Hi Devs, -0 ? -1 ?
The "bin" build when run locally on a fresh system (no brooklyn.properties) requires that a username/password is supplied. It doesn't do any authentication of the local credentials but gives a 401 if not supplied. Specifically: $ curl -v http://localhost:8081/ 2>&1 | grep "< HTTP" < HTTP/1.1 401 Unauthorized $ curl -u anyuser:passwordignored -v http://localhost:8081/ 2>&1 | grep "< HTTP" < HTTP/1.1 200 OK I'm inclined to think this should block a release as it will break any workflow that expects local http to work, and will irritate new users without any security benefits, but I could be talked in to forgiving it. --A On 20 December 2016 at 13:41, Andrea Turli <[email protected]> wrote: > +1 (binding) > > Tested by running Svet's verify script. > > Do a clean extract of source repo for next steps. > > ------------------------------------------- > > Checks successfully completed: > [✓] Download links work. > [✓] Checksums and PGP signatures are valid. > [✓] Expanded source archive matches contents of RC tag. > [✓] Expanded source archive builds and passes tests. > [✓] LICENSE is present and correct. > [✓] NOTICE is present and correct, including copyright date. > [✓] No compiled archives bundled in source archive. > > Additional manual steps done (execute in source distribution folder > apache-brooklyn-0.10.0-src: > * Check for files with invalid headers in source distribution. There are > already files excluded from RAT checks, do a sanity check. > * Check for binary files in source distribution. Look for files which are > created/compiled based on other source files in the distribution. "Primary" > binary files like images are acceptable. > > Checks left to do manually with the help of above instructions: > [✓] All files have license headers where appropriate: I relied on the rat > check when running `mvn clean install` for checking that "all files have > license headers where appropriate". > [-] All dependencies have compatible licenses. > > > > On 19 December 2016 at 17:28, Svetoslav Neykov < > [email protected]> wrote: > > > Geoff, > > > > > I checked the checksums with the release verification script. Is this > in > > > source control somewhere? I'll offer this to add to it: > > > > See https://github.com/apache/brooklyn-dist/pull/65 < > > https://github.com/apache/brooklyn-dist/pull/65> and in particular > > https://github.com/neykov/brooklyn-dist/blob/ > > 9e43edd4f7d65b0553ce41a0405e1be4c8abc364/release/verify_brooklyn_rc.sh < > > https://github.com/neykov/brooklyn-dist/blob/ > > 9e43edd4f7d65b0553ce41a0405e1be4c8abc364/release/verify_brooklyn_rc.sh> > > for an initial implementation of these kind of checks (obviously to be > > expanded where possible). > > > > Svet. > > > > > > > On 19.12.2016 г., at 18:17, Geoff Macartney <geoff.macartney@ > > cloudsoftcorp.com> wrote: > > > > > > +1 > > > > > > [x] Download links work. > > > [x] Binaries work. > > > [x] Checksums and PGP signatures are valid. > > > [x] Expanded source archive matches contents of RC tag. > > > [x] Expanded source archive builds and passes tests. > > > [x] LICENSE is present and correct. > > > [x] NOTICE is present and correct, including copyright date. > > > [x] All files have license headers where appropriate. > > > [-] All dependencies have compatible licenses. > > > [x] No compiled archives bundled in source archive. > > > [x] I follow this project’s commits list. > > > > > > I deployed the classic tarball and karaf versions to Ubuntu using Java > 8 > > > and 7, > > > and the RPM to Centos 7, and was able to deploy sample applications to > > AWS > > > and SL. > > > > > > I checked the checksums with the release verification script. Is this > in > > > source > > > control somewhere? I'll offer this to add to it: > > > > > > function