knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kmin...@apache.org
Subject svn commit: r1538701 - in /incubator/knox: site/ site/books/knox-incubating-0-3-0/ trunk/books/0.3.0/
Date Mon, 04 Nov 2013 18:20:54 GMT
Author: kminder
Date: Mon Nov  4 18:20:53 2013
New Revision: 1538701

URL: http://svn.apache.org/r1538701
Log:
Added details to RPM install.

Modified:
    incubator/knox/site/books/knox-incubating-0-3-0/knox-incubating-0-3-0.html
    incubator/knox/site/index.html
    incubator/knox/site/issue-tracking.html
    incubator/knox/site/license.html
    incubator/knox/site/mail-lists.html
    incubator/knox/site/project-info.html
    incubator/knox/site/team-list.html
    incubator/knox/trunk/books/0.3.0/quick_start.md

Modified: incubator/knox/site/books/knox-incubating-0-3-0/knox-incubating-0-3-0.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/books/knox-incubating-0-3-0/knox-incubating-0-3-0.html?rev=1538701&r1=1538700&r2=1538701&view=diff
==============================================================================
--- incubator/knox/site/books/knox-incubating-0-3-0/knox-incubating-0-3-0.html (original)
+++ incubator/knox/site/books/knox-incubating-0-3-0/knox-incubating-0-3-0.html Mon Nov  4
18:20:53 2013
@@ -87,7 +87,7 @@
 % gpg --verify knox-incubating-0.3.0.zip.asc
 </code></pre><h3><a id="4+-+Start+Hadoop+virtual+machine"></a>4
- Start Hadoop virtual machine</h3><p>Start the Hadoop virtual machine.</p><h3><a
id="5+-+Install+Knox"></a>5 - Install Knox</h3><p>The steps required
to install the gateway will vary depending upon which distribution format (zip | rpm) was
downloaded. In either case you will end up with a directory where the gateway is installed.
This directory will be referred to as your <code>{GATEWAY_HOME}</code> throughout
this document.</p><h4><a id="ZIP"></a>ZIP</h4><p>If you
downloaded the Zip distribution you can simply extract the contents into a directory. The
example below provides a command that can be executed to do this. Note the <code>{VERSION}</code>
portion of the command must be replaced with an actual Apache Knox Gateway version number.
This might be 0.3.0 for example and must patch the value in the file downloaded.</p>
 <pre><code>jar xf knox-incubating-{VERSION}.zip
-</code></pre><p>This will create a directory <code>knox-incubating-{VERSION}</code>
in your current directory. The directory <code>knox-incubating-{VERSION}</code>
will considered your <code>{GATEWAY_HOME}</code></p><h4><a id="RPM"></a>RPM</h4><p>If
you downloaded the RPM distribution you can install it using normal RPM package tools. It
is important that the user that will be running the gateway server is used to install. This
is because several directories are created that are owned by this user.</p>
+</code></pre><p>This will create a directory <code>knox-incubating-{VERSION}</code>
in your current directory. The directory <code>knox-incubating-{VERSION}</code>
will considered your <code>{GATEWAY_HOME}</code></p><h4><a id="RPM"></a>RPM</h4><p>If
you downloaded the RPM distribution you can install it using normal RPM package tools. It
is important that the user that will be running the gateway server is used to install. This
is because several directories are created that are owned by this user. These command will
install Knox to <code>/usr/lib/knox</code> following the pattern of other Hadoop
components. This directory will be considered your <code>{GATEWAY_HOME}</code>.</p>
 <pre><code>sudo yum localinstall knox-incubating-{VERSION}.rpm
 </code></pre><p>or</p>
 <pre><code>sudo rpm -ihv knox-incubating-{VERSION}.rpm
@@ -436,7 +436,7 @@ ip-10-39-107-209.ec2.internal
 <ol>
   <li>Authentication Providers</li>
   <li>Federation Providers</li>
-</ol><p>Authentication providers directly accept a user&rsquo;s credentials
and validates them against some particular user store. Federation providers, on the other
hand, validate a token that has been issued for the user by a trusted Identity Provider (IdP).</p><p>The
current release of Knox ships with an authentication provider based on the Apache Shiro project
and is initially configured for BASIC authentication against an LDAP store.</p><p>This
section will cover the general approach to leveraging Shiro within the bundled provider including:</p>
+</ol><p>Authentication providers directly accept a user&rsquo;s credentials
and validates them against some particular user store. Federation providers, on the other
hand, validate a token that has been issued for the user by a trusted Identity Provider (IdP).</p><p>The
current release of Knox ships with an authentication provider based on the Apache Shiro project
and is initially configured for BASIC authentication against an LDAP store. This has been
specifically tested against Apache Directory Server and Active Directory.</p><p>This
section will cover the general approach to leveraging Shiro within the bundled provider including:</p>
