knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject svn commit: r1562557 - /incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html
Date Wed, 29 Jan 2014 19:33:40 GMT
Author: lmccay
Date: Wed Jan 29 19:33:40 2014
New Revision: 1562557

URL: http://svn.apache.org/r1562557
Log:
fixed typo in knoxcli

Modified:
    incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html

Modified: incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html?rev=1562557&r1=1562556&r2=1562557&view=diff
==============================================================================
--- incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html (original)
+++ incubator/knox/site/books/knox-incubating-0-4-0/knox-incubating-0-4-0.html Wed Jan 29
19:33:40 2014
@@ -439,7 +439,7 @@ ip-10-39-107-209.ec2.internal
   <li>All security related artifacts are protected with the master secret</li>
   <li>Secrets used by the gateway itself are stored within the gateway credential store
and are the same across all gateway instances in the cluster of gateways</li>
   <li>Secrets used by providers within cluster topologies are stored in topology specific
credential stores and are the same for the same topology across the cluster of gateway instances.
 However, they are specific to the topology - so secrets for one hadoop cluster are different
from those of another.  This allows for fail-over from one gateway instance to another even
when encryption is being used while not allowing the compromise of one encryption key to expose
the data for all clusters.</li>
-</ol><p>NOTE: the SSL certificate will need special consideration depending on
the type of certificate. Wildcard certs may be able to be shared across all gateway instances
in a cluster. When certs are dedicated to specific machines the gateway identity store will
not be able to be blindly replicated as host name verification problems will ensue. Obviously,
trust-stores will need to be taken into account as well.</p><h3><a id="Knox+CLI"></a>Knox
CLI</h3><p>The Knox CLI is a command line utility for management of various aspects
of the Knox deployment. It is primarily concerned with the management of the security artifacts
for the gateway instance and each of the deployed topologies or hadoop clusters that are gated
by the Knox Gateway instance.</p><p>The various security artifacts are also generated
and populated automatically by the Knox Gateway runtime when they are not found at startup.
The assumptions made in those cases are appropriate for a test or development gateway instance
  and assume &lsquo;localhost&rsquo; for hostname specific activities. For production
deployments the use of the CLI may aid in managing some some prodution deployments.</p><p>The
knoxcli.sh script is located in the {GATEWAY_HOME}/bin directory.</p><h4><a
id="Help"></a>Help</h4><h5><a id="knoxcli.sh+[--help]"></a>knoxcli.sh
[&ndash;help]</h5><p>prints help for all commands</p><h4><a
id="Master+secret+persistence"></a>Master secret persistence</h4><h5><a
id="knoxcli.sh+create-master+[--help]"></a>knoxcli.sh create-master [&ndash;help]</h5><p>Creates
and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master</p><h4><a
id="Alias+creation"></a>Alias creation</h4><h5><a id="knoxcli.sh+create-alias+n+[--cluster+c]+[--value+v]+[--generate]+[--help]"></a>knoxcli.sh
create-alias n [&ndash;cluster c] [&ndash;value v] [&ndash;generate] [&ndash;help]</h5><p>Creates
a password alias and stores it in a credential store within the {GATEWAY_HOME}/data/security/keyst
 ores dir. </p>
+</ol><p>NOTE: the SSL certificate will need special consideration depending on
the type of certificate. Wildcard certs may be able to be shared across all gateway instances
in a cluster. When certs are dedicated to specific machines the gateway identity store will
not be able to be blindly replicated as host name verification problems will ensue. Obviously,
trust-stores will need to be taken into account as well.</p><h3><a id="Knox+CLI"></a>Knox
CLI</h3><p>The Knox CLI is a command line utility for management of various aspects
of the Knox deployment. It is primarily concerned with the management of the security artifacts
for the gateway instance and each of the deployed topologies or hadoop clusters that are gated
by the Knox Gateway instance.</p><p>The various security artifacts are also generated
and populated automatically by the Knox Gateway runtime when they are not found at startup.
The assumptions made in those cases are appropriate for a test or development gateway instance
  and assume &lsquo;localhost&rsquo; for hostname specific activities. For production
deployments the use of the CLI may aid in managing some prodution deployments.</p><p>The
knoxcli.sh script is located in the {GATEWAY_HOME}/bin directory.</p><h4><a
id="Help"></a>Help</h4><h5><a id="knoxcli.sh+[--help]"></a>knoxcli.sh
[&ndash;help]</h5><p>prints help for all commands</p><h4><a
id="Master+secret+persistence"></a>Master secret persistence</h4><h5><a
id="knoxcli.sh+create-master+[--help]"></a>knoxcli.sh create-master [&ndash;help]</h5><p>Creates
and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master</p><h4><a
id="Alias+creation"></a>Alias creation</h4><h5><a id="knoxcli.sh+create-alias+n+[--cluster+c]+[--value+v]+[--generate]+[--help]"></a>knoxcli.sh
create-alias n [&ndash;cluster c] [&ndash;value v] [&ndash;generate] [&ndash;help]</h5><p>Creates
a password alias and stores it in a credential store within the {GATEWAY_HOME}/data/security/keystores

 dir. </p>
 <table>
   <thead>
     <tr>



Mime
View raw message