Re: [DISCUSS] Release an Apache Knox v1.5.0

2020-11-05 Thread Jeffrey Rodriguez 
+1  for release 1.5 .0 That would be great. Let me know how can I help.

Jeff

On Thu, Nov 5, 2020 at 12:57 PM larry mccay  wrote:
>
> All -
>
> There has been 7 months or so since we released 1.4.0.
> While we haven't done any particular feature scoping as part of a release
> theme, there have been numerous fixes and some feature work done in that
> time.
>
> We have around 90+ commits in that time and some interest has been
> expressed in getting the fix for KNOX-2397 released to the community.
>
> I propose that we take this opportunity to release v1.5.0 over the next
> couple weeks and target a Nov 27th release.
>
> Thoughts?
>
> thanks,
>
> --larry

Re: [RESULTS] [VOTE] Release RC 2 as Apache Knox 1.3.0

2019-07-22 Thread Jeffrey Rodriguez 
❤️酪

On Mon, Jul 22, 2019 at 11:24 AM larry mccay  wrote:

> The Apache Knox community has voted successfully to release RC 2 as Apache
> Knox 1.3.0 with the following votes:
>
> +1 (binding): 4
> +1 (non-binding): 2
> -1: 0
>
> Thank you everyone for your contributions to this release!
> I will being the process of finalizing and publishing Apache Knox 1.3.0
> shortly.
>
> On Mon, Jul 22, 2019 at 1:11 PM Madhan Neethiraj 
> wrote:
>
> > +1
> >
> > - downloaded source tar ball
> > - verified signatures for the tar ball
> > - built and ran UTs successfully
> >
> > Please consider adding the following details in VOTE email:
> >  - a link to get list of JIRAs addressed in this release. JIRA report for
> > "fixVersion=1.3.0 AND resolution=Fixed" shows 163 resolved issues for
> this
> > release. Impressive!
> >  - a link for instructions to build Knox. Like this one:
> > https://cwiki.apache.org/confluence/display/KNOX/Build+Process
> >  - a link for setup instructions. Perhaps link to QuickStart?
> > https://knox.apache.org/books/knox-1-2-0/user-guide.html#Quick+Start
> >
> > Thanks,
> > Madhan
> >
> > On 7/22/19, 10:02 AM, "Sandeep Moré"  wrote:
> >
> > +1
> > * Downloaded and built from source
> > * Checked LICENSE and NOTICE files
> > * Verified GPG/SHA signatures for Knox source, Knox and Knoxshell
> > release
> > packages
> > * Installed pseudo-distributed instance (Mac OS X )
> > * Ran through knox tests
> > * Checked websocket functionality
> > * Tested Zeppelin UI (0.8.1)
> > * Checked Topology Port Mapping feature
> > * Tested Yarn UI
> >
> > Was able to test Zeppelin, there could be a problem with my cluster
> > configuration.
> > Downloaded Apache Zeppelin 0.8.1 and it works as expected.
> >
> > Best,
> > Sandeep
> >
> >
> >
> > On Mon, Jul 22, 2019 at 11:51 AM Sandeep Moré  >
> > wrote:
> >
> > > I am running into issues testing Zeppelin on a non-secure cluster,
> I
> > can
> > > create an empty notebook but I cannot open it, when I try to open
> it
> > I get
> > > prompted for login. I could not find error messages in Knox logs, I
> > was
> > > able to confirm websockets are working and I can see the data going
> > back
> > > and forth. Anybody see this issue ? will try to test it again on a
> > secure
> > > cluster.
> > >
> > > Best,
> > > Sandeep
> > >
> > >
> > >
> > > On Wed, Jul 17, 2019 at 8:37 AM larry mccay 
> > wrote:
> > >
> > >> All -
> > >>
> > >> A candidate for the Apache Knox 1.3.0 release is available at:
> > >>
> > >> https://dist.apache.org/repos/dist/dev/knox/knox-1.3.0/
> > >>
> > >> This RC addresses multiple issues identified in the testing of RC
> 1:
> > >>   1. Build problem related to DNS and SAN within the self signed
> > cert
> > >>   2. libpam4j issue
> > >>   3. Upgrade to latest LTS of npm
> > >>
> > >> The release candidate is a zip archive of the sources in:
> > >>
> > >> https://https://gitbox.apache.org/repos/asf/knox.git
> > >> Branch v1.3.0 (git checkout -b v1.3.0)
> > >>
> > >> The KEYS file for signature validation is available at:
> > >> https://dist.apache.org/repos/dist/release/knox/KEYS
> > >>
> > >> Please vote on releasing this package as Apache Knox 1.3.0.
> > >> The vote is open for the next 72 hours and passes if a majority of
> > at
> > >> least three +1 Apache Knox PMC votes are cast.
> > >>
> > >> [ ] +1 Release this package as Apache Knox 1.3.0
> > >> [ ] -1 Do not release this package because...
> > >>
> > >> thanks,
> > >>
> > >> --larry
> > >>
> > >
> >
> >
> >
> >
>

Re: [VOTE] Release RC 2 as Apache Knox 1.3.0

2019-07-17 Thread Jeffrey Rodriguez 
Excellent job!! Thank you.

I am able to build on the scenario where I had problems.

Also tested a few of the scenarios where I use Knox.

+1 Release this package as Knox 1.3.0 is my vote.