 <ol>
   <li>General mapping of provider config to shiro.ini config</li>
   <li>Specific configuration for the bundled BASIC/LDAP configuration</li>
@@ -487,7 +487,7 @@ ldapRealm.userDnTemplate=uid={0},ou=peop
             &lt;value&gt;authcBasic&lt;/value&gt;
         &lt;/param&gt;
     &lt;/provider&gt;
-</code></pre><p>This happens to be the way that we are currently configuring
Shiro for BASIC/LDAP authentication. This same config approach may be used to achieve other
authentication mechanisms or variations on this one. We however have not tested additional
uses for it for this release.</p><h4><a id="LDAP+Configuration"></a>LDAP
Configuration</h4><p>This section discusses the LDAP configuration used above
for the Shiro Provider. Some of these configuration elements will need to be customized to
reflect your deployment environment.</p><p><strong>main.ldapRealm</strong>
- this element indicates the fully qualified classname of the Shiro realm to be used in authenticating
the user. The classname provided by default in the sample is the <code>org.apache.shiro.realm.ldap.JndiLdapRealm</code>
this implementation provides us with the ability to authenticate but by default has authorization
disabled. In order to provide authorization - which is seen by Shiro as dependent on an LDAP
schema
  that is specific to each organization - an extension of JndiLdapRealm is generally used
to override and implement the doGetAuhtorizationInfo method. In this particular release we
are providing a simple authorization provider that can be used along with the Shiro authentication
provider.</p><p><strong>main.ldapRealm.userDnTemplate</strong> - in
order to bind a simple username to an LDAP server that generally requires a full distinguished
name (DN), we must provide the template into which the simple username will be inserted. This
template allows for the creation of a DN by injecting the simple username into the common
name (CN) portion of the DN. <strong>This element will need to be customized to reflect
your deployment environment.</strong> The template provided in the sample is only an
example and is valid only within the LDAP schema distributed with Knox and is represented
by the users.ldif file in the {GATEWAY_HOME}conf directory.</p><p><strong>main.ldapRealm.contextFactory.url<
 /strong> - this element is the URL that represents the host and port of LDAP server. It
also includes the scheme of the protocol to use. This may be either ldap or ldaps depending
on whether you are communicating with the LDAP over SSL (higly recommended). <strong>This
element will need to be cusomized to reflect your deployment environment.</strong>.</p><p><strong>main.ldapRealm.contextFactory.authenticationMechanism</strong>
- this element indicates the type of authentication that should be performed against the LDAP
server. The current default value is <code>simple</code> which indicates a simple
bind operation. This element should not need to be modified and no mechanism other than a
simple bind has been tested for this particular release.</p><p><strong>urls./</strong>**
- this element represents a single URL_Ant_Path_Expression and the value the Shiro filter
chain to apply to it. This particular sample indicates that all paths into the application
have the same Shiro filter cha
 in applied. The paths are relative to the application context path. The use of the value
<code>authcBasic</code> here indicates that BASIC authentication is expected for
every path into the application. Adding an additional Shiro filter to that chain for validating
that the request isSecure() and over SSL can be achieved by changing the value to <code>ssl,
authcBasic</code>. It is not likely that you need to change this element for your environment.</p><h4><a
id="LDAP+over+SSL+(LDAPS)+Configuration"></a>LDAP over SSL (LDAPS) Configuration</h4><p>In
order to communicate with your LDAP server over SSL (again, highly recommended), you will
need to modify the topology file in a couple ways and possibly provision some keying material.</p>
+</code></pre><p>This happens to be the way that we are currently configuring
Shiro for BASIC/LDAP authentication. This same config approach may be used to achieve other
authentication mechanisms or variations on this one. We however have not tested additional
uses for it for this release.</p><h4><a id="LDAP+Configuration"></a>LDAP
Configuration</h4><p>This section discusses the LDAP configuration used above
for the Shiro Provider. Some of these configuration elements will need to be customized to
reflect your deployment environment.</p><p><strong>main.ldapRealm</strong>
- this element indicates the fully qualified classname of the Shiro realm to be used in authenticating
the user. The classname provided by default in the sample is the <code>org.apache.shiro.realm.ldap.JndiLdapRealm</code>