licenses_and_notices () { > > > local filename=$1 > > > local copyright='Copyright 2014-2016 The Apache Software > > Foundation' > > > for tarball in `ls *.tar.gz`; do > > > container=$( tar tf $tarball | awk NR==1 ) > > > tar tf $tarball | grep -q ${container}LICENSE > > > tar tf $tarball | grep -q ${container}NOTICE > > > tar xOf $tarball ${container}NOTICE | grep -q "${copyright}" > > > done > > > } > > > > > > licenses_and_notices > > > > > > Notes: > > > > > > I was able to deploy a WebServer + 3-node Riak demo app to Softlayer > > > without problem, > > > and didn't see the "hostname is (none)" problem mentioned previously by > > > Svet. > > > > > > I tested https access (with Karaf version) and access to it using "br" > > > (from Mac) without > > > observing the crash Svet saw: > > > > > > ./br login https://10.10.10.102:8443 geoff password > > > Get https://10.10.10.102:8443/v1/server/version: x509: cannot > > validate > > > certificate for 10.10.10.102 because it doesn't contain any IP SANs > > > > > > ./br --skipSslChecks login https://10.10.10.102:8443 geoff > password > > > Connected to Brooklyn version 0.10.0 at https://10.10.10.102:8443 > > > > > > ./br app > > > Id | Name | Status | Location > > > > > > > > > Tested the above on Linux and Mac. I also tried 1000 consecutive > logins > > > and didn't see the > > > segfault as mentioned in the comment on BROOKLYN-416. I don't know why > > Svet > > > is seeing these > > > problems; my own tests would indicate that br is working ok. Anyone > else > > > able to say what > > > they are seeing? > > > > > > Caveat: > > > > > > I did see the behaviour that Svet describes on the main.uri on the > sample > > > applications. > > > I thought hard about whether this should prevent us releasing. On the > one > > > hand, there > > > is a possible risk of a poor impression on users trying Brooklyn for > the > > > first time if > > > its own sample apps appear not to work well. On the other hand it's > > fairly > > > clear just from > > > looking at the URL what network it is on, so it shouldn't really be too > > > confusing. In > > > the end what persuaded me was checking back to 0.9.0, and this > behaviour > > > was already > > > there, so this is not a regression. Not that that matters as such, but > as > > > far as I recall > > > there was no feedback on the mailing list about this, so it does not > seem > > > to have actually > > > caused a problem for anyone in practice. I'm therefore happy enough to > > say > > > +1. > > > At the same time I think it is something that we should tidy up for the > > > future. > > > > > > Geoff > > > > > > > > > > > > > > > > > > On Mon, 19 Dec 2016 at 11:51 Svetoslav Neykov < > > > [email protected]> wrote: > > > > > >> +1 (binding) > > >> > > >> Caveats: > > >> * hostname on Softlayer-provisioned machines is "(none)" > > >> * On Softlayer App Wizard examples "Template 2: Python Web Server", > > >> "Template 3: Bash Web Server and Riak Cluster" list the private IP for > > >> "main.uri" (with no "xxx.public/private" alternatives). It's easy to > > think > > >> that it's not working. If public IP is used it's reachable. Some of > the > > >> items have the sensor propagated to top, but it's still the private IP > > >> * "main.uri" is not propagated to root app (for most examples), need > > to > > >> drill down to first child to get the sensors > > >> * br - getting fatal error sometimes ( > > >> https://issues.apache.org/jira/browse/BROOKLYN-416 < > > >> https://issues.apache.org/jira/browse/BROOKLYN-416>). Not a new > problem > > >> it seems. > > >> * br - can't use --skipSslChecks, still getting "Get > > >> https://localhost:8443/v1/server/version: x509: certificate is valid > > for > > >> web-console, not localhost" from Karaf dist. > > >> * If I log