You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2014/01/29 20:33:40 UTC
svn commit: r1562557 -
/incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html
Author: lmccay
Date: Wed Jan 29 19:33:40 2014
New Revision: 1562557
URL: http://svn.apache.org/r1562557
Log:
fixed typo in knoxcli
Modified:
incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html
Modified: incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html?rev=1562557&r1=1562556&r2=1562557&view=diff
==============================================================================
--- incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html (original)
+++ incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html Wed Jan 29 19:33:40 2014
@@ -439,7 +439,7 @@ ip-10-39-107-209.ec2.internal
<li>All security related artifacts are protected with the master secret</li>
<li>Secrets used by the gateway itself are stored within the gateway credential store and are the same across all gateway instances in the cluster of gateways</li>
<li>Secrets used by providers within cluster topologies are stored in topology specific credential stores and are the same for the same topology across the cluster of gateway instances. However, they are specific to the topology - so secrets for one hadoop cluster are different from those of another. This allows for fail-over from one gateway instance to another even when encryption is being used while not allowing the compromise of one encryption key to expose the data for all clusters.</li>
-</ol><p>NOTE: the SSL certificate will need special consideration depending on the type of certificate. Wildcard certs may be able to be shared across all gateway instances in a cluster. When certs are dedicated to specific machines the gateway identity store will not be able to be blindly replicated as host name verification problems will ensue. Obviously, trust-stores will need to be taken into account as well.</p><h3><a id="Knox+CLI"></a>Knox CLI</h3><p>The Knox CLI is a command line utility for management of various aspects of the Knox deployment. It is primarily concerned with the management of the security artifacts for the gateway instance and each of the deployed topologies or hadoop clusters that are gated by the Knox Gateway instance.</p><p>The various security artifacts are also generated and populated automatically by the Knox Gateway runtime when they are not found at startup. The assumptions made in those cases are appropriate for a test or development gateway instance
and assume ‘localhost’ for hostname specific activities. For production deployments the use of the CLI may aid in managing some some prodution deployments.</p><p>The knoxcli.sh script is located in the {GATEWAY_HOME}/bin directory.</p><h4><a id="Help"></a>Help</h4><h5><a id="knoxcli.sh+[--help]"></a>knoxcli.sh [–help]</h5><p>prints help for all commands</p><h4><a id="Master+secret+persistence"></a>Master secret persistence</h4><h5><a id="knoxcli.sh+create-master+[--help]"></a>knoxcli.sh create-master [–help]</h5><p>Creates and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master</p><h4><a id="Alias+creation"></a>Alias creation</h4><h5><a id="knoxcli.sh+create-alias+n+[--cluster+c]+[--value+v]+[--generate]+[--help]"></a>knoxcli.sh create-alias n [–cluster c] [–value v] [–generate] [–help]</h5><p>Creates a password alias and stores it in a credential store within the {GATEWAY_HOME}/data/security/keyst
ores dir. </p>
+</ol><p>NOTE: the SSL certificate will need special consideration depending on the type of certificate. Wildcard certs may be able to be shared across all gateway instances in a cluster. When certs are dedicated to specific machines the gateway identity store will not be able to be blindly replicated as host name verification problems will ensue. Obviously, trust-stores will need to be taken into account as well.</p><h3><a id="Knox+CLI"></a>Knox CLI</h3><p>The Knox CLI is a command line utility for management of various aspects of the Knox deployment. It is primarily concerned with the management of the security artifacts for the gateway instance and each of the deployed topologies or hadoop clusters that are gated by the Knox Gateway instance.</p><p>The various security artifacts are also generated and populated automatically by the Knox Gateway runtime when they are not found at startup. The assumptions made in those cases are appropriate for a test or development gateway instance
and assume ‘localhost’ for hostname specific activities. For production deployments the use of the CLI may aid in managing some prodution deployments.</p><p>The knoxcli.sh script is located in the {GATEWAY_HOME}/bin directory.</p><h4><a id="Help"></a>Help</h4><h5><a id="knoxcli.sh+[--help]"></a>knoxcli.sh [–help]</h5><p>prints help for all commands</p><h4><a id="Master+secret+persistence"></a>Master secret persistence</h4><h5><a id="knoxcli.sh+create-master+[--help]"></a>knoxcli.sh create-master [–help]</h5><p>Creates and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master</p><h4><a id="Alias+creation"></a>Alias creation</h4><h5><a id="knoxcli.sh+create-alias+n+[--cluster+c]+[--value+v]+[--generate]+[--help]"></a>knoxcli.sh create-alias n [–cluster c] [–value v] [–generate] [–help]</h5><p>Creates a password alias and stores it in a credential store within the {GATEWAY_HOME}/data/security/keystores
dir. </p>
<table>
<thead>
<tr>