Jeffrey E Rodriguez

On Wed, Jul 17, 2019 at 5:37 AM larry mccay  wrote:
>
> All -
>
> A candidate for the Apache Knox 1.3.0 release is available at:
>
> https://dist.apache.org/repos/dist/dev/knox/knox-1.3.0/
>
> This RC addresses multiple issues identified in the testing of RC 1:
>   1. Build problem related to DNS and SAN within the self signed cert
>   2. libpam4j issue
>   3. Upgrade to latest LTS of npm
>
> The release candidate is a zip archive of the sources in:
>
> https://https://gitbox.apache.org/repos/asf/knox.git
> Branch v1.3.0 (git checkout -b v1.3.0)
>
> The KEYS file for signature validation is available at:
> https://dist.apache.org/repos/dist/release/knox/KEYS
>
> Please vote on releasing this package as Apache Knox 1.3.0.
> The vote is open for the next 72 hours and passes if a majority of at
> least three +1 Apache Knox PMC votes are cast.
>
> [ ] +1 Release this package as Apache Knox 1.3.0
> [ ] -1 Do not release this package because...
>
> thanks,
>
> --larry

Re: [VOTE] Release Apache Knox 1.3.0

2019-07-15 Thread Jeffrey Rodriguez 
Thanks all, for the info. So we are saying it is .a JDK issue.  We
should verify it and document it on the release notes so users who
want to build their distribution are able to do so. It is always good
to lower the frustration factor on users.
Give the above I would vote for releasing 1.3.
Regards,
 Jeff Rodriguez

On Mon, Jul 15, 2019 at 5:39 AM Phil Zampino  wrote:
>
> For the sake of providing another data point, I've *not* encountered these
> issues with earlier JDK8 builds:
>
> java version "1.8.0_144"
> Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
> Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)
>
>
> On Mon, Jul 15, 2019 at 6:42 AM Sandor Molnar 
> wrote:
>
> > Update: I've just installed Oracle JDK 1.8.0_212 b10 (the latest one
> > available on Oracle's download page) and the issue still there.
> > It seems it's only fixed in OpenJDK 1.8.0 u212.
> >
> > On Mon, Jul 15, 2019 at 11:03 AM Sandor Molnar 
> > wrote:
> >
> > >
> > > The error you ran into was a known issue in Oracle JDK as well as in
> > > OpenJDK but both are fixed:
> > > - Oracle JDK -
> > > https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8213952
> > > - OpenJDK - https://bugs.openjdk.java.net/browse/JDK-8213952
> > >
> > > Knox's PR builder (Travis CI) uses OpenJDK (sample log:
> > > https://api.travis-ci.org/v3/job/558804721/log.txt):
> > > Java version: 1.8.0_212, vendor: Oracle Corporation, runtime:
> > > /usr/local/openjdk-8/jre
> > >
> > > I experienced the same issue before I upgraded from u151 to u212 locally.
> > >
> > > I believe this should not hold back the release. We should only document
> > > the minimum Java 8 version (update 212) in the release notes.
> > >
> > > Cheers,
> > > Sandor
> > >
> > > On Sat, Jul 13, 2019 at 4:34 PM Jeffrey Rodriguez 
> > > wrote:
> > >
> > >> Here another attempt to build Knox.
> > >>
> > >> This time in a docker container running alpine version 3.8.2.
> > >>
> > >> Maven 3.6.1
> > >> Ant 1.9.14
> > >> Oracle java version "1.8.0_202"
> > >>
> > >> Attached build output.
> > >>
> > >> Regards,
> > >> Jeffrey E Rodriguez
> > >>
> > >
> >

Re: [VOTE] Release Apache Knox 1.3.0

2019-07-12 Thread Jeffrey Rodriguez 
Hi Sandor,
  It is :
"

java version "1.8.0_211"

Java(TM) SE Runtime Environment (build 1.8.0_211-b12)

Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode)"

On Fri, Jul 12, 2019 at 1:43 PM Sandor Molnar
 wrote:
>
> Jeff,
> could you please also include the Java version you are using?
> Thanks,
> Sandor
>
> On Fri, Jul 12, 2019 at 10:29 PM Phil Zampino  wrote:
>
> > As Kevin mentioned, it is being successfully built daily by Jenkins, Travis
> > and multiple engineers on different hosts.
> > Neither Larry nor I have been able to reproduce it on any machines
> > currently at our disposal.
> >
> > Since you are actively experiencing the problem, it would be helpful if you
> > can identify the issues clearly enough to formulate a release note (if one
> > is even warranted).
> >
> > In the meantime, have I understood your comment that your build command is
> > 'mvn -Prelease clean install' ?
> >
> > Thanks,
> >   Phil
> >
> > On Fri, Jul 12, 2019 at 3:17 PM Jeffrey Rodriguez 
> > wrote:
> >
> > > Thanks Larry and Phil.
> > >
> > > I will be it a try on a different mac, and try it on a Linux VM. I
> > > will do so this weekend. Nonetheless, if we find what configurations
> > > cause the issue we should include something in release notes as Phil
> > > suggested.
> > >
> > > Regards,
> > > Jeff Rodriguez
> > >
> > > On Fri, Jul 12, 2019 at 10:30 AM Phil Zampino 
> > wrote:
> > > >
> > > > While it seems that these build issues are probably not release
> > blockers,
> > > > given the similar experiences for Cohlm and Jeffrey, it may be useful
> > to
> > > > include something in the release notes if we can nail down specific
> > > > problems.
> > > >
> > > > On Fri, Jul 12, 2019 at 1:20 PM larry mccay  wrote:
> > > >
> > > > > I have successfully built from source on my mac, ubuntu and Linux
> > Mint
> > > > > machines without a problem.
> > > > > Both linux machines were clean installs - @jeffrey - I suspect some
> > > > > environment issue on your machine wrt npm or maven or something.
> > > > >
> > > > >
> > > > > On Fri, Jul 12, 2019 at 12:29 PM Jeffrey Rodriguez <
> > > jeffrey...@gmail.com>
> > > > > wrote:
> > > > >
> > > > > > I posted some info on the dev mail list thread of July 8.
> > > > > >
> > > > > >
> > > > > >
> > > > > > I get:
> > > > > >
> > > > > > [ERROR] Tests run: 12, Failures: 0, Errors: 2, Skipped: 0, Time
> > > > > > elapsed: 1.567 s <<< FAILURE! - in
> > > > > >
> > > org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest
> > > > > >
> > > > > > [ERROR]
> > > > > >
> > > > >
> > >
> > testKeystoreForGateway(org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest)
> > > > > >  Time elapsed: 0.203 s  <<< ERROR!
> > > > > >
> > > > > > java.lang.NullPointerException
> > > > > >
> > > > > > at
> > > > > >
> > > > >
> > >
> > org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testCreateGetAndCheckKeystoreForGateway(DefaultKeystoreServiceTest.java:566)
> > > > > >
> > > > > > at
> > > > > >
> > > > >
> > >
> > org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testKeystoreForGateway(DefaultKeystoreServiceTest.java:229)
> > > > > >
> > > > > >
> > > > > > [ERROR]
> > > > > >
> > > > >
> > >
> > testAddSelfSignedCertForGatewayLocalhost(org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest)
> > > > > >  Time elapsed: 0.214 s  <<< ERROR!
> > > > > >
> > > > > > java.lang.NullPointerException
> > > > > >
> > > > > > at
> > > > > >
> > > > >
> > >
> > org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testAddSelfSignedCertForGateway(DefaultKeystoreServiceTest.java:520)
> > > > >

