You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2014/02/18 22:40:19 UTC
svn commit: r1569534 - in /incubator/knox:
site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html site/index.html
site/issue-tracking.html site/license.html site/mail-lists.html
site/project-info.html site/team-list.html trunk/books/0.4.0/knox_cli.md
Author: lmccay
Date: Tue Feb 18 21:40:18 2014
New Revision: 1569534
URL: http://svn.apache.org/r1569534
Log:
fixed knox_cli table rendering for create_alias
Modified:
incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html
incubator/knox/site/index.html
incubator/knox/site/issue-tracking.html
incubator/knox/site/license.html
incubator/knox/site/mail-lists.html
incubator/knox/site/project-info.html
incubator/knox/site/team-list.html
incubator/knox/trunk/books/0.4.0/knox_cli.md
Modified: incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html?rev=1569534&r1=1569533&r2=1569534&view=diff
==============================================================================
--- incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html (original)
+++ incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html Tue Feb 18 21:40:18 2014
@@ -439,7 +439,7 @@ ip-10-39-107-209.ec2.internal
<li>All security related artifacts are protected with the master secret</li>
<li>Secrets used by the gateway itself are stored within the gateway credential store and are the same across all gateway instances in the cluster of gateways</li>
<li>Secrets used by providers within cluster topologies are stored in topology specific credential stores and are the same for the same topology across the cluster of gateway instances. However, they are specific to the topology - so secrets for one hadoop cluster are different from those of another. This allows for fail-over from one gateway instance to another even when encryption is being used while not allowing the compromise of one encryption key to expose the data for all clusters.</li>
-</ol><p>NOTE: the SSL certificate will need special consideration depending on the type of certificate. Wildcard certs may be able to be shared across all gateway instances in a cluster. When certs are dedicated to specific machines the gateway identity store will not be able to be blindly replicated as host name verification problems will ensue. Obviously, trust-stores will need to be taken into account as well.</p><h3><a id="Knox+CLI"></a>Knox CLI</h3><p>The Knox CLI is a command line utility for management of various aspects of the Knox deployment. It is primarily concerned with the management of the security artifacts for the gateway instance and each of the deployed topologies or hadoop clusters that are gated by the Knox Gateway instance.</p><p>The various security artifacts are also generated and populated automatically by the Knox Gateway runtime when they are not found at startup. The assumptions made in those cases are appropriate for a test or development gateway instance
and assume ‘localhost’ for hostname specific activities. For production deployments the use of the CLI may aid in managing some production deployments.</p><p>The knoxcli.sh script is located in the {GATEWAY_HOME}/bin directory.</p><h4><a id="Help"></a>Help</h4><h5><a id="knoxcli.sh+[--help]"></a>knoxcli.sh [–help]</h5><p>prints help for all commands</p><h4><a id="Master+secret+persistence"></a>Master secret persistence</h4><h5><a id="knoxcli.sh+create-master+[--help]"></a>knoxcli.sh create-master [–help]</h5><p>Creates and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master</p><h4><a id="Alias+creation"></a>Alias creation</h4><h5><a id="knoxcli.sh+create-alias+n+[--cluster+c]+[--value+v]+[--generate]+[--help]"></a>knoxcli.sh create-alias n [–cluster c] [–value v] [–generate] [–help]</h5><p>Creates a password alias and stores it in a credential store within the {GATEWAY_HOME}/data/security/keystores
dir. </p>
+</ol><p>NOTE: the SSL certificate will need special consideration depending on the type of certificate. Wildcard certs may be able to be shared across all gateway instances in a cluster. When certs are dedicated to specific machines the gateway identity store will not be able to be blindly replicated as host name verification problems will ensue. Obviously, trust-stores will need to be taken into account as well.</p><h3><a id="Knox+CLI"></a>Knox CLI</h3><p>The Knox CLI is a command line utility for management of various aspects of the Knox deployment. It is primarily concerned with the management of the security artifacts for the gateway instance and each of the deployed topologies or hadoop clusters that are gated by the Knox Gateway instance.</p><p>The various security artifacts are also generated and populated automatically by the Knox Gateway runtime when they are not found at startup. The assumptions made in those cases are appropriate for a test or development gateway instance
