Question & Answer
Question
IBM BigInsights: How to update Knox Master Secret password?
Cause
Changing the Knox Master Secret Password after Installation
Answer
1. Before attempting the technote backup the following files
a. All the keystores in /usr/iop/4.2.0.0/knox/data/security/keystores/ directory
i.e cp /usr/iop/4.2.0.0/knox/data/security/keystores/* ~/backupkeystore
b. The master file in data/security/folder
i.e mv /usr/iop/4.2.0.0/knox/data/security/master
2. Stop Knox Service From Ambari
3. As knox user perform the following steps to update the password. (su knox)
a. Generate the master secret file with a new password using following steps
From /usr/iop/4.2.0.0/knox/bin directory , run the following command when prompted enter the new password
./knoxcli.sh create-master
***************************************************************************************************
You have indicated that you would like to persist the master secret for this service instance.
Be aware that this is less secure than manually entering the secret on startup.
The persisted file will be encrypted and primarily protected through OS permissions.
***************************************************************************************************
Enter master secret:
Enter master secret again:
Master secret has been persisted to disk.
b. Remove the old keystores
rm -rf /usr/iop/4.2.0.0/knox/data/security/keystores/*
4. Start knox from ambari
Verification
---
To Verify the password for keystores have been modified, run the following command , when prompted provide new master secret password
keytool -list -keystore /usr/iop/4.2.0.0/knox/data/security/keystores/gateway.jks
Enter keystore password:
Was this topic helpful?
Document Information
Modified date:
18 July 2020
UID
swg22003232