Re: [VOTE] Release Apache Knox 1.3.0

2019-07-12 Thread Jeffrey Rodriguez 
Thanks Larry and Phil.

I will be it a try on a different mac, and try it on a Linux VM. I
will do so this weekend. Nonetheless, if we find what configurations
cause the issue we should include something in release notes as Phil
suggested.

Regards,
Jeff Rodriguez

On Fri, Jul 12, 2019 at 10:30 AM Phil Zampino  wrote:
>
> While it seems that these build issues are probably not release blockers,
> given the similar experiences for Cohlm and Jeffrey, it may be useful to
> include something in the release notes if we can nail down specific
> problems.
>
> On Fri, Jul 12, 2019 at 1:20 PM larry mccay  wrote:
>
> > I have successfully built from source on my mac, ubuntu and Linux Mint
> > machines without a problem.
> > Both linux machines were clean installs - @jeffrey - I suspect some
> > environment issue on your machine wrt npm or maven or something.
> >
> >
> > On Fri, Jul 12, 2019 at 12:29 PM Jeffrey Rodriguez 
> > wrote:
> >
> > > I posted some info on the dev mail list thread of July 8.
> > >
> > >
> > >
> > > I get:
> > >
> > > [ERROR] Tests run: 12, Failures: 0, Errors: 2, Skipped: 0, Time
> > > elapsed: 1.567 s <<< FAILURE! - in
> > > org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest
> > >
> > > [ERROR]
> > >
> > testKeystoreForGateway(org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest)
> > >  Time elapsed: 0.203 s  <<< ERROR!
> > >
> > > java.lang.NullPointerException
> > >
> > > at
> > >
> > org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testCreateGetAndCheckKeystoreForGateway(DefaultKeystoreServiceTest.java:566)
> > >
> > > at
> > >
> > org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testKeystoreForGateway(DefaultKeystoreServiceTest.java:229)
> > >
> > >
> > > [ERROR]
> > >
> > testAddSelfSignedCertForGatewayLocalhost(org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest)
> > >  Time elapsed: 0.214 s  <<< ERROR!
> > >
> > > java.lang.NullPointerException
> > >
> > > at
> > >
> > org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testAddSelfSignedCertForGateway(DefaultKeystoreServiceTest.java:520)
> > >
> > > at
> > >
> > org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testAddSelfSignedCertForGatewayLocalhost(DefaultKeystoreServiceTest.java:413)
> > >
> > > My env:
> > > "
> > > Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
> > > 2015-11-10T08:41:47-08:00)
> > >
> > > Maven home: /Users/jrodrigu/build/apache-maven-3.3.9
> > >
> > > Java version: 1.8.0_211, vendor: Oracle Corporation
> > >
> > > Java home:
> > > /Library/Java/JavaVirtualMachines/jdk1.8.0_211.jdk/Contents/Home/jre
> > >
> > > Default locale: en_US, platform encoding: US-ASCII
> > >
> > > OS name: "mac os x", version: "10.14.5", arch: "x86_64", family: "mac"
> > >
> > > The machine I am using doesn't have any Hadoop stack software (it is a
> > > clean machine).
> > >
> > > I got the errors above with:
> > >
> > > mvn clean install -DskipTests=false
> > >
> > > In addition, the day before I tried release building the way it is shown
> > > on:
> > > https://cwiki.apache.org/confluence/display/KNOX/Build+Process
> > > On that case I run into the npm issues discussed in July 8 thread.
> > >
> > > Thanks,
> > >  Jeffrey E Rodriguez
> > >
> > > I will follow up on this on the weekend.
> > >
> > >
> > >
> > >
> > > On Fri, Jul 12, 2019 at 9:21 AM Kevin Risden  wrote:
> > > >
> > > > Jeffrey - Can you be more specific about build issues? Apache Jenkins,
> > > > Travis, and locally Knox has been building just fine. Would be curious
> > > what
> > > > you are hitting.
> > > >
> > > > Kevin Risden
> > > >
> > > >
> > > > On Fri, Jul 12, 2019 at 12:12 PM Jeffrey Rodriguez <
> > jeffrey...@gmail.com
> > > >
> > > > wrote:
> > > >
> > > > > -1: At this point I am inclined to advise checking the build issues
> > > > > found in v

Re: [VOTE] Release Apache Knox 1.3.0

2019-07-12 Thread Jeffrey Rodriguez 
I posted some info on the dev mail list thread of July 8.