and assume ‘localhost’ for hostname specific activities. For production deployments the use of the CLI may aid in managing some production deployments.</p><p>The knoxcli.sh script is located in the {GATEWAY_HOME}/bin directory.</p><h4><a id="Help"></a>Help</h4><h5><a id="knoxcli.sh+[--help]"></a>knoxcli.sh [–help]</h5><p>prints help for all commands</p><h4><a id="Master+secret+persistence"></a>Master secret persistence</h4><h5><a id="knoxcli.sh+create-master+[--help]"></a>knoxcli.sh create-master [–help]</h5><p>Creates and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master. </p><p>NOTE: This command fails when there is an existing master file in the expected location.</p><h4><a id="Alias+creation"></a>Alias creation</h4><h5><a id="knoxcli.sh+create-alias+n+[--cluster+c]+[--value+v]+[--generate]+[--help]"></a>knoxcli.sh create-alias n [–cluster c] [–value v] [–generate] [–help]</h5><p>Creates a pas
sword alias and stores it in a credential store within the {GATEWAY_HOME}/data/security/keystores dir. </p>
<table>
<thead>
<tr>
@@ -454,7 +454,15 @@ ip-10-39-107-209.ec2.internal
</tr>
<tr>
<td>–cluster</td>
- <td>name of Hadoop cluster for the cluster specific credential store otherwise assumes __gateway –value|parameter for specifying the actual password otherwise prompted<br/> –generate|boolean flag to indicate whether the tool should just generate the value. This assumes that –value is not set - will result in error otherwise. User will not be prompted for the value when –generate is set. </td>
+ <td>name of Hadoop cluster for the cluster specific credential store otherwise assumes that it is for the gateway itself</td>
+ </tr>
+ <tr>
+ <td>–value</td>
+ <td>parameter for specifying the actual password otherwise prompted<br/></td>
+ </tr>
+ <tr>
+ <td>–generate</td>
+ <td>boolean flag to indicate whether the tool should just generate the value. This assumes that –value is not set - will result in error otherwise. User will not be prompted for the value when –generate is set.</td>
</tr>
</tbody>
</table><h4><a id="Alias+deletion"></a>Alias deletion</h4><h5><a id="knoxcli.sh+delete-alias+n+[--cluster+c]+[--help]"></a>knoxcli.sh delete-alias n [–cluster c] [–help]</h5><p>Deletes a password and alias mapping from a credential store within {GATEWAY_HOME}/data/security/keystores. </p>
Modified: incubator/knox/site/index.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/index.html?rev=1569534&r1=1569533&r2=1569534&view=diff
==============================================================================
--- incubator/knox/site/index.html (original)
+++ incubator/knox/site/index.html Tue Feb 18 21:40:18 2014
@@ -1,5 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Jan 29, 2014 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Feb 18, 2014 -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
@import url("./css/site.css");
</style>
<link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
- <meta name="Date-Revision-yyyymmdd" content="20140129" />
+ <meta name="Date-Revision-yyyymmdd" content="20140218" />
<meta http-equiv="Content-Language" content="en" />
<script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
<a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a>
- | <span id="publishDate">Last Published: 2014-01-29</span>
+ | <span id="publishDate">Last Published: 2014-02-18</span>
| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
</div>
<div class="clear">
Modified: incubator/knox/site/issue-tracking.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/issue-tracking.html?rev=1569534&r1=1569533&r2=1569534&view=diff
==============================================================================
--- incubator/knox/site/issue-tracking.html (original)
+++ incubator/knox/site/issue-tracking.html Tue Feb 18 21:40:18 2014
@@ -1,5 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Jan 29, 2014 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Feb 18, 2014 -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
@import url("./css/site.css");
</style>
<link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
- <meta name="Date-Revision-yyyymmdd" content="20140129" />
+ <meta name="Date-Revision-yyyymmdd" content="20140218" />
<meta http-equiv="Content-Language" content="en" />
<script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
<a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a>
- | <span id="publishDate">Last Published: 2014-01-29</span>
+ | <span id="publishDate">Last Published: 2014-02-18</span>
| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
</div>
<div class="clear">
Modified: incubator/knox/site/license.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/license.html?rev=1569534&r1=1569533&r2=1569534&view=diff
==============================================================================
--- incubator/knox/site/license.html (original)
+++ incubator/knox/site/license.html Tue Feb 18 21:40:18 2014
@@ -1,5 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Jan 29, 2014 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Feb 18, 2014 -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
@import url("./css/site.css");
</style>
<link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
- <meta name="Date-Revision-yyyymmdd" content="20140129" />
+ <meta name="Date-Revision-yyyymmdd" content="20140218" />
<meta http-equiv="Content-Language" content="en" />
<script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
