deleted file mode 100644

@@ -1,32 +0,0 @@

-package node

-

-import (

-	"fmt"

-

-	"github.com/docker/docker/api/client"

-	"github.com/docker/docker/cli"

-	"github.com/docker/engine-api/types/swarm"

-	"github.com/spf13/cobra"

-)

-

-func newAcceptCommand(dockerCli *client.DockerCli) *cobra.Command {

-	return &cobra.Command{

-		Use:   "accept NODE [NODE...]",

-		Short: "Accept a node in the swarm",

-		Args:  cli.RequiresMinArgs(1),

-		RunE: func(cmd *cobra.Command, args []string) error {

-			return runAccept(dockerCli, args)

-		},

-	}

-}

-

-func runAccept(dockerCli *client.DockerCli, nodes []string) error {

-	accept := func(node *swarm.Node) error {

-		node.Spec.Membership = swarm.NodeMembershipAccepted

-		return nil

-	}

-	success := func(nodeID string) {

-		fmt.Fprintf(dockerCli.Out(), "Node %s accepted in the swarm.\n", nodeID)

-	}

-	return updateNodes(dockerCli, nodes, accept, success)

-}

@@ -23,7 +23,6 @@ func NewNodeCommand(dockerCli *client.DockerCli) *cobra.Command {

 		},

 	}

 	cmd.AddCommand(

-		newAcceptCommand(dockerCli),

 		newDemoteCommand(dockerCli),

 		newInspectCommand(dockerCli),

 		newListCommand(dockerCli),

@@ -16,7 +16,7 @@ import (

 )

 const (

-	listItemFmt = "%s\t%s\t%s\t%s\t%s\t%s\n"

+	listItemFmt = "%s\t%s\t%s\t%s\t%s\n"

 )

 type listOptions struct {

@@ -74,11 +74,10 @@ func printTable(out io.Writer, nodes []swarm.Node, info types.Info) {

 	// Ignore flushing errors

 	defer writer.Flush()

-	fmt.Fprintf(writer, listItemFmt, "ID", "HOSTNAME", "MEMBERSHIP", "STATUS", "AVAILABILITY", "MANAGER STATUS")

+	fmt.Fprintf(writer, listItemFmt, "ID", "HOSTNAME", "STATUS", "AVAILABILITY", "MANAGER STATUS")

 	for _, node := range nodes {

 		name := node.Description.Hostname

 		availability := string(node.Spec.Availability)

-		membership := string(node.Spec.Membership)

 		reachability := ""

 		if node.ManagerStatus != nil {

@@ -99,7 +98,6 @@ func printTable(out io.Writer, nodes []swarm.Node, info types.Info) {

 			listItemFmt,

 			ID,

 			name,

-			client.PrettyPrint(membership),

 			client.PrettyPrint(string(node.Status.State)),

 			client.PrettyPrint(availability),

 			client.PrettyPrint(reachability))

@@ -12,7 +12,6 @@ import (

 type nodeOptions struct {

 	annotations

 	role         string

-	membership   string

 	availability string

 }

@@ -45,14 +44,6 @@ func (opts *nodeOptions) ToNodeSpec() (swarm.NodeSpec, error) {

 		return swarm.NodeSpec{}, fmt.Errorf("invalid role %q, only worker and manager are supported", opts.role)

 	}

-	switch swarm.NodeMembership(strings.ToLower(opts.membership)) {

-	case swarm.NodeMembershipAccepted:

-		spec.Membership = swarm.NodeMembershipAccepted

-	case "":

-	default:

-		return swarm.NodeSpec{}, fmt.Errorf("invalid membership %q, only accepted is supported", opts.membership)

-	}

-

 	switch swarm.NodeAvailability(strings.ToLower(opts.availability)) {

 	case swarm.NodeAvailabilityActive:

 		spec.Availability = swarm.NodeAvailabilityActive

@@ -27,7 +27,6 @@ func newUpdateCommand(dockerCli *client.DockerCli) *cobra.Command {

 	flags := cmd.Flags()

 	flags.StringVar(&nodeOpts.role, flagRole, "", "Role of the node (worker/manager)")

-	flags.StringVar(&nodeOpts.membership, flagMembership, "", "Membership of the node (accepted/rejected)")

 	flags.StringVar(&nodeOpts.availability, flagAvailability, "", "Availability of the node (active/pause/drain)")

 	flags.Var(&nodeOpts.annotations.labels, flagLabelAdd, "Add or update a node label (key=value)")

 	labelKeys := opts.NewListOpts(nil)