I get:

[ERROR] Tests run: 12, Failures: 0, Errors: 2, Skipped: 0, Time
elapsed: 1.567 s <<< FAILURE! - in
org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest

[ERROR] 
testKeystoreForGateway(org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest)
 Time elapsed: 0.203 s  <<< ERROR!

java.lang.NullPointerException

at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testCreateGetAndCheckKeystoreForGateway(DefaultKeystoreServiceTest.java:566)

at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testKeystoreForGateway(DefaultKeystoreServiceTest.java:229)


[ERROR] 
testAddSelfSignedCertForGatewayLocalhost(org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest)
 Time elapsed: 0.214 s  <<< ERROR!

java.lang.NullPointerException

at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testAddSelfSignedCertForGateway(DefaultKeystoreServiceTest.java:520)

at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testAddSelfSignedCertForGatewayLocalhost(DefaultKeystoreServiceTest.java:413)

My env:
"
Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
2015-11-10T08:41:47-08:00)

Maven home: /Users/jrodrigu/build/apache-maven-3.3.9

Java version: 1.8.0_211, vendor: Oracle Corporation

Java home: /Library/Java/JavaVirtualMachines/jdk1.8.0_211.jdk/Contents/Home/jre

Default locale: en_US, platform encoding: US-ASCII

OS name: "mac os x", version: "10.14.5", arch: "x86_64", family: "mac"

The machine I am using doesn't have any Hadoop stack software (it is a
clean machine).

I got the errors above with:

mvn clean install -DskipTests=false

In addition, the day before I tried release building the way it is shown on:
https://cwiki.apache.org/confluence/display/KNOX/Build+Process
On that case I run into the npm issues discussed in July 8 thread.

Thanks,
 Jeffrey E Rodriguez

I will follow up on this on the weekend.




On Fri, Jul 12, 2019 at 9:21 AM Kevin Risden  wrote:
>
> Jeffrey - Can you be more specific about build issues? Apache Jenkins,
> Travis, and locally Knox has been building just fine. Would be curious what
> you are hitting.
>
> Kevin Risden
>
>
> On Fri, Jul 12, 2019 at 12:12 PM Jeffrey Rodriguez 
> wrote:
>
> > -1: At this point I am inclined to advise checking the build issues
> > found in v1.3.0. I will try again on my home system this weekend.
> > Regards,
> >  Jeffrey E Rodriguez
> >
> > On Wed, Jul 10, 2019 at 8:59 AM larry mccay  wrote:
> > >
> > > All -
> > >
> > > A candidate for the Apache Knox 1.3.0 release is available at:
> > >
> > > https://dist.apache.org/repos/dist/dev/knox/knox-1.3.0/
> > >
> > > The release candidate is a zip archive of the sources in:
> > >
> > > https://https://gitbox.apache.org/repos/asf/knox.git
> > > Branch v1.3.0 (git checkout -b v1.3.0)
> > >
> > > The KEYS file for signature validation is available at:
> > > https://dist.apache.org/repos/dist/release/knox/KEYS
> > >
> > > Please vote on releasing this package as Apache Knox 1.3.0.
> > > The vote is open for the next 72 hours and passes if a majority of at
> > > least three +1 Apache Knox PMC votes are cast.
> > >
> > > [ ] +1 Release this package as Apache Knox 1.3.0
> > > [ ] -1 Do not release this package because...
> > >
> > > thanks,
> > >
> > > --larry
> >

Re: [VOTE] Release Apache Knox 1.3.0

2019-07-12 Thread Jeffrey Rodriguez 
-1: At this point I am inclined to advise checking the build issues
found in v1.3.0. I will try again on my home system this weekend.
Regards,
 Jeffrey E Rodriguez

On Wed, Jul 10, 2019 at 8:59 AM larry mccay  wrote:
>
> All -
>
> A candidate for the Apache Knox 1.3.0 release is available at:
>
> https://dist.apache.org/repos/dist/dev/knox/knox-1.3.0/
>
> The release candidate is a zip archive of the sources in:
>
> https://https://gitbox.apache.org/repos/asf/knox.git
> Branch v1.3.0 (git checkout -b v1.3.0)
>
> The KEYS file for signature validation is available at:
> https://dist.apache.org/repos/dist/release/knox/KEYS
>
> Please vote on releasing this package as Apache Knox 1.3.0.
> The vote is open for the next 72 hours and passes if a majority of at
> least three +1 Apache Knox PMC votes are cast.
>
> [ ] +1 Release this package as Apache Knox 1.3.0
> [ ] -1 Do not release this package because...
>
> thanks,
>
> --larry

Re: Build problem

2019-07-12 Thread Jeffrey Rodriguez 
Finding the same issues mentioned in the thread. In my case, I am
building v1.3.0 which is the proposed release. I would have expected
build for development and release to work. Even though it is eassy to
work around the build glitches, would you think that proposed release
v1.3.0  should be passed with these issues?
Just building with "mvn clean install -DskipTests=false -Ppackage",
for example fails with:

[ERROR] Tests run: 12, Failures: 0, Errors: 2, Skipped: 0, Time
elapsed: 1.643 s <<< FAILURE! - in
org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest

[ERROR] 
testKeystoreForGateway(org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest)
 Time elapsed: 0.101 s  <<< ERROR!

java.lang.NullPointerException

at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testCreateGetAndCheckKeystoreForGateway(DefaultKeystoreServiceTest.java:566)

at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testKeystoreForGateway(DefaultKeystoreServiceTest.java:229)


[ERROR] 
testAddSelfSignedCertForGatewayLocalhost(org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest)
 Time elapsed: 0.189 s  <<< ERROR!

java.lang.NullPointerException

at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testAddSelfSignedCertForGateway(DefaultKeystoreServiceTest.java:520)

at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreServiceTest.testAddSelfSignedCertForGatewayLocalhost(DefaultKeystoreServiceTest.java:413)

I am a little bit concerned, but I don't know if you have build issues
like this.

Regards,
  Jeffrey E Rodriguez.