in into two localhost ports at the same time I get CSRF > > Token > > >> errors from the page that got loaded first. Using them one by one > works > > >> fine. > > >> > > >> Could be easily convinced that item 2 from above doesn't deserve a +1, > > >> thoughts? > > >> > > >> > > >> ------------------- > > >> > > >> > > >> Tested by running the verify script from > > >> https://github.com/neykov/brooklyn-dist/blob/ > > 9e43edd4f7d65b0553ce41a0405e1be4c8abc364/release/verify_brooklyn_rc.sh > > >> < > > >> https://github.com/neykov/brooklyn-dist/blob/ > > 9e43edd4f7d65b0553ce41a0405e1be4c8abc364/release/verify_brooklyn_rc.sh> > > >> (https://github.com/apache/brooklyn-dist/pull/65 < > > >> https://github.com/apache/brooklyn-dist/pull/65>). > > >> Expanded the -bin & -karaf, running with local brooklyn.properties. > > >> Deployed the example apps to AWS & Softlayer (with preconfigured > > locations). > > >> Expanded the OS X br client and tried it against Classic (https) & > Karaf > > >> (non-https); > > >> > > >> [✓] Download links work. > > >> [✓] Binaries work. > > >> [✓] Checksums and PGP signatures are valid. > > >> [✓] Expanded source archive matches contents of RC tag. > > >> [✓] Expanded source archive builds and passes tests. > > >> [✓] LICENSE is present and correct. > > >> [✓] NOTICE is present and correct, including copyright date. > > >> [✓] All files have license headers where appropriate. > > >> [✓] All dependencies have compatible licenses. > > >> [✓] No compiled archives bundled in source archive. > > >> [-] I follow this project’s commits list. > > >> > > >> > > >> Svet. > > >> > > >> > > >>> On 18.12.2016 г., at 19:14, Aled Sage <[email protected]> wrote: > > >>> > > >>> +1 (binding) > > >>> > > >>> I downloaded the tar.gz, and ran it on OS X. I deployed TomcatServer > to > > >> AWS, Softlayer, Openstack (bluebox-london) and Google Compute Engine. > > >>> > > >>> I ran the verify_brooklyn_rc.sh script (see attachment in rc1 vote). > > >>> > > >>> I relied on the rat check when running `mvn clean install` for > checking > > >> that "all files have license headers where appropriate". > > >>> > > >>> I checked that each tar.gz in [1] contained a top-level LICENSE and > > >> NOTICE file (including the text "Copyright 2014-2016 The Apache > Software > > >> Foundation"). > > >>> > > >>> [-] Download links work. > > >>> [-] Binaries work. > > >>> [x] Checksums and PGP signatures are valid. > > >>> [-] Expanded source archive matches contents of RC tag. > > >>> [x] Expanded source archive builds and passes tests. > > >>> [x] LICENSE is present and correct. > > >>> [x] NOTICE is present and correct, including copyright date. > > >>> [x] All files have license headers where appropriate. > > >>> [-] All dependencies have compatible licenses. > > >>> [x] No compiled archives bundled in source archive. > > >>> [x] I follow this project’s commits list. > > >>> > > >>> Aled > > >>> > > >>> [1] > > >> https://dist.apache.org/repos/dist/dev/brooklyn/apache- > > brooklyn-0.10.0-rc3 > > >>> > > >>> > > >>> On 16/12/2016 12:34, Svetoslav Neykov wrote: > > >>>> This is to call for a vote for the release of Apache Brooklyn > 0.10.0. > > >>>> > > >>>> This release comprises of a source code distribution, and a > > >> corresponding > > >>>> binary distribution, and Maven artifacts. > > >>>> > > >>>> The source and binary distributions, including signatures, digests, > > >> etc. can > > >>>> be found at: > > >>>> > > >>>> > > >> https://dist.apache.org/repos/dist/dev/brooklyn/apache- > > brooklyn-0.10.0-rc3 > > >>>> > > >>>> The artifact SHA-256 checksums are as follows: > > >>>> > > >>>> 9ae6ec9f6e2356264fd2032d224965d191e5eab5a5346f8a9de5b05271650157 > > >> *apache-brooklyn-0.10.0-rc3-1.noarch.rpm > > >>>> b43c1fc20409594d17151d68b550bb17d8ea5a5592e0b7fbdcf489a81ca2118e > > >> *apache-brooklyn-0.10.0-rc3-bin.tar.gz > > >>>> cb7df99f024e918c5517097d904a68d9976c5bf913c9dd64edebb6b5b6e5a89e > > >> *apache-brooklyn-0.10.0-rc3-bin.zip > > >>>> d65d2525507d40fa0b554b13a57190a724213610a7615082d53137b7bab4b5d5 > > >> *apache-brooklyn-0.10.0-rc3-client-cli-linux.tar.gz > > >>>> 4d13118fca8e02aaf5b4ab3b3f305d139450bcf64d290781609643c4622b8cb5 > > >> *apache-brooklyn-0.10.0-rc3-client-cli-linux.zip > > >>>> 375eb6a4944a7758dc790a75bd4a0abc782a4ba66af754b4162bbb66a33902d8 > > >> *apache-brooklyn-0.10.0-rc3-client-cli-macosx.tar.gz > > >>>> 9d95e0679e603a9184ada88b63b0c4e8f8503eb51677e04ae59f4aa05f454860 > > >> *apache-brooklyn-0.10.0-rc3-client-cli-macosx.zip > > >>>> 502e0999d3612f0eb4027d24312da67a67183fc127074ec815b3c72f5de41d87 > > >> *apache-brooklyn-0.10.0-rc3-client-cli-windows.tar.gz > > >>>> 1e1ec0210e53faaf9ef1d8907275535a197b341df80e0832067967f4075db191 > > >> *apache-brooklyn-0.10.0-rc3-client-cli-windows.zip > > >>>> a32c65628bf897c66ed8bd820a2ce5268bba52815b46f805795e9b51ac836912 > > >> *apache-brooklyn-0.10.0-rc3-karaf.tar.gz > > >>>> 4b840de7ab986ba64ffba4b98748ca87818718ac3e386bb2d978533e4fa35f62 > > >> *apache-brooklyn-0.10.0-rc3-karaf.zip > > >>>> 7906b3dba2278c9648f2b340a532d3030536a6a8f1c920311bdcd585a42111e8 > > >> *apache-brooklyn-0.10.0-rc3-src.tar.gz > > >>>> 4579e5e27c2751b5e8b57bab126ae683aa34aa42d6e13eb6c922951df6947b4c > > >> *apache-brooklyn-0.10.0-rc3-src.zip > > >>>> b361ada2d4cc1334e72b44986b96e6302aaa24464252c3782f7b679bfa5da858 > > >> *apache-brooklyn-0.10.0-rc3-vagrant.tar.gz > > >>>> 393df963f6b952ec8c05c1aa0ab0d459037e0972798f17ba7d0221f7e3570440 > > >> *apache-brooklyn-0.10.0-rc3-vagrant.zip > > >>>> > > >>>> The Nexus staging repository for the Maven artifacts is located at: > > >>>> > > >>>> > > >> https://repository.apache.org/content/repositories/ > > orgapachebrooklyn-1034 > > >>>> > > >>>> All release artifacts are signed with the following key: > > >>>> > > >>>> https://people.apache.org/keys/committer/svet.asc > > >>>> > > >>>> KEYS file available here: > > >>>> > > >>>> https://dist.apache.org/repos/dist/release/brooklyn/KEYS > > >>>> > > >>>> > > >>>> The artifacts were built from git commit IDs: > > >>>> > > >>>> brooklyn: 1d7ab19ffba2c87e9ad1b037fb217dc7d39506c9 > > >>>> brooklyn-client: 0e870fa15714c5a050bb67d6fa0429ff90a8fa4c > > >>>> brooklyn-dist: dda655c45abab34601a5e62250431ea93fdf1755 > > >>>> brooklyn-docs: d75752725ef6683a0f52e3059ed475dc69872f9e > > >>>> brooklyn-library: 9fbc78cb4a9d1dccdbdbb70a1ee48f2afddfe067 > > >>>> brooklyn-server: 41561635e3bbb0524dbeaae516a26c793174fd93 > > >>>> brooklyn-ui: a6e2e8bccfdd98b4f7155b5be86f5b85149e0f33 > > >>>> All of the above have been tagged as "apache-brooklyn-0.10.0-rc3" > > >>>> > > >>>> Please vote on releasing this package as Apache Brooklyn 0.10.0. > > >>>> > > >>>> The vote will be open for at least 72 hours. > > >>>> [ ] +1 Release this package as Apache Brooklyn 0.10.0 > > >>>> [ ] +0 no opinion > > >>>> [ ] -1 Do not release this package because ... > > >>>> > > >>>> > > >>>> Thanks! > > >>>> Svet. > > >>>> > > >>>> > > >>>> CHECKLIST for reference > > >>>> > > >>>> [ ] Download links work. > > >>>> [ ] Binaries work. > > >>>> [ ] Checksums and PGP signatures are valid. > > >>>> [ ] Expanded source archive matches contents of RC tag. > > >>>> [ ] Expanded source archive builds and passes tests. > > >>>> [ ] LICENSE is present and correct. > > >>>> [ ] NOTICE is present and correct, including copyright date. > > >>>> [ ] All files have license headers where appropriate. > > >>>> [ ] All dependencies have compatible licenses. > > >>>> [ ] No compiled archives bundled in source archive. > > >>>> [ ] I follow this project’s commits list. > > >>> > > >>> > > >> > > >> > > > > >
