Swarm Cluster contains TLS keys which are by default in open text format. Its thus a good idea to lock it
Docker Lock allows us to have control over the keys.
Swarm certificates by default are stored in open text format
root@swarm100:/var/lib/docker/swarm/certificates# pwd
/var/lib/docker/swarm/certificates
root@swarm100:/var/lib/docker/swarm/certificates# ls -l
total 12
-rw-r–r– 1 root root 826 Aug 14 22:00 swarm-node.crt
-rw——- 1 root root 316 Aug 14 22:00 swarm-node.key
-rw-r–r– 1 root root 554 Aug 14 22:00 swarm-root-ca.crt
Enable or disable autolock on an existing swarm
docker swarm update –autolock=true
Swarm updated.
To unlock a swarm manager after it restarts, run the `docker swarm unlock`
command and provide the following key:
SWMKEY-1-Ks2bW8Kivk4U32BeMV71W+qYWnpubXfnXVCdhobvHKI
Please remember to store this key in a password manager, since without it you
will not be able to restart the manager.
Restart docker service on swarm manager
sudo systemctl stop docker
Add Your Heading Text Here
docker node ls
Error response from daemon: Swarm is encrypted and needs to be unlocked before it can be used. Please use “docker swarm unlock” to unlock it.
docker swarm unlock
Please enter unlock key:
SWMKEY-1-Ks2bW8Kivk4U32BeMV71W+qYWnpubXfnXVCdhobvHKI
docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
t3h48w6md027h3clj0b9udkst * swarm100 Ready Active Leader 19.03.12
dtxxg2tpzmgkc4z5rialfb12t swarm101 Unknown Active 19.03.12
qd0dslmu9mbdydh6v3a1xkqby swarm102 Unknown Active 19.03.12
csyb0b5uxsapctldm429bl4y1 swarm103 Unknown Active 19.03.12