@@ -76,13 +75,6 @@ func mergeNodeUpdate(flags *pflag.FlagSet) func(*swarm.Node) error {

 			}

 			spec.Role = swarm.NodeRole(str)

 		}

-		if flags.Changed(flagMembership) {

-			str, err := flags.GetString(flagMembership)

-			if err != nil {

-				return err

-			}

-			spec.Membership = swarm.NodeMembership(str)

-		}

 		if flags.Changed(flagAvailability) {

 			str, err := flags.GetString(flagAvailability)

 			if err != nil {

@@ -115,7 +107,6 @@ func mergeNodeUpdate(flags *pflag.FlagSet) func(*swarm.Node) error {

 const (

 	flagRole         = "role"

-	flagMembership   = "membership"

 	flagAvailability = "availability"

 	flagLabelAdd     = "label-add"

 	flagLabelRemove  = "label-rm"

@@ -506,7 +506,7 @@ func addServiceFlags(cmd *cobra.Command, opts *serviceOptions) {

 	flags.StringVar(&opts.endpoint.mode, flagEndpointMode, "", "Endpoint mode (vip or dnsrr)")

-	flags.BoolVar(&opts.registryAuth, flagRegistryAuth, false, "Send registry authentication details to Swarm agents")

+	flags.BoolVar(&opts.registryAuth, flagRegistryAuth, false, "Send registry authentication details to swarm agents")

 	flags.StringVar(&opts.logDriver.name, flagLogDriver, "", "Logging driver for service")

 	flags.Var(&opts.logDriver.opts, flagLogOpt, "Logging driver options")

@@ -25,6 +25,7 @@ func NewSwarmCommand(dockerCli *client.DockerCli) *cobra.Command {

 		newUpdateCommand(dockerCli),

 		newLeaveCommand(dockerCli),

 		newInspectCommand(dockerCli),

+		newJoinTokenCommand(dockerCli),

 	)

 	return cmd

 }

@@ -28,14 +28,11 @@ type initOptions struct {

 func newInitCommand(dockerCli *client.DockerCli) *cobra.Command {

 	opts := initOptions{

 		listenAddr: NewListenAddrOption(),

-		swarmOptions: swarmOptions{

-			autoAccept: NewAutoAcceptOption(),

-		},

 	}

 	cmd := &cobra.Command{

 		Use:   "init [OPTIONS]",

-		Short: "Initialize a Swarm",

+		Short: "Initialize a swarm",

 		Args:  cli.NoArgs,

 		RunE: func(cmd *cobra.Command, args []string) error {

 			return runInit(dockerCli, cmd.Flags(), opts)

@@ -53,12 +50,6 @@ func runInit(dockerCli *client.DockerCli, flags *pflag.FlagSet, opts initOptions

 	client := dockerCli.Client()

 	ctx := context.Background()

-	// If no secret was specified, we create a random one

-	if !flags.Changed("secret") {

-		opts.secret = generateRandomSecret()

-		fmt.Fprintf(dockerCli.Out(), "No --secret provided. Generated random secret:\n    %s\n\n", opts.secret)

-	}

-

 	req := swarm.InitRequest{

 		ListenAddr:      opts.listenAddr.String(),

 		ForceNewCluster: opts.forceNewCluster,

@@ -72,24 +63,5 @@ func runInit(dockerCli *client.DockerCli, flags *pflag.FlagSet, opts initOptions

 	fmt.Fprintf(dockerCli.Out(), "Swarm initialized: current node (%s) is now a manager.\n\n", nodeID)

-	// Fetch CAHash and Address from the API

-	info, err := client.Info(ctx)

-	if err != nil {

-		return err

-	}

-

-	node, _, err := client.NodeInspectWithRaw(ctx, nodeID)

-	if err != nil {

-		return err

-	}

-

-	if node.ManagerStatus != nil && info.Swarm.CACertHash != "" {

-		var secretArgs string

-		if opts.secret != "" {

-			secretArgs = "--secret " + opts.secret

-		}

-		fmt.Fprintf(dockerCli.Out(), "To add a worker to this swarm, run the following command:\n    docker swarm join %s \\\n    --ca-hash %s \\\n    %s\n", secretArgs, info.Swarm.CACertHash, node.ManagerStatus.Addr)

-	}

-

-	return nil

+	return printJoinCommand(ctx, dockerCli, nodeID, true, true)

