You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2019/07/25 19:06:45 UTC
svn commit: r1863759 - in /knox: site/books/knox-0-12-0/
site/books/knox-0-13-0/ site/books/knox-0-14-0/ site/books/knox-1-0-0/
site/books/knox-1-1-0/ site/books/knox-1-2-0/ site/books/knox-1-3-0/
site/books/knox-1-4-0/ trunk/books/1.3.0/
Author: lmccay
Date: Thu Jul 25 19:06:44 2019
New Revision: 1863759
URL: http://svn.apache.org/viewvc?rev=1863759&view=rev
Log:
added KnoxSh buildTrustStore command docs
Modified:
knox/site/books/knox-0-12-0/deployment-overview.png
knox/site/books/knox-0-12-0/deployment-provider.png
knox/site/books/knox-0-12-0/deployment-service.png
knox/site/books/knox-0-12-0/general_saml_flow.png
knox/site/books/knox-0-12-0/runtime-overview.png
knox/site/books/knox-0-12-0/runtime-request-processing.png
knox/site/books/knox-0-13-0/deployment-overview.png
knox/site/books/knox-0-13-0/deployment-provider.png
knox/site/books/knox-0-13-0/deployment-service.png
knox/site/books/knox-0-13-0/general_saml_flow.png
knox/site/books/knox-0-13-0/runtime-overview.png
knox/site/books/knox-0-13-0/runtime-request-processing.png
knox/site/books/knox-0-14-0/deployment-overview.png
knox/site/books/knox-0-14-0/deployment-provider.png
knox/site/books/knox-0-14-0/deployment-service.png
knox/site/books/knox-0-14-0/general_saml_flow.png
knox/site/books/knox-0-14-0/runtime-overview.png
knox/site/books/knox-0-14-0/runtime-request-processing.png
knox/site/books/knox-1-0-0/deployment-overview.png
knox/site/books/knox-1-0-0/deployment-provider.png
knox/site/books/knox-1-0-0/deployment-service.png
knox/site/books/knox-1-0-0/general_saml_flow.png
knox/site/books/knox-1-0-0/runtime-overview.png
knox/site/books/knox-1-0-0/runtime-request-processing.png
knox/site/books/knox-1-1-0/deployment-overview.png
knox/site/books/knox-1-1-0/deployment-provider.png
knox/site/books/knox-1-1-0/deployment-service.png
knox/site/books/knox-1-1-0/general_saml_flow.png
knox/site/books/knox-1-1-0/runtime-overview.png
knox/site/books/knox-1-1-0/runtime-request-processing.png
knox/site/books/knox-1-2-0/deployment-overview.png
knox/site/books/knox-1-2-0/deployment-provider.png
knox/site/books/knox-1-2-0/deployment-service.png
knox/site/books/knox-1-2-0/general_saml_flow.png
knox/site/books/knox-1-2-0/runtime-overview.png
knox/site/books/knox-1-2-0/runtime-request-processing.png
knox/site/books/knox-1-3-0/deployment-overview.png
knox/site/books/knox-1-3-0/deployment-provider.png
knox/site/books/knox-1-3-0/deployment-service.png
knox/site/books/knox-1-3-0/general_saml_flow.png
knox/site/books/knox-1-3-0/runtime-overview.png
knox/site/books/knox-1-3-0/runtime-request-processing.png
knox/site/books/knox-1-3-0/user-guide.html
knox/site/books/knox-1-4-0/deployment-overview.png
knox/site/books/knox-1-4-0/deployment-provider.png
knox/site/books/knox-1-4-0/deployment-service.png
knox/site/books/knox-1-4-0/general_saml_flow.png
knox/site/books/knox-1-4-0/runtime-overview.png
knox/site/books/knox-1-4-0/runtime-request-processing.png
knox/trunk/books/1.3.0/book_client-details.md
Modified: knox/site/books/knox-0-12-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-12-0/deployment-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-12-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-12-0/deployment-provider.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-12-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-12-0/deployment-service.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-12-0/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-12-0/general_saml_flow.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-12-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-12-0/runtime-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-12-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-12-0/runtime-request-processing.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-13-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-13-0/deployment-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-13-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-13-0/deployment-provider.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-13-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-13-0/deployment-service.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-13-0/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-13-0/general_saml_flow.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-13-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-13-0/runtime-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-13-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-13-0/runtime-request-processing.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-14-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-14-0/deployment-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-14-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-14-0/deployment-provider.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-14-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-14-0/deployment-service.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-14-0/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-14-0/general_saml_flow.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-14-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-14-0/runtime-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-14-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-14-0/runtime-request-processing.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-0-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-0-0/deployment-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-0-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-0-0/deployment-provider.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-0-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-0-0/deployment-service.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-0-0/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-0-0/general_saml_flow.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-0-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-0-0/runtime-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-0-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-0-0/runtime-request-processing.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-1-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/deployment-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-1-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/deployment-provider.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-1-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/deployment-service.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-1-0/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/general_saml_flow.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-1-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/runtime-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-1-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/runtime-request-processing.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-2-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-2-0/deployment-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-2-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-2-0/deployment-provider.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-2-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-2-0/deployment-service.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-2-0/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-2-0/general_saml_flow.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-2-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-2-0/runtime-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-2-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-2-0/runtime-request-processing.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-3-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-3-0/deployment-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-3-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-3-0/deployment-provider.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-3-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-3-0/deployment-service.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-3-0/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-3-0/general_saml_flow.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-3-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-3-0/runtime-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-3-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-3-0/runtime-request-processing.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-3-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-3-0/user-guide.html?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
--- knox/site/books/knox-1-3-0/user-guide.html (original)
+++ knox/site/books/knox-1-3-0/user-guide.html Thu Jul 25 19:06:44 2019
@@ -5504,7 +5504,8 @@ drwxr-xr-x@ 18 larry staff 612 Mar 1
<p>cd <code>{GATEWAY_CLIENT_HOME}</code></p></li>
<li>Get/setup truststore for the target Knox instance or fronting load balancer
<ul>
- <li>if you have access to the server you may use the command <code>knoxcli.sh export-cert --type JKS</code></li>
+ <li>As of 1.3.0 release you may use the KnoxShell command buildTrustStore to create the truststore. `</li>
+ <li>if you have access to the server you may also use the command <code>knoxcli.sh export-cert --type JKS</code></li>
<li>copy the resulting <code>gateway-client-identity.jks</code> to your user home directory</li>
</ul>
</li>
@@ -5555,6 +5556,9 @@ session.shutdown()
<li>The Hadoop.login method establishes a login session of sorts which will need to be provided to the various API classes as an argument.</li>
<li>The response text is easily retrieved as a string and can be parsed by the JsonSlurper or whatever you like</li>
</ol>
+<h3><a id="Build+Truststore+for+use+with+KnoxShell+Client+Applications">Build Truststore for use with KnoxShell Client Applications</a> <a href="#Build+Truststore+for+use+with+KnoxShell+Client+Applications"><img src="markbook-section-link.png"/></a></h3>
+<p>The buildTrustStore command in KnoxShell allows remote clients that only have access to the KnoxShell install to build a local trustore from the server they intend to use. It should be understood that this mechanism is less secure than getting the cert directly from the Knox CLI - as a MITM could present you with a certificate that will be trusted when doing this remotely.</p>
+<p>buildTrustStore <knox-gateway-url> - downloads the given gateway server’s public certificate and builds a trust store to be used by KnoxShell example: knoxshell.sh buildTrustStore <a href="https://localhost:8443/">https://localhost:8443/</a></p>
<h3><a id="Client+Token+Sessions">Client Token Sessions</a> <a href="#Client+Token+Sessions"><img src="markbook-section-link.png"/></a></h3>
<p>Building on the Quickstart above we will drill into some of the token session details here and walk through another sample.</p>
<p>Unlike the quickstart, token sessions require the server to be configured in specific ways to allow the use of token sessions/federation.</p>
Modified: knox/site/books/knox-1-4-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-4-0/deployment-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-4-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-4-0/deployment-provider.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-4-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-4-0/deployment-service.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-4-0/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-4-0/general_saml_flow.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-4-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-4-0/runtime-overview.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-4-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-4-0/runtime-request-processing.png?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/trunk/books/1.3.0/book_client-details.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/1.3.0/book_client-details.md?rev=1863759&r1=1863758&r2=1863759&view=diff
==============================================================================
--- knox/trunk/books/1.3.0/book_client-details.md (original)
+++ knox/trunk/books/1.3.0/book_client-details.md Thu Jul 25 19:06:44 2019
@@ -48,7 +48,8 @@ The following installation and setup ins
2. cd `{GATEWAY_CLIENT_HOME}`
3. Get/setup truststore for the target Knox instance or fronting load balancer
- - if you have access to the server you may use the command `knoxcli.sh export-cert --type JKS`
+ - As of 1.3.0 release you may use the KnoxShell command buildTrustStore to create the truststore. `
+ - if you have access to the server you may also use the command `knoxcli.sh export-cert --type JKS`
- copy the resulting `gateway-client-identity.jks` to your user home directory
4. Execute the an example script from the `{GATEWAY_CLIENT_HOME}/samples` directory - for instance:
- `bin/knoxshell.sh samples/ExampleWebHdfsLs.groovy`
@@ -91,6 +92,12 @@ Some things to note about this sample:
3. The Hadoop.login method establishes a login session of sorts which will need to be provided to the various API classes as an argument.
4. The response text is easily retrieved as a string and can be parsed by the JsonSlurper or whatever you like
+### Build Truststore for use with KnoxShell Client Applications ###
+The buildTrustStore command in KnoxShell allows remote clients that only have access to the KnoxShell install to build a local trustore from the server they intend to use. It should be understood that this mechanism is less secure than getting the cert directly from the Knox CLI - as a MITM could present you with a certificate that will be trusted when doing this remotely.
+
+ buildTrustStore <knox-gateway-url> - downloads the given gateway server's public certificate and builds a trust store to be used by KnoxShell
+ example: knoxshell.sh buildTrustStore https://localhost:8443/
+
### Client Token Sessions ###
Building on the Quickstart above we will drill into some of the token session details here and walk through another sample.