BTW my env:

mvn -version

Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
2015-11-10T08:41:47-08:00)

Maven home: /Users/jrodrigu/build/apache-maven-3.3.9

Java version: 1.8.0_211, vendor: Oracle Corporation

Java home: /Library/Java/JavaVirtualMachines/jdk1.8.0_211.jdk/Contents/Home/jre

Default locale: en_US, platform encoding: US-ASCII

OS name: "mac os x", version: "10.14.5", arch: "x86_64", family: "mac"

On Mon, Jul 8, 2019 at 12:47 PM Kevin Risden  wrote:
>
> Well - that is weird since I was 90% sure that npm should have been locally
> picked up and not the system installed one...
>
> Kevin Risden
>
>
> On Mon, Jul 8, 2019 at 3:43 PM Colm O hEigeartaigh 
> wrote:
>
> > I just removed node locally and it seems to work fine now - thanks for all
> > your help!
> >
> > Colm.
> >
> > On Mon, Jul 8, 2019 at 7:19 PM Kevin Risden  wrote:
> >
> > > Colm and Larry - the installed version of NPM shouldn't matter. You
> > should
> > > be able to remove local NPM and it should work. The frontend-maven-plugin
> > > will download NPM so it is a clean build each time if necessary (and
> > > doesn't end up on global path). It shouldn't use the locally installed
> > NPM
> > > at all.
> > >
> > > You can check the log files for the Maven build and see which NPM is
> > used.
> > > This also shouldn't matter which Java version. I have been running on
> > > Ubuntu and Mac without issues.
> > >
> > > Colm - Can you see if this reproduces without Maven? (This assumes you
> > have
> > > run the Maven frontend plugin at least once)
> > >
> > > cd gateway-admin-ui
> > > ./npm install
> > > ./npm run build-prod
> > >
> > > The above npm script is a wrapper around the one installed locally just
> > for
> > > Knox and not the global one installed on the system.
> > >
> > > Kevin Risden
> > >
> > >
> > > On Mon, Jul 8, 2019 at 1:27 PM Colm O hEigeartaigh 
> > > wrote:
> > >
> > > > Hi Larry,
> > > >
> > > > Perhaps the problem is my newer version of NPM?
> > > >
> > > > > npm -version
> > > > 5.8.0
> > > > > mvn -version
> > > > Apache Maven 3.6.1 (d66c9c0b3152b2e69ee9bac180bb8fcc8e6af555;
> > > > 2019-04-04T20:00:29+01:00)
> > > > Maven home: /home/coheig/.sdkman/candidates/maven/current
> > > > Java version: 1.8.0_212, vendor: Azul Systems, Inc., runtime:
> > > > /home/coheig/.sdkman/candidates/java/8.0.212-zulu/jre
> > > > OS name: "linux", version: "5.0.0-20-generic", arch: "amd64", family:
> > > > "unix"
> > > >
> > > > I get the same error with Java 11.
> > > >
> > > > Colm.
> > > >
> > > > On Thu, Jul 4, 2019 at 8:49 PM larry mccay  wrote:
> > > >
> > > > > I just built it successfully the same way as you on my Linux Mint
> > > machine
> > > > > with the following versions:
> > > > >
> > > > > lmccay@NordzLinux:~/Projects/knox$ npm --version
> > > > > *3.5.2*
> > > > > lmccay@NordzLinux:~/Projects/knox$ mvn --version
> > > > > *Apache Maven 3.6.0*
> > > > > Maven home: /usr/share/maven
> > > > > Java version: 10.0.2, vendor: Oracle Corporation, runtime:
> > > > > /usr/lib/jvm/java-11-openjdk-amd64
> > > > > Default locale: en_US, platform encoding: UTF-8
> > > > > OS name: "linux", version: "4.15.0-20-generic", arch: "amd64",
> > family:
> > > > > "unix"
> > > > > lmccay@NordzLinux:~/Projects/knox$ java -version
> > > > >
> > > > > Rather old version of NPM

Re: [DISCUSS] Enter the Pull Request?

2019-02-07 Thread Jeffrey Rodriguez 
+1 It is great that we are considering Pull request that would help to
increase community collaboration.
Jeffrey E Rodriguez

On Thu, Feb 7, 2019 at 3:43 PM Robert Levas 
wrote:

> +1. I think this is a great idea.
>
> On Thu, Feb 7, 2019 at 5:29 PM larry mccay  wrote:
>
> > Great list of ideas/practices there, Kevin!
> >
> > I for one would want comments added as comments to JIRA.
> > I hate coming across a JIRA that would address something that I am
> looking
> > for and then find no meaningful comments.
> >
> >
> > On Thu, Feb 7, 2019 at 4:20 PM Phil Zampino  wrote:
> >
> > > +1, let's follow good models from the community, and save ourselves
> those
> > > headaches which can be avoided.
> > >
> > > On Thu, Feb 7, 2019 at 4:17 PM Kevin Risden 
> wrote:
> > >
> > > > I think PRs are a good improvement since we get Travis CI checks by
> > > default
> > > > currently. Something that we currently don't get with patches
> > > >
> > > > If we go this route we should make sure we have the following in
> place:
> > > >
> > > >- PR Github Template with useful info
> > > >   -
> > > >
> > > >
> > >
> >
> https://help.github.com/articles/creating-a-pull-request-template-for-your-repository/
> > > >   - Livy has an example of this
> > > >- Ensure that PRs are automatically linked to JIRA
> > > >   - Not currently done today and a pain since it should happen
> > > >   automatically.
> > > >   - Calcite has this. Might be a simple INFRA ticket
> > > >- Documentation for contributors/committers
> > > >   - Committers - linked github/asf accounts, how to merge a PR
> > > >   - Contributors what to expect/updated docs to move from patch
> ->
> > PR
> > > >- Ensure that only squash/rebase/merge commits are allowed
> > > >   - Lot of nuance here and Calcite recently had INFRA disable the
> > > >   buttons for types that didn't fit their model
> > > >- Decided what to do with PR comments
> > > >   - Some projects have PR comments go directly to JIRA comments.
> > > >   - Others have them go to worklog in JIRA.
> > > >   - Others don't capture PR comments in JIRA
> > > >
> > > > So all in all in favor just need to make sure we have the plumbing in
> > > > place.
> > > > Kevin Risden
> > > >
> > > > On Thu, Feb 7, 2019 at 4:13 PM Sandeep Moré 
> > > wrote:
> > > >
> > > > > I second Phil. Personally, I am more comfortable with the patches
> > > mostly
> > > > > because of their simplistic nature but do like PRs as they are more
> > > > > community friendly (helps people review, comment, critique) and
> looks
> > > > like
> > > > > they have become OSS standard as Phil pointed out.
> > > > > So +1 from me.
> > > > >
> > > > > Best,
> > > > > Sandeep
> > > > >
> > > > > On Thu, Feb 7, 2019 at 4:06 PM Phil Zampino 
> > > wrote:
> > > > >
> > > > > > I like the PR model, and it is familiar to many who contribute to
> > OSS
> > > > > > projects. I suppose we could continue to support the patch
> attached
> > > to
> > > > a
> > > > > > Jira model, but we should encourage the PR model, IMHO.
> > > > > >
> > > > > > On Thu, Feb 7, 2019 at 4:03 PM larry mccay 
> > > wrote:
> > > > > >
> > > > > > > All -
> > > > > > >
> > > > > > > There has been interest from the Knox community in support of
> > Pull
> > > > > > Requests
> > > > > > > from github.
> > > > > > > Our move to gitbox recently makes this easier to do.
> > > > > > >
> > > > > > > What are your thoughts on enabling PRs in general?
> > > > > > > Should we support both patches in JIRA as well as github based
> > PRs?
> > > > > > >
> > > > > > > thanks,
> > > > > > >
> > > > > > > --larry
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>

