Author: lmccay
Date: Mon Nov 7 15:55:35 2016
New Revision: 1768540
URL: http://svn.apache.org/viewvc?rev=1768540&view=rev
Log:
added knox shell truststore and export cert docs
Modified:
knox/site/books/knox-0-10-0/user-guide.html
knox/site/index.html
knox/site/issue-tracking.html
knox/site/license.html
knox/site/mail-lists.html
knox/site/project-info.html
knox/site/team-list.html
knox/trunk/books/0.10.0/book_client-details.md
knox/trunk/books/0.10.0/knox_cli.md
knox/trunk/build.xml
Modified: knox/site/books/knox-0-10-0/user-guide.html
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-0-10-0/user-guide.html?rev=1768540&r1=1768539&r2=1768540&view=diff
==============================================================================
--- knox/site/books/knox-0-10-0/user-guide.html (original)
+++ knox/site/books/knox-0-10-0/user-guide.html Mon Nov 7 15:55:35 2016
@@ -808,7 +808,7 @@ keytool -keystore gateway.jks -storepass
<td>name of the host to be used in the self-signed certificate. This
allows multi-host deployments to specify the proper hostnames for hostname
verification to succeed on the client side of the SSL connection. The default
is ‘localhost’.</td>
</tr>
</tbody>
-</table><h4><a id="Topology+Redeploy">Topology Redeploy</a> <a
href="#Topology+Redeploy"><img src="markbook-section-link.png"/></a></h4><h5><a
id="`bin/knoxcli.sh+redeploy+[--cluster+c]`"><code>bin/knoxcli.sh redeploy
[--cluster c]</code></a> <a
href="#`bin/knoxcli.sh+redeploy+[--cluster+c]`"><img
src="markbook-section-link.png"/></a></h5><p>Redeploys one or all of the
gateway’s clusters (a.k.a topologies).</p><h4><a
id="Topology+Listing">Topology Listing</a> <a href="#Topology+Listing"><img
src="markbook-section-link.png"/></a></h4><h5><a
id="`bin/knoxcli.sh+list-topologies+[--help]`"><code>bin/knoxcli.sh
list-topologies [--help]</code></a> <a
href="#`bin/knoxcli.sh+list-topologies+[--help]`"><img
src="markbook-section-link.png"/></a></h5><p>Lists all of the topologies found
in Knox’s topologies directory. Useful for specifying a valid
–cluster argument.</p><h4><a id="Topology+Validation">Topology
Validation</a> <a href="#Topology+Validation"><img src="markbook-se
ction-link.png"/></a></h4><h5><a
id="`bin/knoxcli.sh+validate-topology+[--cluster+c]+[--path+path]+[--help]`"><code>bin/knoxcli.sh
validate-topology [--cluster c] [--path path] [--help]</code></a> <a
href="#`bin/knoxcli.sh+validate-topology+[--cluster+c]+[--path+path]+[--help]`"><img
src="markbook-section-link.png"/></a></h5><p>This ensures that a
cluster’s description (a.k. topology) follows the correct formatting
rules. It is possible to specify a name of a cluster already in the topology
directory, or a path to any file.</p>
+</table><h4><a id="Certificate+Export">Certificate Export</a> <a
href="#Certificate+Export"><img
src="markbook-section-link.png"/></a></h4><h5><a
id="`bin/knoxcli.sh+export-cert+[--type+JKS|PEM]+[--help]`"><code>bin/knoxcli.sh
export-cert [--type JKS|PEM] [--help]</code></a> <a
href="#`bin/knoxcli.sh+export-cert+[--type+JKS|PEM]+[--help]`"><img
src="markbook-section-link.png"/></a></h5><p>Exports and stores the
gateway-identity certificate as the type indicated or PEM by default. This is
stored within the <code>{GATEWAY_HOME}/data/security/keystores/</code>
directory as either gateway-identity.pem or gateway-client-trust.jks depending
on the type specified. </p><h4><a id="Topology+Redeploy">Topology Redeploy</a>
<a href="#Topology+Redeploy"><img
src="markbook-section-link.png"/></a></h4><h5><a
id="`bin/knoxcli.sh+redeploy+[--cluster+c]`"><code>bin/knoxcli.sh redeploy
[--cluster c]</code></a> <a
href="#`bin/knoxcli.sh+redeploy+[--cluster+c]`"><img
src="markbook-section-link.png"/></a
></h5><p>Redeploys one or all of the gateway’s clusters (a.k.a
>topologies).</p><h4><a id="Topology+Listing">Topology Listing</a> <a
>href="#Topology+Listing"><img
>src="markbook-section-link.png"/></a></h4><h5><a
