diff --git a/docs/config.md b/docs/config.md index efb1ec5d..ae08689d 100644 --- a/docs/config.md +++ b/docs/config.md @@ -2,6 +2,10 @@ The configuration of RancherOS is on a single configuration file called rancher.yml. You can either use `rancherctl config` to edit and interact with this file or edit `/var/lib/rancher/conf/rancher.yml` directly. It is safer to use `rancherctl config`. +## rancherctl + +[`rancherctl`](rancherctl.md) is the main command to interact with RancherOS configuration, to the the [full documentation](rancherctl.md). + ## Networking RancherOS provides very basic support to get networking up. diff --git a/docs/rancherctl-config.md b/docs/rancherctl-config.md new file mode 100644 index 00000000..33f41f75 --- /dev/null +++ b/docs/rancherctl-config.md @@ -0,0 +1,59 @@ +# rancherctl config + +`rancherctl config` is used to manipulate the configuration of RancherOS stored +in `/var/lib/rancher/conf/rancher.yml`. You are still free to edit that file +directly, but by using `rancherctl config` it is safer and often more convenient. + +For all changes to configuration, you must reboot for them to take effect. + +## Sub commands + +| Command | Description | +|----------|-------------------------------------------------| +| get | get value | +| set | set a value | +| import | import configuration from standard in or a file | +| export | export configuration | +| merge | merge configuration from stdin | + +## Examples + +Set a simple value in the `rancher.yml` + + rancherctl config set user_docker.tls true + +Set a list in the `rancher.yml` + + rancherctl config set network.dns.nameservers '[8.8.8.8,8.8.4.4]' + +Get a simple value in `rancher.yml` + + rancherctl config set user_docker.tls true + +Import the `rancher.yml` from a file + + rancherctl config import -i local-rancher.yml + +Export the `rancher.yml` to a file + + rancherctl config export -o local-rancher.yml + +Dump the full configuration, not just the changes in `rancher.yml` + + rancherctl config export --full + +Dump the configuration, including the certificates and private keys + + rancherctl config export --private + +Merge in a configuration fragment + +```bash +rancherctl config merge << "EOF" +network: + dns: + nameservers: + - 8.8.8.8 + - 8.8.4.4 +EOF +``` diff --git a/docs/rancherctl-tls.md b/docs/rancherctl-tls.md new file mode 100644 index 00000000..b7898ebe --- /dev/null +++ b/docs/rancherctl-tls.md @@ -0,0 +1,46 @@ +# rancherctl tls + +`rancherctl tls` is used to generate both the client and server TLS certificates +for Docker. + +## Enabling TLS + +For TLS to be used with Docker you must first enable TLS, this can be done by doing + + sudo rancherctl config set user_docker.tls true + sudo system-docker restart userdocker + + +## Sub commands + +| Command | Description | +|----------|------------------------------------------| +| generate | Generates client and server certificates | + +## End to end example + +### Enabled TLS for Docker + + sudo rancherctl config set user_docker.tls true + +### Generate server certificate. + +A server certificate must be generated for the hostname under which +you will access the server. You can use an IP, "localhost", or "foo.example.com". + + sudo rancherctl tls generate -s --hostname localhost --hostname something.example.com + sudo system-docker restart userdocker + +### Generate client certificate + +One or more client certificates must be generated so that you can access Docker + + sudo rancherctl tls generate + sudo chown -R rancher ${HOME}/.docker + +The above command will store the generated certificate in `${HOME}/.docker`. + +### Test certificates + + export DOCKER_HOST=tcp://localhost:2376 DOCKER_TLS_VERIFY=1 + docker ps diff --git a/docs/rancherctl.md b/docs/rancherctl.md new file mode 100644 index 00000000..34af8139 --- /dev/null +++ b/docs/rancherctl.md @@ -0,0 +1,12 @@ +# rancherctl + +`rancherctl` is used to configure and control RancherOS + +| Command | Description +|-------------|--------------------- +| [config](1) | Manage `rancher.yml` +| [tls](2) | Manage TLS configuration + + + [1]: rancherctl-config.md + [2]: rancherctl-tls.md