Documented that COMPOSE_TLS_VERSION is included in env (#2298)

vmware · Jan 11, 2019 · f2c361b · f2c361b
1 parent 6c70631
commit f2c361b
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 14 deletions.
diff --git a/docs/user_doc/vic_app_dev/configure_docker_client.md b/docs/user_doc/vic_app_dev/configure_docker_client.md
@@ -6,6 +6,7 @@ vSphere Integrated Containers Engine 1.5 supports Docker client 1.13.0. The supp
 
 - [Connecting to the VCH](#connectvch)
 - [Using Docker Environment Variables](#variables)
+- [Using `docker-compose` with TLS](#compose)
 - [Install the  vSphere Integrated Containers Registry Certificate](#registry)
   - [Obtain the vSphere Integrated Containers Registry CA Certificate](#getcert)
   - [Configure the Docker Client on Linux](#certlinux)
@@ -37,12 +38,24 @@ The contents of the `env` files are different depending on the level of authenti
 
 - Mutual TLS authentication with client and server certificates:  <pre>DOCKER_TLS_VERIFY=1 
 DOCKER_CERT_PATH=<i>client_certificate_path</i>\<i>vch_name</i> 
-DOCKER_HOST=<i>vch_address</i>:2376</pre>
-- TLS authentication with server certificates without client authentication:<pre>DOCKER_HOST=<i>vch_address</i>:2376</pre>
+DOCKER_HOST=<i>vch_address</i>:2376
+COMPOSE_TLS_VERSION=TLSv1_2</pre>
+- TLS authentication with server certificates without client authentication:<pre>DOCKER_HOST=<i>vch_address</i>:2376
+COMPOSE_TLS_VERSION=TLSv1_2</pre>
 - No `env` file is generated if the VCH does not implement TLS authentication.
 
 For information about how to obtain the `env` file, see [Obtain a VCH](obtain_vch.md). For information about the `env` files in Docker, see [`docker-machine env`](https://docs.docker.com/machine/reference/env/) in the Docker documentation.
 
+## Using `docker-compose` with TLS <a id="compose"></a>
+
+vSphere Integrated Containers supports TLS v1.2, so you must configure `docker-compose` to use TLS 1.2. However, `docker-compose` does not allow you to specify the TLS version on the command line. You must use environment variables to set the TLS version for `docker-compose`. For more information, see [`docker-compose` issue 4651](https://github.com/docker/compose/issues/4651). Furthermore, `docker-compose` has a limitation that requires you to set TLS options either by using command line options or by using environment variables. You cannot use a mixture of both command line options and environment variables. 
+
+To use `docker-compose` with vSphere Integrated Containers and TLS, set the following environment variables:<pre>COMPOSE_TLS_VERSION=TLSv1_2
+DOCKER_TLS_VERIFY=1
+DOCKER_CERT_PATH="<i>path to your certificate files</i>"</pre>
+
+You can find the exact variables to set in the <code><i>vch_name</i>.env</code> file that is generated during VCH deployment. The certificate file path must lead to `CA.pem`, `key.pem`, and `cert.pem`. You can run `docker-compose` with the following command:<pre>docker-compose -H <i>vch_address</i> up</pre>
+
 ## Install the  vSphere Integrated Containers Registry Certificate <a id="registry"></a>
 
 If your development environment uses vSphere Integrated Containers Registry or another private registry server that uses CA server certificates, you must pass the registry's CA certificate to the Docker client. The vSphere administrator must also have configured the VCH to access the registry.  

diff --git a/docs/user_doc/vic_app_dev/container_limitations.md b/docs/user_doc/vic_app_dev/container_limitations.md
@@ -36,14 +36,4 @@ vSphere Integrated Containers Engine includes these limitations:
 	- IPv6
 	- Service discovery
 - Containers can acquire DHCP addresses only if they are on a network that has DHCP.
-- When you use a standard Docker Engine, an image can have a maximum of 120 layers. When you use a vSphere Integrated Containers Engine virtual container host (VCH), an image can have a maximum of 90 layers. For more information, see [Pulling Images into VCHs Fails with Image Store Error](../vic_vsphere_admin/ts_imagestore_error.md) in the Troubleshooting section.
-
-## Using `docker-compose` with TLS
-
-vSphere Integrated Containers supports TLS v1.2, so you must configure `docker-compose` to use TLS 1.2. However, `docker-compose` does not allow you to specify the TLS version on the command line. You must use environment variables to set the TLS version for `docker-compose`. For more information, see [`docker-compose` issue 4651](https://github.com/docker/compose/issues/4651). Furthermore, `docker-compose` has a limitation that requires you to set TLS options either by using command line options or by using environment variables. You cannot use a mixture of both command line options and environment variables. 
-
-To use `docker-compose` with vSphere Integrated Containers and TLS, set the following environment variables:<pre>COMPOSE_TLS_VERSION=TLSv1_2
-DOCKER_TLS_VERIFY=1
-DOCKER_CERT_PATH="<i>path to your certificate files</i>"</pre>
-
-The certificate file path must lead to `CA.pem`, `key.pem`, and `cert.pem`. You can run `docker-compose` with the following command:<pre>docker-compose -H <i>vch_address</i> up</pre>
+- When you use a standard Docker Engine, an image can have a maximum of 120 layers. When you use a vSphere Integrated Containers Engine virtual container host (VCH), an image can have a maximum of 90 layers. For more information, see [Pulling Images into VCHs Fails with Image Store Error](../vic_vsphere_admin/ts_imagestore_error.md) in the Troubleshooting section.
diff --git a/docs/user_doc/vic_app_dev/deploy_multiple_docker_compose.md b/docs/user_doc/vic_app_dev/deploy_multiple_docker_compose.md
@@ -176,7 +176,7 @@ To view a list of volume stores that have been pre-configured by the vSphere adm
 
 Assuming you're using TLS authentication to the Docker endpoint, that is either done using environment variables or command-line options. 
 
-With environment variables, it's assumed that you've already set `DOCKER_TLS_VERIFY=1` and `DOCKER_CERT_PATH=<path to client certs>`. This is required in order to use the Docker client. For `docker-compose` you have to additionally set `COMPOSE_TLS_VERSION=TLSv1_2`. You can then run `docker-compose up -d` to start the application (assuming you've also set `DOCKER_HOST` to point to the VCH endpoint).
+With environment variables, it's assumed that you've already set `DOCKER_TLS_VERIFY=1` and `DOCKER_CERT_PATH=<path to client certs>`. This is required in order to use the Docker client. For `docker-compose` you have to additionally set `COMPOSE_TLS_VERSION=TLSv1_2`. You can find the exact variables to set in the <code><i>vch_name</i>.env<code> file that is generated during VCH deployment. You can then run `docker-compose up -d` to start the application (assuming you've also set `DOCKER_HOST` to point to the VCH endpoint).
 
 Using command-line arguments with Docker client is a little more clumsy as each key has to be specified independently and the same is true of `docker-compose`. Regardless, the only way to specify the TLS version is through the environment variable above `COMPOSE_TLS_VERSION=TLSv1_2`. You can then run `docker-compose -H <endpoint-ip>:2376 --tlsverify --tlscacert="<local-ca-path>/ca.pem" --tlscert="<local-ca-path>/cert.pem" --tlskey="<local-ca-path>/key.pem" compose up -d`