<a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a>
- | <span id="publishDate">Last Published: 2014-01-29</span>
+ | <span id="publishDate">Last Published: 2014-02-18</span>
| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
</div>
<div class="clear">
Modified: incubator/knox/site/mail-lists.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/mail-lists.html?rev=1569534&r1=1569533&r2=1569534&view=diff
==============================================================================
--- incubator/knox/site/mail-lists.html (original)
+++ incubator/knox/site/mail-lists.html Tue Feb 18 21:40:18 2014
@@ -1,5 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Jan 29, 2014 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Feb 18, 2014 -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
@import url("./css/site.css");
</style>
<link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
- <meta name="Date-Revision-yyyymmdd" content="20140129" />
+ <meta name="Date-Revision-yyyymmdd" content="20140218" />
<meta http-equiv="Content-Language" content="en" />
<script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
<a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a>
- | <span id="publishDate">Last Published: 2014-01-29</span>
+ | <span id="publishDate">Last Published: 2014-02-18</span>
| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
</div>
<div class="clear">
Modified: incubator/knox/site/project-info.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/project-info.html?rev=1569534&r1=1569533&r2=1569534&view=diff
==============================================================================
--- incubator/knox/site/project-info.html (original)
+++ incubator/knox/site/project-info.html Tue Feb 18 21:40:18 2014
@@ -1,5 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Jan 29, 2014 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Feb 18, 2014 -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
@import url("./css/site.css");
</style>
<link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
- <meta name="Date-Revision-yyyymmdd" content="20140129" />
+ <meta name="Date-Revision-yyyymmdd" content="20140218" />
<meta http-equiv="Content-Language" content="en" />
<script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
<a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a>
- | <span id="publishDate">Last Published: 2014-01-29</span>
+ | <span id="publishDate">Last Published: 2014-02-18</span>
| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
</div>
<div class="clear">
Modified: incubator/knox/site/team-list.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/team-list.html?rev=1569534&r1=1569533&r2=1569534&view=diff
==============================================================================
--- incubator/knox/site/team-list.html (original)
+++ incubator/knox/site/team-list.html Tue Feb 18 21:40:18 2014
@@ -1,5 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Jan 29, 2014 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Feb 18, 2014 -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
@import url("./css/site.css");
</style>
<link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
- <meta name="Date-Revision-yyyymmdd" content="20140129" />
+ <meta name="Date-Revision-yyyymmdd" content="20140218" />
<meta http-equiv="Content-Language" content="en" />
<script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
<a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a>
- | <span id="publishDate">Last Published: 2014-01-29</span>
+ | <span id="publishDate">Last Published: 2014-02-18</span>
| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
</div>
<div class="clear">
Modified: incubator/knox/trunk/books/0.4.0/knox_cli.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/books/0.4.0/knox_cli.md?rev=1569534&r1=1569533&r2=1569534&view=diff
==============================================================================
--- incubator/knox/trunk/books/0.4.0/knox_cli.md (original)
+++ incubator/knox/trunk/books/0.4.0/knox_cli.md Tue Feb 18 21:40:18 2014
@@ -28,7 +28,9 @@ prints help for all commands
#### Master secret persistence ####
##### knoxcli.sh create-master [--help] #####
-Creates and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master
+Creates and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master.
+
+NOTE: This command fails when there is an existing master file in the expected location.
#### Alias creation ####
##### knoxcli.sh create-alias n [--cluster c] [--value v] [--generate] [--help] #####
@@ -37,7 +39,7 @@ Creates a password alias and stores it i
argument | description
---------|-----------
--name|name of the alias to create
---cluster|name of Hadoop cluster for the cluster specific credential store otherwise assumes __gateway
+--cluster|name of Hadoop cluster for the cluster specific credential store otherwise assumes that it is for the gateway itself
--value|parameter for specifying the actual password otherwise prompted<br/>
--generate|boolean flag to indicate whether the tool should just generate the value. This assumes that --value is not set - will result in error otherwise. User will not be prompted for the value when --generate is set.