 }

@@ -18,7 +18,7 @@ func newInspectCommand(dockerCli *client.DockerCli) *cobra.Command {

 	cmd := &cobra.Command{

 		Use:   "inspect [OPTIONS]",

-		Short: "Inspect the Swarm",

+		Short: "Inspect the swarm",

 		Args:  cli.NoArgs,

 		RunE: func(cmd *cobra.Command, args []string) error {

 			return runInspect(dockerCli, opts)

@@ -2,6 +2,7 @@ package swarm

 import (

 	"fmt"

+	"strings"

 	"github.com/docker/docker/api/client"

 	"github.com/docker/docker/cli"

@@ -13,9 +14,7 @@ import (

 type joinOptions struct {

 	remote     string

 	listenAddr NodeAddrOption

-	manager    bool

-	secret     string

-	CACertHash string

+	token      string

 }

 func newJoinCommand(dockerCli *client.DockerCli) *cobra.Command {

@@ -25,7 +24,7 @@ func newJoinCommand(dockerCli *client.DockerCli) *cobra.Command {

 	cmd := &cobra.Command{

 		Use:   "join [OPTIONS] HOST:PORT",

-		Short: "Join a Swarm as a node and/or manager",

+		Short: "Join a swarm as a node and/or manager",

 		Args:  cli.ExactArgs(1),

 		RunE: func(cmd *cobra.Command, args []string) error {

 			opts.remote = args[0]

@@ -35,9 +34,7 @@ func newJoinCommand(dockerCli *client.DockerCli) *cobra.Command {

 	flags := cmd.Flags()

 	flags.Var(&opts.listenAddr, flagListenAddr, "Listen address")

-	flags.BoolVar(&opts.manager, "manager", false, "Try joining as a manager.")

-	flags.StringVar(&opts.secret, flagSecret, "", "Secret for node acceptance")

-	flags.StringVar(&opts.CACertHash, "ca-hash", "", "Hash of the Root Certificate Authority certificate used for trusted join")

+	flags.StringVar(&opts.token, flagToken, "", "Token for entry into the swarm")

 	return cmd

 }

@@ -46,20 +43,29 @@ func runJoin(dockerCli *client.DockerCli, opts joinOptions) error {

 	ctx := context.Background()

 	req := swarm.JoinRequest{

-		Manager:     opts.manager,

-		Secret:      opts.secret,

+		JoinToken:   opts.token,

 		ListenAddr:  opts.listenAddr.String(),

 		RemoteAddrs: []string{opts.remote},

-		CACertHash:  opts.CACertHash,

 	}

 	err := client.SwarmJoin(ctx, req)

 	if err != nil {

 		return err

 	}

-	if opts.manager {

-		fmt.Fprintln(dockerCli.Out(), "This node joined a Swarm as a manager.")

+

+	info, err := client.Info(ctx)

+	if err != nil {

+		return err

+	}

+

+	_, _, err = client.NodeInspectWithRaw(ctx, info.Swarm.NodeID)

+	if err != nil {

+		// TODO(aaronl): is there a better way to do this?

+		if strings.Contains(err.Error(), "This node is not a swarm manager.") {

+			fmt.Fprintln(dockerCli.Out(), "This node joined a swarm as a worker.")

+		}

 	} else {

-		fmt.Fprintln(dockerCli.Out(), "This node joined a Swarm as a worker.")

+		fmt.Fprintln(dockerCli.Out(), "This node joined a swarm as a manager.")

 	}

+

 	return nil

 }

new file mode 100644

@@ -0,0 +1,110 @@

+package swarm

+

+import (

+	"errors"

+	"fmt"

+

+	"github.com/spf13/cobra"

+

+	"github.com/docker/docker/api/client"

+	"github.com/docker/docker/cli"

+	"github.com/docker/engine-api/types/swarm"

+	"golang.org/x/net/context"

+)

+

+const (

+	flagRotate = "rotate"

+	flagQuiet  = "quiet"

+)

+

+func newJoinTokenCommand(dockerCli *client.DockerCli) *cobra.Command {

+	var rotate, quiet bool

+

+	cmd := &cobra.Command{

+		Use:   "join-token [-q] [--rotate] (worker|manager)",

+		Short: "Manage join tokens",

+		Args:  cli.ExactArgs(1),

+		RunE: func(cmd *cobra.Command, args []string) error {

+			if args[0] != "worker" && args[0] != "manager" {

+				return errors.New("unknown role " + args[0])

+			}

+

+			client := dockerCli.Client()

+			ctx := context.Background()

+

+			if rotate {

+				var flags swarm.UpdateFlags

+

+				swarm, err := client.SwarmInspect(ctx)

