You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2013/12/10 03:12:07 UTC

[jira] [Commented] (KNOX-105) Command line tooling for CMF provisioning

    [ https://issues.apache.org/jira/browse/KNOX-105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13843839#comment-13843839 ] 

Larry McCay commented on KNOX-105:
----------------------------------

One option for this tooling is to:
* start from a copy of GatewayServer - call it GatewayTooling or GatewayCLI something like that
* will need to create only those gateway services needed for the tooling, master, keystore, alias
* it would require it to be run from a Knox install with expected config and layout

User interaction to add an alias:
* run gatewayCLI providing appropriate values for:
 --add-alias alias
 --clusterName name
* gatewayCLI prompts for master password (through the masterService) using the java console interface
 - user provides master password - this will need to be the same for the entire Knox cluster
* gatewayCLI implementation processes CLI arguments and:
 - creates the credential store as needed
 - prompts the user for a password using the java console
 - adds the alias through the AliasService and writes the {clustername}-credentials.jceks store to conf/security/keystores

> Command line tooling for CMF provisioning
> -----------------------------------------
>
>                 Key: KNOX-105
>                 URL: https://issues.apache.org/jira/browse/KNOX-105
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 0.3.0
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>             Fix For: 0.4.0
>
>
> We need to be able to create CMF artifacts that can be provisioned to an installation and discovered on startup. This will include: master secret file, credential and key stores. Initial deliverable needs to address master file. This will allow cluster provisioning to discover a master secret without a need for a console for the user to provide one. The rest of the artifacts can be generated at runtime for dev/test environments. Subsequently, we will need the key and credential stores for production environment discovery.



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)