Re: [VOTE] Move Apache Knox repo to Gitbox

2018-12-19 Thread Jeffrey Rodriguez 
+1
Jeffrey Rodriguez

On Wed, Dec 19, 2018 at 7:34 AM larry mccay  wrote:

> +1
>
>
> On Tue, Dec 18, 2018 at 4:44 PM Kevin Risden  wrote:
>
> > +1
> >
> > Kevin Risden
> >
> > Kevin Risden
> > On Tue, Dec 18, 2018 at 9:29 AM Sandeep Moré 
> > wrote:
> > >
> > > +1
> > >
> > > On Tue, Dec 18, 2018 at 6:12 AM  wrote:
> > >
> > > > Apache is moving off of their old Git servers (git-wip) to Gitbox.
> See
> > > > this post for details:
> > > >
> > > >
> >
> https://blogs.apache.org/infra/entry/relocation-of-apache-git-repositories
> > > >
> > > > We just finished the Apache Knox 1.2.0 release so it would be a good
> > > > time to do this. There was some initial interest on the DISCUSS
> thread
> > > > here [1].
> > > >
> > > > Please vote within the next 24 hours on whether to request an early
> > move:
> > > >
> > > > [ ] +1 to request early move
> > > > [ ]  0 for no opinion
> > > > [ ] -1 to wait (please explain why)
> > > >
> > > > [1]
> > > >
> >
> http://mail-archives.apache.org/mod_mbox/knox-dev/201812.mbox/%3CCAJU9nmjNgiJ5AHMBzQT-wQWxKjMrCdXsqqjqO6rynBngA_Xgqg%40mail.gmail.com%3E
> > > >
> > > > Kevin Risden
> > > >
> >
>

Re: [VOTE] Release Apache Knox 1.2.0 RC 4

2018-12-17 Thread Jeffrey Rodriguez 
Build RC4 Knox 1.2.0, run tests and apps.

+1 Release this package as Apache Knox 1.2.0

Regards,
   Jeffrey E Rodriguez


On Mon, Dec 10, 2018 at 12:40 PM Kevin Risden  wrote:

> Release candidate #4 for the Apache Knox 1.2.0 release is available at:
>
> https://dist.apache.org/repos/dist/dev/knox/knox-1.2.0/
>
> The release candidate is a zip archive of the sources in:
>
> https://git-wip-us.apache.org/repos/asf/knox.git
> Branch v1.2.0 (git checkout -b v1.2.0)
> Tag is v1.2.0-rc4 (git checkout -b v1.2.0-rc4)
>
> The KEYS file for signature validation is available at:
> https://dist.apache.org/repos/dist/release/knox/KEYS
>
> Please vote on releasing this package as Apache Knox 1.2.0.
> The vote is open for the next 72 hours and passes if a majority of at
> least three +1 Apache Knox PMC votes are cast.
>
> [ ] +1 Release this package as Apache Knox 1.2.0
> [ ] -1 Do not release this package because...
>
> Kevin Risden
>

Re: [VOTE] Release Apache Knox 1.2.0 RC 2

2018-11-28 Thread Jeffrey Rodriguez 
+1 , based on my review and testing.

Thanks,
Jeffrey E Rodriguez

On Wed, Nov 28, 2018 at 11:05 AM Kevin Risden  wrote:

> Release candidate #2 for the Apache Knox 1.2.0 release is available at:
>
> https://dist.apache.org/repos/dist/dev/knox/knox-1.2.0/
>
> The release candidate is a zip archive of the sources in:
>
> https://git-wip-us.apache.org/repos/asf/knox.git
> Branch v1.2.0 (git checkout -b v1.2.0)
> Tag is v1.2.0-rc2 (git checkout -b v1.2.0-rc2)
>
> The KEYS file for signature validation is available at:
> https://dist.apache.org/repos/dist/release/knox/KEYS
>
> Please vote on releasing this package as Apache Knox 1.2.0.
> The vote is open for the next 72 hours and passes if a majority of at
> least three +1 Apache Knox PMC votes are cast.
>
> [ ] +1 Release this package as Apache Knox 1.2.0
> [ ] -1 Do not release this package because...
>
> Kevin Risden
>

Re: [VOTE] Release Apache Knox 1.0.0 RC-2

2018-02-01 Thread Jeffrey Rodriguez 
Thanks for a quick Knox 1.0.0 RC2

+1

Regards,
Jeffrey Rodriguez

On Thu, Feb 1, 2018 at 7:52 AM, Sandeep More <moresand...@gmail.com> wrote:

