Bug 1471210 - Cannot enable signature verification for docker-latest
Cannot enable signature verification for docker-latest
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: docker-latest (Show other bugs)
7.3
Unspecified Unspecified
unspecified Severity medium
: rc
: ---
Assigned To: Lokesh Mandvekar
atomic-bugs@redhat.com
: Extras
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-14 13:19 EDT by Aaron Weitekamp
Modified: 2017-07-27 07:28 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Aaron Weitekamp 2017-07-14 13:19:28 EDT
Description of problem:
When enabling signature verification to docker-latest via /etc/sysconfig/docker-latest, service cannot start.

Version-Release number of selected component (if applicable):
$ cat /etc/redhat-release
Red Hat Enterprise Linux Atomic Host release 7.3
$ rpm -q docker-latest
docker-latest-1.13.1-13.gitb303bf6.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. add '--signature-verification=true' to OPTIONS in /etc/sysconfig/docker-latest
2. restart docker-latest

Actual results:
unable to configure the Docker daemon with file /etc/docker-latest/daemon.json: the following directives are specified both as a flag and in the configuration file: signature-verification: (from flag: true, from file: false)

Expected results:
docker-latest restart

Additional info:

Workaround:
1. Edit /etc/docker-latest/daemon.json 'signature-verification": true'
2. remove --signature-verification=true from /etc/sysconfig/docker-latest
3. restart docker-latest

NOTE: /etc/docker/daemon.json content is simply '{}'
Comment 2 Lokesh Mandvekar 2017-07-14 13:50:55 EDT
For docker-latest, the workaround mentioned would be the preferred way to do this. We're avoiding adding options to /etc/sysconfig/docker-latest in favor or /etc/docker-latest/daemon.json

RE: /etc/docker/daemon.json, Scott mentioned we need to ensure a smooth transition from /etc/sysconfig/docker to /etc/docker/daemon.json, however adding options in both places is not allowed so far.

Note You need to log in before you can comment on or make changes to this bug.