this implementation provides us with the ability to authenticate but by default has authorization
disabled. In order to provide authorization - which is seen by Shiro as dependent on an LDAP
schema
  that is specific to each organization - an extension of JndiLdapRealm is generally used
to override and implement the doGetAuhtorizationInfo method. In this particular release we
are providing a simple authorization provider that can be used along with the Shiro authentication
provider.</p><p><strong>main.ldapRealm.userDnTemplate</strong> - in
order to bind a simple username to an LDAP server that generally requires a full distinguished
name (DN), we must provide the template into which the simple username will be inserted. This
template allows for the creation of a DN by injecting the simple username into the common
name (CN) portion of the DN. <strong>This element will need to be customized to reflect
your deployment environment.</strong> The template provided in the sample is only an
example and is valid only within the LDAP schema distributed with Knox and is represented
by the users.ldif file in the {GATEWAY_HOME}conf directory.</p><p><strong>main.ldapRealm.contextFactory.url<
 /strong> - this element is the URL that represents the host and port of LDAP server. It
also includes the scheme of the protocol to use. This may be either ldap or ldaps depending
on whether you are communicating with the LDAP over SSL (higly recommended). <strong>This
element will need to be cusomized to reflect your deployment environment.</strong>.</p><p><strong>main.ldapRealm.contextFactory.authenticationMechanism</strong>
- this element indicates the type of authentication that should be performed against the LDAP
server. The current default value is <code>simple</code> which indicates a simple
bind operation. This element should not need to be modified and no mechanism other than a
simple bind has been tested for this particular release.</p><p><strong>urls./</strong>**
- this element represents a single URL_Ant_Path_Expression and the value the Shiro filter
chain to apply to it. This particular sample indicates that all paths into the application
have the same Shiro filter cha
 in applied. The paths are relative to the application context path. The use of the value
<code>authcBasic</code> here indicates that BASIC authentication is expected for
every path into the application. Adding an additional Shiro filter to that chain for validating
that the request isSecure() and over SSL can be achieved by changing the value to <code>ssl,
authcBasic</code>. It is not likely that you need to change this element for your environment.</p><h4><a
id="Active+Directory+-+Special+Note"></a>Active Directory - Special Note</h4><p>You
would use LDAP configuration as documented above to authenticate against Active Directory
as well.</p><p>Some Active Directory specifc things to keep in mind:</p><p>Typical
AD main.ldapRealm.userDnTemplate value looks slightly different, such as  cn={0},cn=users,DC=lab,DC=sample,dc=com</p><p>Please
compare this with a typical Apache DS main.ldapRealm.userDnTemplate value and make note of
the difference.  uid={0},ou=people,dc=hadoop,dc=apache,dc=
 org</p><p>If your AD is configured to authenticate based on just the cn and password
and does not require user DN, you do not have to specify value for main.ldapRealm.userDnTemplate.</p><h4><a
id="LDAP+over+SSL+(LDAPS)+Configuration"></a>LDAP over SSL (LDAPS) Configuration</h4><p>In
order to communicate with your LDAP server over SSL (again, highly recommended), you will
need to modify the topology file in a couple ways and possibly provision some keying material.</p>
 <ol>
   <li><strong>main.ldapRealm.contextFactory.url</strong> must be changed
to have the <code>ldaps</code> protocol scheme and the port must be the SSL listener
port on your LDAP server.</li>
   <li>Identity certificate (keypair) provisioned to LDAP server - your LDAP server
specific documentation should indicate what is requried for providing a cert or keypair to
represent the LDAP server identity to connecting clients.</li>

Modified: incubator/knox/site/index.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/index.html?rev=1538701&r1=1538700&r2=1538701&view=diff
==============================================================================
--- incubator/knox/site/index.html (original)
+++ incubator/knox/site/index.html Mon Nov  4 18:20:53 2013
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Oct 31, 2013 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 4, 2013 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20131031" />
+    <meta name="Date-Revision-yyyymmdd" content="20131104" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2013-10-31</span>
+                &nbsp;| <span id="publishDate">Last Published: 2013-11-04</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: incubator/knox/site/issue-tracking.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/issue-tracking.html?rev=1538701&r1=1538700&r2=1538701&view=diff
==============================================================================
--- incubator/knox/site/issue-tracking.html (original)
+++ incubator/knox/site/issue-tracking.html Mon Nov  4 18:20:53 2013
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Oct 31, 2013 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 4, 2013 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20131031" />
+    <meta name="Date-Revision-yyyymmdd" content="20131104" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2013-10-31</span>
+                &nbsp;| <span id="publishDate">Last Published: 2013-11-04</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: incubator/knox/site/license.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/license.html?rev=1538701&r1=1538700&r2=1538701&view=diff
==============================================================================
--- incubator/knox/site/license.html (original)
+++ incubator/knox/site/license.html Mon Nov  4 18:20:53 2013
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Oct 31, 2013 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 4, 2013 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20131031" />
+    <meta name="Date-Revision-yyyymmdd" content="20131104" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2013-10-31</span>
+                &nbsp;| <span id="publishDate">Last Published: 2013-11-04</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: incubator/knox/site/mail-lists.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/mail-lists.html?rev=1538701&r1=1538700&r2=1538701&view=diff
==============================================================================
--- incubator/knox/site/mail-lists.html (original)
+++ incubator/knox/site/mail-lists.html Mon Nov  4 18:20:53 2013
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Oct 31, 2013 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 4, 2013 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20131031" />
+    <meta name="Date-Revision-yyyymmdd" content="20131104" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2013-10-31</span>
+                &nbsp;| <span id="publishDate">Last Published: 2013-11-04</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: incubator/knox/site/project-info.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/project-info.html?rev=1538701&r1=1538700&r2=1538701&view=diff
==============================================================================
--- incubator/knox/site/project-info.html (original)
+++ incubator/knox/site/project-info.html Mon Nov  4 18:20:53 2013
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Oct 31, 2013 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 4, 2013 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20131031" />
+    <meta name="Date-Revision-yyyymmdd" content="20131104" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2013-10-31</span>
+                &nbsp;| <span id="publishDate">Last Published: 2013-11-04</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: incubator/knox/site/team-list.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/team-list.html?rev=1538701&r1=1538700&r2=1538701&view=diff
==============================================================================
--- incubator/knox/site/team-list.html (original)
+++ incubator/knox/site/team-list.html Mon Nov  4 18:20:53 2013
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Oct 31, 2013 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 4, 2013 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20131031" />
+    <meta name="Date-Revision-yyyymmdd" content="20131104" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2013-10-31</span>
+                &nbsp;| <span id="publishDate">Last Published: 2013-11-04</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: incubator/knox/trunk/books/0.3.0/quick_start.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/books/0.3.0/quick_start.md?rev=1538701&r1=1538700&r2=1538701&view=diff
==============================================================================
--- incubator/knox/trunk/books/0.3.0/quick_start.md (original)
+++ incubator/knox/trunk/books/0.3.0/quick_start.md Mon Nov  4 18:20:53 2013
@@ -125,6 +125,8 @@ The directory `knox-incubating-{VERSION}
 If you downloaded the RPM distribution you can install it using normal RPM package tools.
 It is important that the user that will be running the gateway server is used to install.
 This is because several directories are created that are owned by this user.
+These command will install Knox to `/usr/lib/knox` following the pattern of other Hadoop
components.
+This directory will be considered your `{GATEWAY_HOME}`.
 
     sudo yum localinstall knox-incubating-{VERSION}.rpm
 



Mime
View raw message