IBM BigInsights: How to update Knox Master Secret password?

Answer

1. Before attempting the technote backup the following files

a. All the keystores in /usr/iop/4.2.0.0/knox/data/security/keystores/ directory

i.e cp /usr/iop/4.2.0.0/knox/data/security/keystores/* ~/backupkeystore

b. The master file in data/security/folder

i.e mv /usr/iop/4.2.0.0/knox/data/security/master

2. Stop Knox Service From Ambari

3. As knox user perform the following steps to update the password. (su knox)

a. Generate the master secret file with a new password using following steps

From /usr/iop/4.2.0.0/knox/bin directory , run the following command when prompted enter the new password

./knoxcli.sh create-master

***************************************************************************************************
You have indicated that you would like to persist the master secret for this service instance.
Be aware that this is less secure than manually entering the secret on startup.
The persisted file will be encrypted and primarily protected through OS permissions.
***************************************************************************************************
Enter master secret:
Enter master secret again:
Master secret has been persisted to disk.

b. Remove the old keystores

rm -rf /usr/iop/4.2.0.0/knox/data/security/keystores/*

4. Start knox from ambari

Verification
---
To Verify the password for keystores have been modified, run the following command , when prompted provide new master secret password

keytool -list -keystore /usr/iop/4.2.0.0/knox/data/security/keystores/gateway.jks
Enter keystore password: