flink-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From se...@apache.org
Subject [1/4] flink git commit: [FLINK-5531] [docs] Fix SSL code-block/list formatting
Date Thu, 19 Jan 2017 16:20:49 GMT
Repository: flink
Updated Branches:
  refs/heads/master e1b2cd01c -> a18657dcc

[FLINK-5531] [docs] Fix SSL code-block/list formatting

This closes #3140

Project: http://git-wip-us.apache.org/repos/asf/flink/repo
Commit: http://git-wip-us.apache.org/repos/asf/flink/commit/ac815d78
Tree: http://git-wip-us.apache.org/repos/asf/flink/tree/ac815d78
Diff: http://git-wip-us.apache.org/repos/asf/flink/diff/ac815d78

Branch: refs/heads/master
Commit: ac815d784d0eaa2bca30fa586a7677da92fdfa31
Parents: cda40a7
Author: zentol <chesnay@apache.org>
Authored: Tue Jan 17 16:40:44 2017 +0100
Committer: Stephan Ewen <sewen@apache.org>
Committed: Thu Jan 19 17:18:48 2017 +0100

 docs/setup/security-ssl.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/docs/setup/security-ssl.md b/docs/setup/security-ssl.md
index 19cdcae..a88c146 100644
--- a/docs/setup/security-ssl.md
+++ b/docs/setup/security-ssl.md
@@ -40,6 +40,7 @@ You need to have a Java Keystore generated and copied to each node in the
 ### Example: Creating self signed CA and keystores for a 2 node cluster
 Execute the following keytool commands to create a truststore with a self signed CA
 keytool -genkeypair -alias ca -keystore ca.keystore -dname "CN=Sample CA" -storepass password
-keypass password -keyalg RSA -ext bc=ca:true
 keytool -keystore ca.keystore -storepass password -alias ca -exportcert > ca.cer
@@ -48,7 +49,7 @@ keytool -importcert -keystore ca.truststore -alias ca -storepass password
 Now create keystores for each node with certificates signed by the above CA. Let node1.company.org
and node2.company.org be the hostnames with IPs and respectively
-**Node 1**
+#### Node 1
 keytool -genkeypair -alias node1 -keystore node1.keystore -dname "CN=node1.company.org" -ext
SAN=dns:node1.company.org,ip: -storepass password -keypass password -keyalg RSA
 keytool -certreq -keystore node1.keystore -storepass password -alias node1 -file node1.csr
@@ -57,7 +58,7 @@ keytool -importcert -keystore node1.keystore -storepass password -file ca.cer
 keytool -importcert -keystore node1.keystore -storepass password -file node1.cer -alias node1
-**Node 2**
+#### Node 2
 keytool -genkeypair -alias node2 -keystore node2.keystore -dname "CN=node2.company.org" -ext
SAN=dns:node2.company.org,ip: -storepass password -keypass password -keyalg RSA
 keytool -certreq -keystore node2.keystore -storepass password -alias node2 -file node2.csr
@@ -70,6 +71,7 @@ keytool -importcert -keystore node2.keystore -storepass password -file node2.cer
 Configure each node in the standalone cluster to pick up the keystore and truststore files
present in the local file system.
 ### Example: 2 node cluster
 * Generate 2 keystores, one for each node, and copy them to the filesystem on the respective
node. Also copy the pulic key of the CA (which was used to sign the certificates in the keystore)
as a Java truststore on both the nodes
 * Configure conf/flink-conf.yaml to pick up these files
@@ -118,10 +120,11 @@ Now you can start the YARN session from the CLI like you would normally
 ### 2. Use YARN cli to deploy the keystores and truststore
 We can use the YARN client's ship files option (-yt) to distribute the keystores and truststore.
Since the same keystore will be deployed at all nodes, we need to ensure a single certificate
in the keystore can be served for all nodes. This can be done by either using the Subject
Alternative Name(SAN) extension in the certificate and setting it to cover all nodes (hostname
and ip addresses) in the cluster or by using wildcard subdomain names (if the cluster is setup
+#### Example
 * Supply the following parameters to the keytool command when generating the keystore: -ext
 * Copy the keystore and the CA's truststore into a local directory (at the cli's working
directory), say deploy-keys/
 * Update the configuration to pick up the files from a relative path
 security.ssl.enabled: true
 security.ssl.keystore: deploy-keys/node.keystore
@@ -130,7 +133,9 @@ security.ssl.key-password: password
 security.ssl.truststore: deploy-keys/ca.truststore
 security.ssl.truststore-password: password
 * Start the YARN session using the -yt parameter
 flink run -m yarn-cluster -yt deploy-keys/ TestJob.jar

View raw message