> Thanks Larry for quickly spinning up RC2.
>
> +1
>
> * Downloaded and built from source (with Java 1.8.0_101)
> * Checked LICENSE and NOTICE files
> * Verified GPG/MD5/SHA signatures for Knox source, Knox and Knoxshell
> release packages (zip files)
> * Installed pseudo-distributed instance (Mac OS X )
> * Ran through knox tests
> * Checked websocket functionality
> * Checked Topology Port Mapping feature
> * Checked KnoxShell samples
> * Checked KnoxSSO
> * Checked the UI (read only for generated topologies)
>
> Best,
> Sandeep
>
> On Thu, Feb 1, 2018 at 12:34 AM, larry mccay <lmc...@apache.org> wrote:
>
> > A candidate for the Apache Knox 1.0.0 release is available at:
> >
> > https://dist.apache.org/repos/dist/dev/knox/knox-1.0.0/
> >
> > The release candidate is a zip archive of the sources in:
> >
> > https://git-wip-us.apache.org/repos/asf/knox.git
> > Branch v1.0.0 (git checkout -b v1.0.0)
> > Git Tag: v1.0.0-rc2
> >
> > The KEYS file for signature validation is available at:
> > https://dist.apache.org/repos/dist/release/knox/KEYS
> >
> > Please vote on releasing this package as Apache Knox 1.0.0.
> >
> > This release is nearly identical to 0.14.0 with the exception of:
> >
> > * repackaging of the classes to remove "hadoop" from the package
> > names
> > * handful of patches for rounding out service discovery
> > and topology generation
> > * moved the Apache Hadoop dependency to Hadoop 3.0
> >
> > The vote is open for the next 72 hours and passes if a majority of at
> > least three +1 Apache Knox PMC votes are cast.
> >
> > [ ] +1 Release this package as Apache Knox 1.0.0
> > [ ] -1 Do not release this package because...
> >
>

Re: [VOTE] Release Apache Knox 1.0.0 RC-1

2018-01-28 Thread Jeffrey Rodriguez 
+1

On Saturday, January 27, 2018, larry mccay  wrote:

> A candidate for the Apache Knox 1.0.0 release is available at:
>
> https://dist.apache.org/repos/dist/dev/knox/knox-1.0.0/
>
> The release candidate is a zip archive of the sources in:
>
> https://git-wip-us.apache.org/repos/asf/knox.git
> Branch v1.0.0 (git checkout -b v{gateway-version})
>
> The KEYS file for signature validation is available at:
> https://dist.apache.org/repos/dist/release/knox/KEYS
>
> Please vote on releasing this package as Apache Knox 1.0.0.
>
> This release is nearly identical to 0.14.0 with the exception of:
>
> * repackaging of the classes to remove "hadoop" from the package
> names
> * handful of patches for rounding out service discovery
> and topology generation
> * moved the Apache Hadoop dependency to Hadoop 3.0
>
> The vote is open for the next 72 hours and passes if a majority of at
> least three +1 Apache Knox PMC votes are cast.
>
> [ ] +1 Release this package as Apache Knox 1.0.0
> [ ] -1 Do not release this package because...
>

Re: [VOTE] Release Apache Knox 0.14.0 rc 2

2017-12-11 Thread Jeffrey Rodriguez 
Great release.
+1 Release this package as Apache Knox 0.14.0

Jeffrey E Rodriguez
Apache Knox PMC

On Wed, Dec 6, 2017 at 6:07 PM, larry mccay  wrote:

> All -
>
> A new candidate for the Apache Knox 0.14.0 release is available at:
>
> https://dist.apache.org/repos/dist/dev/knox/knox-0.14.0/
>
> The release candidate is a zip archive of the sources in:
>
> https://git-wip-us.apache.org/repos/asf/knox.git
> Branch v0.14.0 (git checkout -b v{gateway-version})
>
> The KEYS file for signature validation is available at:
> https://dist.apache.org/repos/dist/release/knox/KEYS
>
> On of the main features of this release is the Service Discovery
> and autosync of remote config and service information from Apache Ambari.
>
> There is a wiki available to help test this new set of features [1]. Please
> consider testing this out with your test environments.
>
> Please vote on releasing this package as Apache Knox 0.14.0.
> The vote is open for the next 72 hours and passes if a majority of at
> least three +1 Apache Knox PMC votes are cast.
>
> [ ] +1 Release this package as Apache Knox 0.14.0
> [ ] -1 Do not release this package because...
>
> thanks!
>
> --larry
>
> 1.
> https://cwiki.apache.org/confluence/display/KNOX/Apache+Knox+Dynamic+
> Configuration+End-to-End
>

[jira] [Commented] (KNOX-842) Add support for Livy (Spark REST Service)

2017-11-02 Thread Jeffrey Rodriguez (JIRA) 

[ 
https://issues.apache.org/jira/browse/KNOX-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16235322#comment-16235322
 ] 

Jeffrey Rodriguez commented on KNOX-842:


Opened 
https://issues.apache.org/jira/browse/KNOX-1098  to address no proxyUser value 
pair limitation.

> Add support for Livy (Spark REST Service) 
> --
>
> Key: KNOX-842
> URL: https://issues.apache.org/jira/browse/KNOX-842
> Project: Apache Knox
>  Issue Type: Improvement
>  Components: Server
>Reporter: Sam Hjelmfelt
>Assignee: Jeffrey E  Rodriguez
>Priority: Major
> Fix For: 0.14.0
>
> Attachments: KNOX-842.001.patch
>
>
> http://livy.io/
> Here is an example of a Livy Knox service implementation:
> https://community.hortonworks.com/articles/70499/adding-livy-server-as-service-to-apache-knox.html
> The Livy service will need to support Kerberos and load balancing



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (KNOX-1098) Livy Service Json body proxyUser property should be added when not present.