>id="`bin/knoxcli.sh+list-topologies+[--help]`"><code>bin/knoxcli.sh
>list-topologies [--help]</code></a> <a
>href="#`bin/knoxcli.sh+list-topologies+[--help]`"><img
>src="markbook-section-link.png"/></a></h5><p>Lists all of the topologies
>found in Knox’s topologies directory. Useful for specifying a valid
>–cluster argument.</p><h4><a id="Topology+Validation">Topology
>Validation</a> <a href="#Topology+Validation"><img
>src="markbook-section-link.png"/></a></h4><h5><a
>id="`bin/knoxcli.sh+validate-topology+[--cluster+c]+[--path+path]+[--help]`"><code>bin/knoxcli.sh
> validate-topology [--cluster c] [--path path] [--help]</code></a> <a
>href="#`bin/knoxcli.sh+validate-topology+[--cluster+c]+[--path+path]+[--help]`"><img
> src="markbook-section-link.png"/></a></h5><p>This
ensures that a cluster’s description (a.k. topology) follows the correct
formatting rules. It is possible to specify a name of a cluster already in the
topology directory, or a path to any file.</p>
<table>
<thead>
<tr>
@@ -2754,7 +2754,14 @@ APACHE_HOME/bin/apachectl -k stop
<li>The Apache Knox Gateway is installed and functional.</li>
<li>The example commands are executed within the context of the
<code>GATEWAY_HOME</code> current directory. The <code>GATEWAY_HOME</code>
directory is the directory within the Apache Knox Gateway installation that
contains the README file and the bin, conf and deployments directories.</li>
<li>A few examples require the use of commands from a standard Groovy
installation. These examples are optional but to try them you will need Groovy
<a href="http://groovy.codehaus.org/Installing+Groovy";>installed</a>.</li>
-</ul><h3><a id="Basics">Basics</a> <a href="#Basics"><img
src="markbook-section-link.png"/></a></h3><p>The DSL requires a shell to
interpret the Groovy script. The shell can either be used interactively or to
execute a script file. To simplify use, the distribution contains an embedded
version of the Groovy shell.</p><p>The shell can be run interactively. Use the
command <code>exit</code> to exit.</p>
+</ul><h3><a id="Basics">Basics</a> <a href="#Basics"><img
src="markbook-section-link.png"/></a></h3><p>In order for secure connections to
be made to the Knox gateway server over SSL, the user will need to trust the
certificate presented by the gateway while connecting. The knoxcli command
export-cert may be used to get access the gateway-identity cert. It can then be
imported into cacerts on the client machine or put into a keystore that will be
discovered in:</p>
+<ul>
+ <li>the user’s home directory</li>
+ <li>in a directory specified in an environment variable:
KNOX_CLIENT_TRUSTSTORE_DIR</li>
+ <li>in a directory specified with the above variable with the keystore
filename specified in the variable: KNOX_CLIENT_TRUSTSTORE_FILENAME</li>
+ <li>default password “changeit” or password may be specified in
environment variable: KNOX_CLIENT_TRUSTSTORE_PASS</li>
+ <li>or the JSSE system property: javax.net.ssl.trustStore can be used to
specify its location</li>
+</ul><p>The DSL requires a shell to interpret the Groovy script. The shell can
either be used interactively or to execute a script file. To simplify use, the
distribution contains an embedded version of the Groovy shell.</p><p>The shell
can be run interactively. Use the command <code>exit</code> to exit.</p>
<pre><code>java -jar bin/shell.jar
</code></pre><p>When running interactively it may be helpful to reduce some of
the output generated by the shell console. Use the following command in the
interactive shell to reduce that output. This only needs to be done once as
these preferences are persisted.</p>
<pre><code>set verbosity QUIET
Modified: knox/site/index.html
URL:
http://svn.apache.org/viewvc/knox/site/index.html?rev=1768540&r1=1768539&r2=1768540&view=diff
==============================================================================
--- knox/site/index.html (original)
+++ knox/site/index.html Mon Nov 7 15:55:35 2016
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2016-11-01
+ | Generated by Apache Maven Doxia at 2016-11-07
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20161101" />
+ <meta name="Date-Revision-yyyymmdd" content="20161107" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – REST API Gateway for the Apache Hadoop
Ecosystem</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2016-11-01</li>
+ <li id="publishDate" class="pull-right">Last Published:
2016-11-07</li>
</ul>
</div>
Modified: knox/site/issue-tracking.html
URL:
http://svn.apache.org/viewvc/knox/site/issue-tracking.html?rev=1768540&r1=1768539&r2=1768540&view=diff
==============================================================================
--- knox/site/issue-tracking.html (original)
+++ knox/site/issue-tracking.html Mon Nov 7 15:55:35 2016
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2016-11-01
+ | Generated by Apache Maven Doxia at 2016-11-07
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20161101" />
+ <meta name="Date-Revision-yyyymmdd" content="20161107" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Issue Tracking</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2016-11-01</li>
+ <li id="publishDate" class="pull-right">Last Published:
2016-11-07</li>
</ul>
</div>
Modified: knox/site/license.html
URL:
http://svn.apache.org/viewvc/knox/site/license.html?rev=1768540&r1=1768539&r2=1768540&view=diff
==============================================================================
--- knox/site/license.html (original)
+++ knox/site/license.html Mon Nov 7 15:55:35 2016
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2016-11-01
+ | Generated by Apache Maven Doxia at 2016-11-07
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20161101" />
+ <meta name="Date-Revision-yyyymmdd" content="20161107" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project License</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2016-11-01</li>
+ <li id="publishDate" class="pull-right">Last Published:
2016-11-07</li>
</ul>
</div>
Modified: knox/site/mail-lists.html
URL:
http://svn.apache.org/viewvc/knox/site/mail-lists.html?rev=1768540&r1=1768539&r2=1768540&view=diff
==============================================================================
--- knox/site/mail-lists.html (original)
+++ knox/site/mail-lists.html Mon Nov 7 15:55:35 2016
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2016-11-01
+ | Generated by Apache Maven Doxia at 2016-11-07
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20161101" />
+ <meta name="Date-Revision-yyyymmdd" content="20161107" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Mailing Lists</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2016-11-01</li>
+ <li id="publishDate" class="pull-right">Last Published:
2016-11-07</li>
</ul>
</div>
Modified: knox/site/project-info.html
URL:
http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1768540&r1=1768539&r2=1768540&view=diff
==============================================================================
--- knox/site/project-info.html (original)
+++ knox/site/project-info.html Mon Nov 7 15:55:35 2016
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2016-11-01
+ | Generated by Apache Maven Doxia at 2016-11-07
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20161101" />
+ <meta name="Date-Revision-yyyymmdd" content="20161107" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Information</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2016-11-01</li>
+ <li id="publishDate" class="pull-right">Last Published:
2016-11-07</li>
</ul>
</div>
Modified: knox/site/team-list.html
URL:
http://svn.apache.org/viewvc/knox/site/team-list.html?rev=1768540&r1=1768539&r2=1768540&view=diff
==============================================================================
--- knox/site/team-list.html (original)
