Author: lmccay Date: Mon Nov 7 15:55:35 2016 New Revision: 1768540 URL: http://svn.apache.org/viewvc?rev=1768540&view=rev Log: added knox shell truststore and export cert docs
Modified: knox/site/books/knox-0-10-0/user-guide.html knox/site/index.html knox/site/issue-tracking.html knox/site/license.html knox/site/mail-lists.html knox/site/project-info.html knox/site/team-list.html knox/trunk/books/0.10.0/book_client-details.md knox/trunk/books/0.10.0/knox_cli.md knox/trunk/build.xml Modified: knox/site/books/knox-0-10-0/user-guide.html URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-10-0/user-guide.html?rev=1768540&r1=1768539&r2=1768540&view=diff ============================================================================== --- knox/site/books/knox-0-10-0/user-guide.html (original) +++ knox/site/books/knox-0-10-0/user-guide.html Mon Nov 7 15:55:35 2016 @@ -808,7 +808,7 @@ keytool -keystore gateway.jks -storepass <td>name of the host to be used in the self-signed certificate. This allows multi-host deployments to specify the proper hostnames for hostname verification to succeed on the client side of the SSL connection. The default is ‘localhost’.</td> </tr> </tbody> -</table><h4><a id="Topology+Redeploy">Topology Redeploy</a> <a href="#Topology+Redeploy"><img src="markbook-section-link.png"/></a></h4><h5><a id="`bin/knoxcli.sh+redeploy+[--cluster+c]`"><code>bin/knoxcli.sh redeploy [--cluster c]</code></a> <a href="#`bin/knoxcli.sh+redeploy+[--cluster+c]`"><img src="markbook-section-link.png"/></a></h5><p>Redeploys one or all of the gateway’s clusters (a.k.a topologies).</p><h4><a id="Topology+Listing">Topology Listing</a> <a href="#Topology+Listing"><img src="markbook-section-link.png"/></a></h4><h5><a id="`bin/knoxcli.sh+list-topologies+[--help]`"><code>bin/knoxcli.sh list-topologies [--help]</code></a> <a href="#`bin/knoxcli.sh+list-topologies+[--help]`"><img src="markbook-section-link.png"/></a></h5><p>Lists all of the topologies found in Knox’s topologies directory. Useful for specifying a valid –cluster argument.</p><h4><a id="Topology+Validation">Topology Validation</a> <a href="#Topology+Validation"><img src="markbook-se ction-link.png"/></a></h4><h5><a id="`bin/knoxcli.sh+validate-topology+[--cluster+c]+[--path+path]+[--help]`"><code>bin/knoxcli.sh validate-topology [--cluster c] [--path path] [--help]</code></a> <a href="#`bin/knoxcli.sh+validate-topology+[--cluster+c]+[--path+path]+[--help]`"><img src="markbook-section-link.png"/></a></h5><p>This ensures that a cluster’s description (a.k. topology) follows the correct formatting rules. It is possible to specify a name of a cluster already in the topology directory, or a path to any file.</p> +</table><h4><a id="Certificate+Export">Certificate Export</a> <a href="#Certificate+Export"><img src="markbook-section-link.png"/></a></h4><h5><a id="`bin/knoxcli.sh+export-cert+[--type+JKS|PEM]+[--help]`"><code>bin/knoxcli.sh export-cert [--type JKS|PEM] [--help]</code></a> <a href="#`bin/knoxcli.sh+export-cert+[--type+JKS|PEM]+[--help]`"><img src="markbook-section-link.png"/></a></h5><p>Exports and stores the gateway-identity certificate as the type indicated or PEM by default. This is stored within the <code>{GATEWAY_HOME}/data/security/keystores/</code> directory as either gateway-identity.pem or gateway-client-trust.jks depending on the type specified. </p><h4><a id="Topology+Redeploy">Topology Redeploy</a> <a href="#Topology+Redeploy"><img src="markbook-section-link.png"/></a></h4><h5><a id="`bin/knoxcli.sh+redeploy+[--cluster+c]`"><code>bin/knoxcli.sh redeploy [--cluster c]</code></a> <a href="#`bin/knoxcli.sh+redeploy+[--cluster+c]`"><img src="markbook-section-link.png"/></a ></h5><p>Redeploys one or all of the gateway’s clusters (a.k.a >topologies).</p><h4><a id="Topology+Listing">Topology Listing</a> <a >href="#Topology+Listing"><img >src="markbook-section-link.png"/></a></h4><h5><a >id="`bin/knoxcli.sh+list-topologies+[--help]`"><code>bin/knoxcli.sh >list-topologies [--help]</code></a> <a >href="#`bin/knoxcli.sh+list-topologies+[--help]`"><img >src="markbook-section-link.png"/></a></h5><p>Lists all of the topologies >found in Knox’s topologies directory. Useful for specifying a valid >–cluster argument.</p><h4><a id="Topology+Validation">Topology >Validation</a> <a href="#Topology+Validation"><img >src="markbook-section-link.png"/></a></h4><h5><a >id="`bin/knoxcli.sh+validate-topology+[--cluster+c]+[--path+path]+[--help]`"><code>bin/knoxcli.sh > validate-topology [--cluster c] [--path path] [--help]</code></a> <a >href="#`bin/knoxcli.sh+validate-topology+[--cluster+c]+[--path+path]+[--help]`"><img > src="markbook-section-link.png"/></a></h5><p>This ensures that a cluster’s description (a.k. topology) follows the correct formatting rules. It is possible to specify a name of a cluster already in the topology directory, or a path to any file.</p> <table> <thead> <tr> @@ -2754,7 +2754,14 @@ APACHE_HOME/bin/apachectl -k stop <li>The Apache Knox Gateway is installed and functional.</li> <li>The example commands are executed within the context of the <code>GATEWAY_HOME</code> current directory. The <code>GATEWAY_HOME</code> directory is the directory within the Apache Knox Gateway installation that contains the README file and the bin, conf and deployments directories.</li> <li>A few examples require the use of commands from a standard Groovy installation. These examples are optional but to try them you will need Groovy <a href="http://groovy.codehaus.org/Installing+Groovy">installed</a>.</li> -</ul><h3><a id="Basics">Basics</a> <a href="#Basics"><img src="markbook-section-link.png"/></a></h3><p>The DSL requires a shell to interpret the Groovy script. The shell can either be used interactively or to execute a script file. To simplify use, the distribution contains an embedded version of the Groovy shell.</p><p>The shell can be run interactively. Use the command <code>exit</code> to exit.</p> +</ul><h3><a id="Basics">Basics</a> <a href="#Basics"><img src="markbook-section-link.png"/></a></h3><p>In order for secure connections to be made to the Knox gateway server over SSL, the user will need to trust the certificate presented by the gateway while connecting. The knoxcli command export-cert may be used to get access the gateway-identity cert. It can then be imported into cacerts on the client machine or put into a keystore that will be discovered in:</p> +<ul> + <li>the user’s home directory</li> + <li>in a directory specified in an environment variable: KNOX_CLIENT_TRUSTSTORE_DIR</li> + <li>in a directory specified with the above variable with the keystore filename specified in the variable: KNOX_CLIENT_TRUSTSTORE_FILENAME</li> + <li>default password “changeit” or password may be specified in environment variable: KNOX_CLIENT_TRUSTSTORE_PASS</li> + <li>or the JSSE system property: javax.net.ssl.trustStore can be used to specify its location</li> +</ul><p>The DSL requires a shell to interpret the Groovy script. The shell can either be used interactively or to execute a script file. To simplify use, the distribution contains an embedded version of the Groovy shell.</p><p>The shell can be run interactively. Use the command <code>exit</code> to exit.</p> <pre><code>java -jar bin/shell.jar </code></pre><p>When running interactively it may be helpful to reduce some of the output generated by the shell console. Use the following command in the interactive shell to reduce that output. This only needs to be done once as these preferences are persisted.</p> <pre><code>set verbosity QUIET Modified: knox/site/index.html URL: http://svn.apache.org/viewvc/knox/site/index.html?rev=1768540&r1=1768539&r2=1768540&view=diff ============================================================================== --- knox/site/index.html (original) +++ knox/site/index.html Mon Nov 7 15:55:35 2016 @@ -1,13 +1,13 @@ <!DOCTYPE html> <!-- - | Generated by Apache Maven Doxia at 2016-11-01 + | Generated by Apache Maven Doxia at 2016-11-07 | Rendered using Apache Maven Fluido Skin 1.3.0 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> - <meta name="Date-Revision-yyyymmdd" content="20161101" /> + <meta name="Date-Revision-yyyymmdd" content="20161107" /> <meta http-equiv="Content-Language" content="en" /> <title>Knox Gateway – REST API Gateway for the Apache Hadoop Ecosystem</title> <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" /> @@ -58,7 +58,7 @@ - <li id="publishDate" class="pull-right">Last Published: 2016-11-01</li> + <li id="publishDate" class="pull-right">Last Published: 2016-11-07</li> </ul> </div> Modified: knox/site/issue-tracking.html URL: http://svn.apache.org/viewvc/knox/site/issue-tracking.html?rev=1768540&r1=1768539&r2=1768540&view=diff ============================================================================== --- knox/site/issue-tracking.html (original) +++ knox/site/issue-tracking.html Mon Nov 7 15:55:35 2016 @@ -1,13 +1,13 @@ <!DOCTYPE html> <!-- - | Generated by Apache Maven Doxia at 2016-11-01 + | Generated by Apache Maven Doxia at 2016-11-07 | Rendered using Apache Maven Fluido Skin 1.3.0 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> - <meta name="Date-Revision-yyyymmdd" content="20161101" /> + <meta name="Date-Revision-yyyymmdd" content="20161107" /> <meta http-equiv="Content-Language" content="en" /> <title>Knox Gateway – Issue Tracking</title> <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" /> @@ -58,7 +58,7 @@ - <li id="publishDate" class="pull-right">Last Published: 2016-11-01</li> + <li id="publishDate" class="pull-right">Last Published: 2016-11-07</li> </ul> </div> Modified: knox/site/license.html URL: http://svn.apache.org/viewvc/knox/site/license.html?rev=1768540&r1=1768539&r2=1768540&view=diff ============================================================================== --- knox/site/license.html (original) +++ knox/site/license.html Mon Nov 7 15:55:35 2016 @@ -1,13 +1,13 @@ <!DOCTYPE html> <!-- - | Generated by Apache Maven Doxia at 2016-11-01 + | Generated by Apache Maven Doxia at 2016-11-07 | Rendered using Apache Maven Fluido Skin 1.3.0 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> - <meta name="Date-Revision-yyyymmdd" content="20161101" /> + <meta name="Date-Revision-yyyymmdd" content="20161107" /> <meta http-equiv="Content-Language" content="en" /> <title>Knox Gateway – Project License</title> <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" /> @@ -58,7 +58,7 @@ - <li id="publishDate" class="pull-right">Last Published: 2016-11-01</li> + <li id="publishDate" class="pull-right">Last Published: 2016-11-07</li> </ul> </div> Modified: knox/site/mail-lists.html URL: http://svn.apache.org/viewvc/knox/site/mail-lists.html?rev=1768540&r1=1768539&r2=1768540&view=diff ============================================================================== --- knox/site/mail-lists.html (original) +++ knox/site/mail-lists.html Mon Nov 7 15:55:35 2016 @@ -1,13 +1,13 @@ <!DOCTYPE html> <!-- - | Generated by Apache Maven Doxia at 2016-11-01 + | Generated by Apache Maven Doxia at 2016-11-07 | Rendered using Apache Maven Fluido Skin 1.3.0 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> - <meta name="Date-Revision-yyyymmdd" content="20161101" /> + <meta name="Date-Revision-yyyymmdd" content="20161107" /> <meta http-equiv="Content-Language" content="en" /> <title>Knox Gateway – Project Mailing Lists</title> <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" /> @@ -58,7 +58,7 @@ - <li id="publishDate" class="pull-right">Last Published: 2016-11-01</li> + <li id="publishDate" class="pull-right">Last Published: 2016-11-07</li> </ul> </div> Modified: knox/site/project-info.html URL: http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1768540&r1=1768539&r2=1768540&view=diff ============================================================================== --- knox/site/project-info.html (original) +++ knox/site/project-info.html Mon Nov 7 15:55:35 2016 @@ -1,13 +1,13 @@ <!DOCTYPE html> <!-- - | Generated by Apache Maven Doxia at 2016-11-01 + | Generated by Apache Maven Doxia at 2016-11-07 | Rendered using Apache Maven Fluido Skin 1.3.0 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> - <meta name="Date-Revision-yyyymmdd" content="20161101" /> + <meta name="Date-Revision-yyyymmdd" content="20161107" /> <meta http-equiv="Content-Language" content="en" /> <title>Knox Gateway – Project Information</title> <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" /> @@ -58,7 +58,7 @@ - <li id="publishDate" class="pull-right">Last Published: 2016-11-01</li> + <li id="publishDate" class="pull-right">Last Published: 2016-11-07</li> </ul> </div> Modified: knox/site/team-list.html URL: http://svn.apache.org/viewvc/knox/site/team-list.html?rev=1768540&r1=1768539&r2=1768540&view=diff ============================================================================== --- knox/site/team-list.html (original) +++ knox/site/team-list.html Mon Nov 7 15:55:35 2016 @@ -1,13 +1,13 @@ <!DOCTYPE html> <!