+				if err != nil {

+					return err

+				}

+

+				if args[0] == "worker" {

+					flags.RotateWorkerToken = true

+				} else if args[0] == "manager" {

+					flags.RotateManagerToken = true

+				}

+

+				err = client.SwarmUpdate(ctx, swarm.Version, swarm.Spec, flags)

+				if err != nil {

+					return err

+				}

+			}

+

+			swarm, err := client.SwarmInspect(ctx)

+			if err != nil {

+				return err

+			}

+

+			if quiet {

+				if args[0] == "worker" {

+					fmt.Fprintln(dockerCli.Out(), swarm.JoinTokens.Worker)

+				} else if args[0] == "manager" {

+					fmt.Fprintln(dockerCli.Out(), swarm.JoinTokens.Manager)

+				}

+			} else {

+				info, err := client.Info(ctx)

+				if err != nil {

+					return err

+				}

+				return printJoinCommand(ctx, dockerCli, info.Swarm.NodeID, args[0] == "worker", args[0] == "manager")

+			}

+			return nil

+		},

+	}

+

+	flags := cmd.Flags()

+	flags.BoolVar(&rotate, flagRotate, false, "Rotate join token")

+	flags.BoolVarP(&quiet, flagQuiet, "q", false, "Only display token")

+

+	return cmd

+}

+

+func printJoinCommand(ctx context.Context, dockerCli *client.DockerCli, nodeID string, worker bool, manager bool) error {

+	client := dockerCli.Client()

+

+	swarm, err := client.SwarmInspect(ctx)

+	if err != nil {

+		return err

+	}

+

+	node, _, err := client.NodeInspectWithRaw(ctx, nodeID)

+	if err != nil {

+		return err

+	}

+

+	if node.ManagerStatus != nil {

+		if worker {

+			fmt.Fprintf(dockerCli.Out(), "To add a worker to this swarm, run the following command:\n    docker swarm join \\\n    --token %s \\\n    %s\n", swarm.JoinTokens.Worker, node.ManagerStatus.Addr)

+		}

+		if manager {

+			if worker {

+				fmt.Fprintln(dockerCli.Out())

+			}

+			fmt.Fprintf(dockerCli.Out(), "To add a manager to this swarm, run the following command:\n    docker swarm join \\\n    --token %s \\\n    %s\n", swarm.JoinTokens.Manager, node.ManagerStatus.Addr)

+		}

+	}

+

+	return nil

+}

@@ -19,7 +19,7 @@ func newLeaveCommand(dockerCli *client.DockerCli) *cobra.Command {

 	cmd := &cobra.Command{

 		Use:   "leave [OPTIONS]",

-		Short: "Leave a Swarm",

+		Short: "Leave a swarm",

 		Args:  cli.NoArgs,

 		RunE: func(cmd *cobra.Command, args []string) error {

 			return runLeave(dockerCli, opts)

@@ -15,29 +15,15 @@ import (

 const (

 	defaultListenAddr = "0.0.0.0:2377"

-	worker  = "WORKER"

-	manager = "MANAGER"

-	none    = "NONE"

-

-	flagAutoAccept          = "auto-accept"

 	flagCertExpiry          = "cert-expiry"

 	flagDispatcherHeartbeat = "dispatcher-heartbeat"

 	flagListenAddr          = "listen-addr"

-	flagSecret              = "secret"

+	flagToken               = "token"

 	flagTaskHistoryLimit    = "task-history-limit"

 	flagExternalCA          = "external-ca"

 )

-var (

-	defaultPolicies = []swarm.Policy{

-		{Role: worker, Autoaccept: true},

-		{Role: manager, Autoaccept: false},

-	}

-)

-

 type swarmOptions struct {

-	autoAccept          AutoAcceptOption

-	secret              string

 	taskHistoryLimit    int64

 	dispatcherHeartbeat time.Duration

 	nodeCertExpiry      time.Duration

@@ -84,71 +70,6 @@ func NewListenAddrOption() NodeAddrOption {

 	return NewNodeAddrOption(defaultListenAddr)

 }

-// AutoAcceptOption is a value type for auto-accept policy

-type AutoAcceptOption struct {

-	values map[string]struct{}

-}

-

-// String prints a string representation of this option

-func (o *AutoAcceptOption) String() string {

-	keys := []string{}

-	for key := range o.values {

-		keys = append(keys, fmt.Sprintf("%s=true", strings.ToLower(key)))

-	}

-	return strings.Join(keys, ", ")

-}

-

-// Set sets a new value on this option

-func (o *AutoAcceptOption) Set(acceptValues string) error {

-	for _, value := range strings.Split(acceptValues, ",") {

-		value = strings.ToUpper(value)

-		switch value {

-		case none, worker, manager:

-			o.values[value] = struct{}{}

-		default:

-			return fmt.Errorf("must be one / combination of %s, %s; or NONE", worker, manager)

-		}

-	}

-	// NONE must stand alone, so if any non-NONE setting exist with it, error with conflict

-	if o.isPresent(none) && len(o.values) > 1 {

-		return fmt.Errorf("value NONE cannot be specified alongside other node types")

-	}

-	return nil

-}

-

-// Type returns the type of this option

-func (o *AutoAcceptOption) Type() string {

-	return "auto-accept"

-}

-

-// Policies returns a representation of this option for the api

-func (o *AutoAcceptOption) Policies(secret *string) []swarm.Policy {

-	policies := []swarm.Policy{}

-	for _, p := range defaultPolicies {

-		if len(o.values) != 0 {

-			if _, ok := o.values[string(p.Role)]; ok {

-				p.Autoaccept = true

-			} else {

-				p.Autoaccept = false

-			}

-		}

-		p.Secret = secret

-		policies = append(policies, p)

-	}

-	return policies

-}

-

-// isPresent returns whether the key exists in the set or not

-func (o *AutoAcceptOption) isPresent(key string) bool {

-	_, c := o.values[key]

-	return c

-}

-

-// NewAutoAcceptOption returns a new auto-accept option

-func NewAutoAcceptOption() AutoAcceptOption {

-	return AutoAcceptOption{values: make(map[string]struct{})}

-}

-

 // ExternalCAOption is a Value type for parsing external CA specifications.

 type ExternalCAOption struct {

 	values []*swarm.ExternalCA

@@ -239,8 +160,6 @@ func parseExternalCA(caSpec string) (*swarm.ExternalCA, error) {

 }

 func addSwarmFlags(flags *pflag.FlagSet, opts *swarmOptions) {

-	flags.Var(&opts.autoAccept, flagAutoAccept, "Auto acceptance policy (worker, manager or none)")

-	flags.StringVar(&opts.secret, flagSecret, "", "Set secret value needed to join a cluster")

 	flags.Int64Var(&opts.taskHistoryLimit, flagTaskHistoryLimit, 10, "Task history retention limit")

 	flags.DurationVar(&opts.dispatcherHeartbeat, flagDispatcherHeartbeat, time.Duration(5*time.Second), "Dispatcher heartbeat period")

 	flags.DurationVar(&opts.nodeCertExpiry, flagCertExpiry, time.Duration(90*24*time.Hour), "Validity period for node certificates")

@@ -249,11 +168,6 @@ func addSwarmFlags(flags *pflag.FlagSet, opts *swarmOptions) {

 func (opts *swarmOptions) ToSpec() swarm.Spec {

 	spec := swarm.Spec{}

-	if opts.secret != "" {

-		spec.AcceptancePolicy.Policies = opts.autoAccept.Policies(&opts.secret)

-	} else {

-		spec.AcceptancePolicy.Policies = opts.autoAccept.Policies(nil)

-	}

 	spec.Orchestration.TaskHistoryRetentionLimit = opts.taskHistoryLimit

 	spec.Dispatcher.HeartbeatPeriod = uint64(opts.dispatcherHeartbeat.Nanoseconds())

 	spec.CAConfig.NodeCertExpiry = opts.nodeCertExpiry

@@ -4,7 +4,6 @@ import (

 	"testing"

 	"github.com/docker/docker/pkg/testutil/assert"

-	"github.com/docker/engine-api/types/swarm"

 )

 func TestNodeAddrOptionSetHostAndPort(t *testing.T) {

@@ -36,101 +35,3 @@ func TestNodeAddrOptionSetInvalidFormat(t *testing.T) {

 	opt := NewListenAddrOption()

 	assert.Error(t, opt.Set("http://localhost:4545"), "Invalid")

 }

-

-func TestAutoAcceptOptionSetWorker(t *testing.T) {

-	opt := NewAutoAcceptOption()

-	assert.NilError(t, opt.Set("worker"))

-	assert.Equal(t, opt.isPresent(worker), true)

-}

-

-func TestAutoAcceptOptionSetManager(t *testing.T) {

-	opt := NewAutoAcceptOption()

-	assert.NilError(t, opt.Set("manager"))

-	assert.Equal(t, opt.isPresent(manager), true)

-}

-

-func TestAutoAcceptOptionSetInvalid(t *testing.T) {

-	opt := NewAutoAcceptOption()

-	assert.Error(t, opt.Set("bogus"), "must be one / combination")

-}

-

-func TestAutoAcceptOptionSetEmpty(t *testing.T) {

-	opt := NewAutoAcceptOption()

-	assert.Error(t, opt.Set(""), "must be one / combination")

-}

-

-func TestAutoAcceptOptionSetNone(t *testing.T) {

-	opt := NewAutoAcceptOption()

-	assert.NilError(t, opt.Set("none"))

-	assert.Equal(t, opt.isPresent(manager), false)

-	assert.Equal(t, opt.isPresent(worker), false)

-}

-

-func TestAutoAcceptOptionSetTwo(t *testing.T) {

-	opt := NewAutoAcceptOption()

-	assert.NilError(t, opt.Set("worker,manager"))

-	assert.Equal(t, opt.isPresent(manager), true)

-	assert.Equal(t, opt.isPresent(worker), true)

-}

-

-func TestAutoAcceptOptionSetConflict(t *testing.T) {

-	opt := NewAutoAcceptOption()

-	assert.Error(t, opt.Set("none,manager"), "value NONE cannot be specified alongside other node types")

-

-	opt = NewAutoAcceptOption()

-	assert.Error(t, opt.Set("none,worker"), "value NONE cannot be specified alongside other node types")

-

-	opt = NewAutoAcceptOption()

-	assert.Error(t, opt.Set("worker,none,manager"), "value NONE cannot be specified alongside other node types")

-

-	opt = NewAutoAcceptOption()

-	assert.Error(t, opt.Set("worker,manager,none"), "value NONE cannot be specified alongside other node types")

-}

-

-func TestAutoAcceptOptionPoliciesDefault(t *testing.T) {

-	opt := NewAutoAcceptOption()

-	secret := "thesecret"

-

-	policies := opt.Policies(&secret)

-	assert.Equal(t, len(policies), 2)

-	assert.Equal(t, policies[0], swarm.Policy{

-		Role:       worker,

-		Autoaccept: true,

-		Secret:     &secret,

-	})

-	assert.Equal(t, policies[1], swarm.Policy{

-		Role:       manager,

-		Autoaccept: false,

-		Secret:     &secret,

-	})

-}

-

-func TestAutoAcceptOptionPoliciesWithManager(t *testing.T) {

-	opt := NewAutoAcceptOption()

-	secret := "thesecret"

-

-	assert.NilError(t, opt.Set("manager"))

-

-	policies := opt.Policies(&secret)

-	assert.Equal(t, len(policies), 2)

-	assert.Equal(t, policies[0], swarm.Policy{

-		Role:       worker,

-		Autoaccept: false,

-		Secret:     &secret,

-	})

-	assert.Equal(t, policies[1], swarm.Policy{

-		Role:       manager,

-		Autoaccept: true,

-		Secret:     &secret,

-	})

-}

-

-func TestAutoAcceptOptionString(t *testing.T) {

-	opt := NewAutoAcceptOption()

-	assert.NilError(t, opt.Set("manager"))

-	assert.NilError(t, opt.Set("worker"))

-

-	repr := opt.String()

-	assert.Contains(t, repr, "worker=true")

-	assert.Contains(t, repr, "manager=true")

-}

deleted file mode 100644

@@ -1,19 +0,0 @@

-package swarm

-

-import (

-	cryptorand "crypto/rand"

-	"fmt"

-	"math/big"

-)

-

-func generateRandomSecret() string {

-	var secretBytes [generatedSecretEntropyBytes]byte

-

-	if _, err := cryptorand.Read(secretBytes[:]); err != nil {

-		panic(fmt.Errorf("failed to read random bytes: %v", err))

-	}

-

-	var nn big.Int

-	nn.SetBytes(secretBytes[:])

-	return fmt.Sprintf("%0[1]*s", maxGeneratedSecretLength, nn.Text(generatedSecretBase))

-}

@@ -13,11 +13,11 @@ import (

 )

 func newUpdateCommand(dockerCli *client.DockerCli) *cobra.Command {

-	opts := swarmOptions{autoAccept: NewAutoAcceptOption()}

+	opts := swarmOptions{}

 	cmd := &cobra.Command{

 		Use:   "update [OPTIONS]",

-		Short: "Update the Swarm",

+		Short: "Update the swarm",

 		Args:  cli.NoArgs,

 		RunE: func(cmd *cobra.Command, args []string) error {

 			return runUpdate(dockerCli, cmd.Flags(), opts)

@@ -32,6 +32,8 @@ func runUpdate(dockerCli *client.DockerCli, flags *pflag.FlagSet, opts swarmOpti

 	client := dockerCli.Client()

 	ctx := context.Background()

