Author: datakit datakit@docker.com
Date: Fri Jun 9 18:07:41 2017 +0000
commit 709b1c296c2c6039e92062c16c453035ccebbc06
Author: Matthew Barr mbarr@example.com
Date: Fri Jun 9 14:06:47 2017 -0400
The text was updated successfully, but these errors were encountered: