[
https://issues.apache.org/jira/browse/KNOX-105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13844759#comment-13844759
]
Larry McCay commented on KNOX-105:
----------------------------------
That is an interesting point.
I'm not sure that I see this file as such a canonical artifact as you do.
It has always been assumed that it would have to be possible to derive the
topology from any number of other formats.
Cluster topology as seen by Ambari as an example.
Admins would have to explicitly indicate that it should be rewritten - so
it would be doing exactly and only what they indicate.
There is nothing keeping an admin from using this mechanism in a
non-production environment as a master gateway instance and then
propagating the results to production instances - topology files and
credential stores. In this case, nothing would need to be rewritten.
We could also introduce another stage to deployment where an admin stages a
topology that needs to be transformed in deployments as "sandbox.xxx" with
some extension that indicates it can't be deployed alone. The deployment
machinery can process it, write the actual topology file and delete the
temp one.
I do believe that there will be a need for additional tooling at some point.
I could see this tooling manifest as a few different options: REST service,
cmdline, server startup mode, etc.
I guess the question becomes whether we want to create a new Jira for
rewriting clear text passwords in config files and defer this general
tooling jira until later when we know more about the HA requirements and
keystore locations. Which is the biggest question mark in my mind right now.
> Command line tooling for CMF provisioning
> -----------------------------------------
>
> Key: KNOX-105
> URL: https://issues.apache.org/jira/browse/KNOX-105
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.3.0
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 0.4.0
>
>
> We need to be able to create CMF artifacts that can be provisioned to an
> installation and discovered on startup. This will include: master secret
> file, credential and key stores. Initial deliverable needs to address master
> file. This will allow cluster provisioning to discover a master secret
> without a need for a console for the user to provide one. The rest of the
> artifacts can be generated at runtime for dev/test environments.
> Subsequently, we will need the key and credential stores for production
> environment discovery.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
