From 6b7ddfaff2cce58beb487b865b271428b73ae7d9 Mon Sep 17 00:00:00 2001
From: Ivan Mikushin <i.mikushin@gmail.com>
Date: Thu, 10 Dec 2015 11:36:37 +0500
Subject: [PATCH] Fix server TLS key and cert  auto-generation.

To use TLS with docker, just `ros set rancher.docker.tls true` and `system-docker restart docker` (no need to restart if rancher.docker.tls is set in cloud-config on boot).
---
 cmd/userdocker/main.go | 2 +-
 os-config.yml          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/userdocker/main.go b/cmd/userdocker/main.go
index 0fdcfff0..194a5038 100644
--- a/cmd/userdocker/main.go
+++ b/cmd/userdocker/main.go
@@ -219,7 +219,7 @@ func main(cfg *config.CloudConfig) error {
 
 	if dockerCfg.TLS {
 		log.Debug("Generating TLS certs if needed")
-		if err := control.Generate(true, "/etc/docker/tls", []string{"localhost"}); err != nil {
+		if err := control.Generate(true, "/etc/docker/tls", []string{"127.0.0.1", "*", "*.*", "*.*.*", "*.*.*.*"}); err != nil {
 			return err
 		}
 	}
diff --git a/os-config.yml b/os-config.yml
index 7559083d..3212f4e5 100644
--- a/os-config.yml
+++ b/os-config.yml
@@ -313,6 +313,6 @@ rancher:
     url: https://releases.rancher.com/os/releases.yml
     image: rancher/os
   docker:
-    tls_args: [--tlsverify, --tlscacert=ca.pem, --tlscert=server-cert.pem, --tlskey=server-key.pem,
+    tls_args: [--tlsverify, --tlscacert=/etc/docker/tls/ca.pem, --tlscert=/etc/docker/tls/server-cert.pem, --tlskey=/etc/docker/tls/server-key.pem,
       '-H=0.0.0.0:2376']
     args: [daemon, --log-opt, max-size=25m, --log-opt, max-file=2, -s, overlay, -G, docker, -H, 'unix:///var/run/docker.sock', --userland-proxy=false]