+	var updateFlags swarm.UpdateFlags

+

 	swarm, err := client.SwarmInspect(ctx)

 	if err != nil {

 		return err

@@ -42,7 +44,7 @@ func runUpdate(dockerCli *client.DockerCli, flags *pflag.FlagSet, opts swarmOpti

 		return err

 	}

-	err = client.SwarmUpdate(ctx, swarm.Version, swarm.Spec)

+	err = client.SwarmUpdate(ctx, swarm.Version, swarm.Spec, updateFlags)

 	if err != nil {

 		return err

 	}

@@ -55,21 +57,6 @@ func runUpdate(dockerCli *client.DockerCli, flags *pflag.FlagSet, opts swarmOpti

 func mergeSwarm(swarm *swarm.Swarm, flags *pflag.FlagSet) error {

 	spec := &swarm.Spec

-	if flags.Changed(flagAutoAccept) {

-		value := flags.Lookup(flagAutoAccept).Value.(*AutoAcceptOption)

-		spec.AcceptancePolicy.Policies = value.Policies(nil)

-	}

-

-	var psecret *string

-	if flags.Changed(flagSecret) {

-		secret, _ := flags.GetString(flagSecret)

-		psecret = &secret

-	}

-

-	for i := range spec.AcceptancePolicy.Policies {

-		spec.AcceptancePolicy.Policies[i].Secret = psecret

-	}

-

 	if flags.Changed(flagTaskHistoryLimit) {

 		spec.Orchestration.TaskHistoryRetentionLimit, _ = flags.GetInt64(flagTaskHistoryLimit)

 	}

@@ -85,7 +85,6 @@ func runInfo(dockerCli *client.DockerCli) error {

 		if info.Swarm.ControlAvailable {

 			fmt.Fprintf(dockerCli.Out(), " Managers: %d\n", info.Swarm.Managers)

 			fmt.Fprintf(dockerCli.Out(), " Nodes: %d\n", info.Swarm.Nodes)

-			ioutils.FprintfIfNotEmpty(dockerCli.Out(), " CA Certificate Hash: %s\n", info.Swarm.CACertHash)

 		}

 	}

@@ -11,7 +11,7 @@ type Backend interface {

 	Join(req types.JoinRequest) error

 	Leave(force bool) error

 	Inspect() (types.Swarm, error)

-	Update(uint64, types.Spec) error

+	Update(uint64, types.Spec, types.UpdateFlags) error

 	GetServices(basictypes.ServiceListOptions) ([]types.Service, error)

 	GetService(string) (types.Service, error)

 	CreateService(types.ServiceSpec, string) (string, error)

@@ -66,7 +66,15 @@ func (sr *swarmRouter) updateCluster(ctx context.Context, w http.ResponseWriter,

 		return fmt.Errorf("Invalid swarm version '%s': %s", rawVersion, err.Error())

 	}

-	if err := sr.backend.Update(version, swarm); err != nil {

+	var flags types.UpdateFlags

+	if r.URL.Query().Get("rotate_worker_token") == "true" {

+		flags.RotateWorkerToken = true

+	}

+	if r.URL.Query().Get("rotate_manager_token") == "true" {

+		flags.RotateManagerToken = true

+	}

+

+	if err := sr.backend.Update(version, swarm, flags); err != nil {

 		logrus.Errorf("Error configuring swarm: %v", err)

 		return err

 	}

@@ -1087,7 +1087,7 @@ __docker_service_subcommand() {

         "($help)--name=[Service name]:name: "

         "($help)*--network=[Network attachments]:network: "

         "($help)*"{-p=,--publish=}"[Publish a port as a node port]:port: "

-        "($help)--registry-auth[Send registry authentication details to Swarm agents]"

+        "($help)--registry-auth[Send registry authentication details to swarm agents]"

         "($help)--replicas=[Number of tasks]:replicas: "

         "($help)--reserve-cpu=[Reserve CPUs]:value: "

         "($help)--reserve-memory=[Reserve Memory]:value: "

@@ -1185,11 +1185,11 @@ __docker_service_subcommand() {

 __docker_swarm_commands() {

     local -a _docker_swarm_subcommands

     _docker_swarm_subcommands=(

-        "init:Initialize a Swarm"

-        "inspect:Inspect the Swarm"

-        "join:Join a Swarm as a node and/or manager"

-        "leave:Leave a Swarm"

-        "update:Update the Swarm"

+        "init:Initialize a swarm"

+        "inspect:Inspect the swarm"