+++ knox/site/team-list.html Mon Nov 7 15:55:35 2016
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2016-11-01
+ | Generated by Apache Maven Doxia at 2016-11-07
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20161101" />
+ <meta name="Date-Revision-yyyymmdd" content="20161107" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Team list</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2016-11-01</li>
+ <li id="publishDate" class="pull-right">Last Published:
2016-11-07</li>
</ul>
</div>
Modified: knox/trunk/books/0.10.0/book_client-details.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/0.10.0/book_client-details.md?rev=1768540&r1=1768539&r2=1768540&view=diff
==============================================================================
--- knox/trunk/books/0.10.0/book_client-details.md (original)
+++ knox/trunk/books/0.10.0/book_client-details.md Mon Nov 7 15:55:35 2016
@@ -61,6 +61,17 @@ The `GATEWAY_HOME` directory is the dire
### Basics ###
+In order for secure connections to be made to the Knox gateway server over
SSL, the user will need to trust
+the certificate presented by the gateway while connecting. The knoxcli command
export-cert may be used to get
+access the gateway-identity cert. It can then be imported into cacerts on the
client machine or put into a
+keystore that will be discovered in:
+
+* the user's home directory
+* in a directory specified in an environment variable:
KNOX_CLIENT_TRUSTSTORE_DIR
+* in a directory specified with the above variable with the keystore filename
specified in the variable: KNOX_CLIENT_TRUSTSTORE_FILENAME
+* default password "changeit" or password may be specified in environment
variable: KNOX_CLIENT_TRUSTSTORE_PASS
+* or the JSSE system property: javax.net.ssl.trustStore can be used to specify
its location
+
The DSL requires a shell to interpret the Groovy script.
The shell can either be used interactively or to execute a script file.
To simplify use, the distribution contains an embedded version of the Groovy
shell.
Modified: knox/trunk/books/0.10.0/knox_cli.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/0.10.0/knox_cli.md?rev=1768540&r1=1768539&r2=1768540&view=diff
==============================================================================
--- knox/trunk/books/0.10.0/knox_cli.md (original)
+++ knox/trunk/books/0.10.0/knox_cli.md Mon Nov 7 15:55:35 2016
@@ -74,6 +74,10 @@ argument | description
---------|-----------
\-\-hostname|name of the host to be used in the self-signed certificate. This
allows multi-host deployments to specify the proper hostnames for hostname
verification to succeed on the client side of the SSL connection. The default
is 'localhost'.
+#### Certificate Export ####
+##### `bin/knoxcli.sh export-cert [--type JKS|PEM] [--help]` #####
+Exports and stores the gateway-identity certificate as the type indicated or
PEM by default. This is stored within the
`{GATEWAY_HOME}/data/security/keystores/` directory as either
gateway-identity.pem or gateway-client-trust.jks depending on the type
specified.
+
#### Topology Redeploy ####
##### `bin/knoxcli.sh redeploy [--cluster c]` #####
Redeploys one or all of the gateway's clusters (a.k.a topologies).
Modified: knox/trunk/build.xml
URL:
http://svn.apache.org/viewvc/knox/trunk/build.xml?rev=1768540&r1=1768539&r2=1768540&view=diff
==============================================================================
--- knox/trunk/build.xml (original)
+++ knox/trunk/build.xml Mon Nov 7 15:55:35 2016
@@ -241,10 +241,10 @@
<target name="review-book" depends="init" description="Open the default
book in the default browser.">
<exec executable="${browser.cmd}">
- <arg line="${book-0-9-1-dir}/user-guide.html" />
+ <arg line="${book-0-10-0-dir}/user-guide.html" />
</exec>
<exec executable="${browser.cmd}">
- <arg line="${book-0-9-1-dir}/dev-guide.html" />
+ <arg line="${book-0-10-0-dir}/dev-guide.html" />
</exec>
</target>