-- - | Generated by Apache Maven Doxia at 2016-11-01 + | Generated by Apache Maven Doxia at 2016-11-07 | Rendered using Apache Maven Fluido Skin 1.3.0 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> - <meta name="Date-Revision-yyyymmdd" content="20161101" /> + <meta name="Date-Revision-yyyymmdd" content="20161107" /> <meta http-equiv="Content-Language" content="en" /> <title>Knox Gateway – Team list</title> <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" /> @@ -58,7 +58,7 @@ - <li id="publishDate" class="pull-right">Last Published: 2016-11-01</li> + <li id="publishDate" class="pull-right">Last Published: 2016-11-07</li> </ul> </div> Modified: knox/trunk/books/0.10.0/book_client-details.md URL: http://svn.apache.org/viewvc/knox/trunk/books/0.10.0/book_client-details.md?rev=1768540&r1=1768539&r2=1768540&view=diff ============================================================================== --- knox/trunk/books/0.10.0/book_client-details.md (original) +++ knox/trunk/books/0.10.0/book_client-details.md Mon Nov 7 15:55:35 2016 @@ -61,6 +61,17 @@ The `GATEWAY_HOME` directory is the dire ### Basics ### +In order for secure connections to be made to the Knox gateway server over SSL, the user will need to trust +the certificate presented by the gateway while connecting. The knoxcli command export-cert may be used to get +access the gateway-identity cert. It can then be imported into cacerts on the client machine or put into a +keystore that will be discovered in: + +* the user's home directory +* in a directory specified in an environment variable: KNOX_CLIENT_TRUSTSTORE_DIR +* in a directory specified with the above variable with the keystore filename specified in the variable: KNOX_CLIENT_TRUSTSTORE_FILENAME +* default password "changeit" or password may be specified in environment variable: KNOX_CLIENT_TRUSTSTORE_PASS +* or the JSSE system property: javax.net.ssl.trustStore can be used to specify its location + The DSL requires a shell to interpret the Groovy script. The shell can either be used interactively or to execute a script file. To simplify use, the distribution contains an embedded version of the Groovy shell. Modified: knox/trunk/books/0.10.0/knox_cli.md URL: http://svn.apache.org/viewvc/knox/trunk/books/0.10.0/knox_cli.md?rev=1768540&r1=1768539&r2=1768540&view=diff ============================================================================== --- knox/trunk/books/0.10.0/knox_cli.md (original) +++ knox/trunk/books/0.10.0/knox_cli.md Mon Nov 7 15:55:35 2016 @@ -74,6 +74,10 @@ argument | description ---------|----------- \-\-hostname|name of the host to be used in the self-signed certificate. This allows multi-host deployments to specify the proper hostnames for hostname verification to succeed on the client side of the SSL connection. The default is 'localhost'. +#### Certificate Export #### +##### `bin/knoxcli.sh export-cert [--type JKS|PEM] [--help]` ##### +Exports and stores the gateway-identity certificate as the type indicated or PEM by default. This is stored within the `{GATEWAY_HOME}/data/security/keystores/` directory as either gateway-identity.pem or gateway-client-trust.jks depending on the type specified. + #### Topology Redeploy #### ##### `bin/knoxcli.sh redeploy [--cluster c]` ##### Redeploys one or all of the gateway's clusters (a.k.a topologies). Modified: knox/trunk/build.xml URL: http://svn.apache.org/viewvc/knox/trunk/build.xml?rev=1768540&r1=1768539&r2=1768540&view=diff ============================================================================== --- knox/trunk/build.xml (original) +++ knox/trunk/build.xml Mon Nov 7 15:55:35 2016 @@ -241,10 +241,10 @@ <target name="review-book" depends="init" description="Open the default book in the default browser."> <exec executable="${browser.cmd}"> - <arg line="${book-0-9-1-dir}/user-guide.html" /> + <arg line="${book-0-10-0-dir}/user-guide.html" /> </exec> <exec executable="${browser.cmd}"> - <arg line="${book-0-9-1-dir}/dev-guide.html" /> + <arg line="${book-0-10-0-dir}/dev-guide.html" /> </exec> </target>