+        "join:Join a swarm as a node and/or manager"

+        "leave:Leave a swarm"

+        "update:Update the swarm"

     )

     _describe -t docker-swarm-commands "docker swarm command" _docker_swarm_subcommands

 }

@@ -13,7 +13,6 @@ import (

 	"google.golang.org/grpc"

 	"github.com/Sirupsen/logrus"

-	"github.com/docker/distribution/digest"

 	"github.com/docker/docker/daemon/cluster/convert"

 	executorpkg "github.com/docker/docker/daemon/cluster/executor"

 	"github.com/docker/docker/daemon/cluster/executor/container"

@@ -42,16 +41,16 @@ const (

 )

 // ErrNoSwarm is returned on leaving a cluster that was never initialized

-var ErrNoSwarm = fmt.Errorf("This node is not part of Swarm")

+var ErrNoSwarm = fmt.Errorf("This node is not part of swarm")

 // ErrSwarmExists is returned on initialize or join request for a cluster that has already been activated

-var ErrSwarmExists = fmt.Errorf("This node is already part of a Swarm cluster. Use \"docker swarm leave\" to leave this cluster and join another one.")

+var ErrSwarmExists = fmt.Errorf("This node is already part of a swarm cluster. Use \"docker swarm leave\" to leave this cluster and join another one.")

 // ErrPendingSwarmExists is returned on initialize or join request for a cluster that is already processing a similar request but has not succeeded yet.

 var ErrPendingSwarmExists = fmt.Errorf("This node is processing an existing join request that has not succeeded yet. Use \"docker swarm leave\" to cancel the current request.")

 // ErrSwarmJoinTimeoutReached is returned when cluster join could not complete before timeout was reached.

-var ErrSwarmJoinTimeoutReached = fmt.Errorf("Timeout was reached before node was joined. Attempt to join the cluster will continue in the background. Use \"docker info\" command to see the current Swarm status of your node.")

+var ErrSwarmJoinTimeoutReached = fmt.Errorf("Timeout was reached before node was joined. Attempt to join the cluster will continue in the background. Use \"docker info\" command to see the current swarm status of your node.")

 // defaultSpec contains some sane defaults if cluster options are missing on init

 var defaultSpec = types.Spec{

@@ -127,7 +126,7 @@ func New(config Config) (*Cluster, error) {

 		return nil, err

 	}

-	n, err := c.startNewNode(false, st.ListenAddr, "", "", "", false)

+	n, err := c.startNewNode(false, st.ListenAddr, "", "")

 	if err != nil {

 		return nil, err

 	}

@@ -196,7 +195,7 @@ func (c *Cluster) reconnectOnFailure(n *node) {

 			return

 		}

 		var err error

-		n, err = c.startNewNode(false, c.listenAddr, c.getRemoteAddress(), "", "", false)

+		n, err = c.startNewNode(false, c.listenAddr, c.getRemoteAddress(), "")

 		if err != nil {

 			c.err = err

 			close(n.done)

@@ -205,7 +204,7 @@ func (c *Cluster) reconnectOnFailure(n *node) {

 	}

 }

-func (c *Cluster) startNewNode(forceNewCluster bool, listenAddr, joinAddr, secret, cahash string, ismanager bool) (*node, error) {

+func (c *Cluster) startNewNode(forceNewCluster bool, listenAddr, joinAddr, joinToken string) (*node, error) {

 	if err := c.config.Backend.IsSwarmCompatible(); err != nil {

 		return nil, err

 	}

@@ -219,12 +218,10 @@ func (c *Cluster) startNewNode(forceNewCluster bool, listenAddr, joinAddr, secre

 		ListenRemoteAPI:  listenAddr,

 		JoinAddr:         joinAddr,

 		StateDir:         c.root,

-		CAHash:           cahash,

-		Secret:           secret,

+		JoinToken:        joinToken,

 		Executor:         container.NewExecutor(c.config.Backend),

 		HeartbeatTick:    1,

 		ElectionTick:     3,

-		IsManager:        ismanager,

 	})

 	if err != nil {

 		return nil, err

@@ -291,7 +288,7 @@ func (c *Cluster) Init(req types.InitRequest) (string, error) {

 	if node := c.node; node != nil {

 		if !req.ForceNewCluster {

 			c.Unlock()

-			return "", errSwarmExists(node)

+			return "", ErrSwarmExists

 		}

 		if err := c.stopNode(); err != nil {

 			c.Unlock()

@@ -305,7 +302,7 @@ func (c *Cluster) Init(req types.InitRequest) (string, error) {

 	}