The Knox CLI is a command line utility for management of various aspects of the Knox deployment. It is primarily concerned with the management of the security artifacts for the gateway instance and each of the deployed topologies or hadoop clusters that are gated by the Knox Gateway instance.
The various security artifacts are also generated and populated automatically by the Knox Gateway runtime when they are not found at startup. The assumptions made in those cases are appropriate for a test or development gateway instance and assume ‘localhost’ for hostname specific activities. For production deployments the use of the CLI may aid in managing some production deployments.
The knoxcli.sh script is located in the {GATEWAY_HOME}/bin directory.
prints help for all commands
Creates and persists an encrypted master secret in a file within {GATEWAY_HOME}/data/security/master
Creates a password alias and stores it in a credential store within the {GATEWAY_HOME}/data/security/keystores dir.
argument | description |
---|---|
--name | name of the alias to create |
--cluster | name of Hadoop cluster for the cluster specific credential store otherwise assumes __gateway |
--value | parameter for specifying the actual password otherwise prompted |
--generate | boolean flag to indicate whether the tool should just generate the value. This assumes that --value is not set - will result in error otherwise. User will not be prompted for the value when --generate is set. |
Deletes a password and alias mapping from a credential store within {GATEWAY_HOME}/data/security/keystores.
argument | description |
---|---|
--name | name of the alias to delete |
--cluster | name of Hadoop cluster for the cluster specific credential store otherwise assumes __gateway |
Lists the alias names for the credential store within {GATEWAY_HOME}/data/security/keystores.
argument | description |
---|---|
--cluster | name of Hadoop cluster for the cluster specific credential store otherwise assumes __gateway |
Creates and stores a self-signed certificate to represent the identity of the gateway instance. This is stored within the {GATEWAY_HOME}/data/security/keystores/gateway.jks keystore.
argument | description |
---|---|
--hostname | name of the host to be used in the self-signed certificate. This allows multi-host deployments to specify the proper hostnames for hostname verification to succeed on the client side of the SSL connection. The default is “localhost”. |