2017-11-02 Thread Jeffrey Rodriguez (JIRA) 
Jeffrey Rodriguez created KNOX-1098:
---

 Summary: Livy Service Json body proxyUser property should be added 
when not present.
 Key: KNOX-1098
 URL: https://issues.apache.org/jira/browse/KNOX-1098
 Project: Apache Knox
  Issue Type: Bug
  Components: Server
Affects Versions: 0.11.0, 0.13.0
Reporter: Jeffrey Rodriguez
Priority: Major
 Fix For: 0.14.0


Current Knox Livy service will replace the value pair proxyUser, user to 
impersonate when running the job ,  with the value of the user that Knox has 
authenticated,

If the proxyUser value pair doesn't exist the rewrite rule will not add the 
proxyUser value pair.

This Jira addresses the last statement.

1. If proxyUser exist then we should still replace value with authenticated 
user.
2. if proxyUser doesn't exist we will add a proxyUser value pair with the 
authenticated user.






--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (KNOX-842) Add support for Livy (Spark REST Service)

2017-11-02 Thread Jeffrey Rodriguez (JIRA) 

[ 
https://issues.apache.org/jira/browse/KNOX-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16235268#comment-16235268
 ] 

Jeffrey Rodriguez commented on KNOX-842:


Larry McKay and Kevin Riesden.
I agree with Kevin.
Larry, I will get the following:
1. Update/Verify patch.
2. Document the service and the current limitation.
3. Open a Jira to address the userProxy limitation.

> Add support for Livy (Spark REST Service) 
> --
>
> Key: KNOX-842
> URL: https://issues.apache.org/jira/browse/KNOX-842
> Project: Apache Knox
>  Issue Type: Improvement
>  Components: Server
>Reporter: Sam Hjelmfelt
>Assignee: Jeffrey E  Rodriguez
>Priority: Major
> Fix For: 0.14.0
>
> Attachments: KNOX-842.001.patch
>
>
> http://livy.io/
> Here is an example of a Livy Knox service implementation:
> https://community.hortonworks.com/articles/70499/adding-livy-server-as-service-to-apache-knox.html
> The Livy service will need to support Kerberos and load balancing



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Comment Edited] (KNOX-842) Add support for Livy (Spark REST Service)

2017-10-20 Thread Jeffrey Rodriguez (JIRA) 

[ 
https://issues.apache.org/jira/browse/KNOX-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16213286#comment-16213286
 ] 

Jeffrey Rodriguez edited comment on KNOX-842 at 10/20/17 9:42 PM:
--

I will open a new Jira for adding the userProxy.
I think we should get the Livy servers push.
We should also open another Jira for the client and for doc.



was (Author: jeffrey...@gmail.com):
I will open a new Jira for adding the userProxy.
I think we should get the Livy servers push.
We should also open another Jira for the client .

> Add support for Livy (Spark REST Service) 
> --
>
> Key: KNOX-842
> URL: https://issues.apache.org/jira/browse/KNOX-842
> Project: Apache Knox
>  Issue Type: Improvement
>  Components: Server
>Reporter: Sam Hjelmfelt
>Assignee: Jeffrey E  Rodriguez
> Fix For: 0.14.0
>
> Attachments: KNOX-842.001.patch
>
>
> http://livy.io/
> Here is an example of a Livy Knox service implementation:
> https://community.hortonworks.com/articles/70499/adding-livy-server-as-service-to-apache-knox.html
> The Livy service will need to support Kerberos and load balancing



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (KNOX-842) Add support for Livy (Spark REST Service)

2017-10-20 Thread Jeffrey Rodriguez (JIRA) 

[ 
https://issues.apache.org/jira/browse/KNOX-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16213286#comment-16213286
 ] 

Jeffrey Rodriguez commented on KNOX-842:


I will open a new Jira for adding the userProxy.
I think we should get the Livy servers push.
We should also open another Jira for the client .

> Add support for Livy (Spark REST Service) 
> --
>
> Key: KNOX-842
> URL: https://issues.apache.org/jira/browse/KNOX-842
> Project: Apache Knox
>  Issue Type: Improvement
>  Components: Server
>Reporter: Sam Hjelmfelt
>Assignee: Jeffrey E  Rodriguez
> Fix For: 0.14.0
>
> Attachments: KNOX-842.001.patch
>
>
> http://livy.io/
> Here is an example of a Livy Knox service implementation:
> https://community.hortonworks.com/articles/70499/adding-livy-server-as-service-to-apache-knox.html
> The Livy service will need to support Kerberos and load balancing



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Fix Version Clean Up

2017-10-03 Thread Jeffrey Rodriguez 
+1 I will spend some time and do my dues too.
Jeff

On Tue, Oct 3, 2017 at 6:43 PM, Sandeep More  wrote:

> +1
>
> Thanks Larry for the clean up, will keep an eye on the new JIRAs to make
> sure we have proper version on it.
>
> Best,
> Sandeep
>
> On Tue, Oct 3, 2017 at 9:29 PM, larry mccay  wrote:
>
> > All -
> >
> > I've just gone through all of the Open JIRAs that were filed without Fix
> > Versions ~60 or so and added most to 0.14.0.
> >
> > We now have way more that we will be able to address by end of oct for
> > 0.14.0/1.0.0 but as we close down on that release we will just move them
> > out to 0.15.0 or 1.1.0. Since I don't know for sure that we are going to
> be
> > ready for 1.0.0, I couldn't make that call today.
> >
> > There were a bunch of JIRAs with patches available without a Fix Version.
> >
> > I will try and keep a better eye out for these and would encourage others
> > to do the same. Let's make sure new ones come in for the current release.
> > They are too easy to fall through the cracks otherwise.
> >
> > thanks,
> >
> > --larry
> >
>

Re: Suggested first commit

2017-08-29 Thread Jeffrey Rodriguez 

Thanks Larry.
I just updated the developer list.

Regards,
 Jeffrey E Rodrigue


Jeffrey E. Rodriguez - jeffr...@us.ibm.com

Big Data Engineer/Tech Security  Security Leader - DSX Local - Open Source
Contributor/Committer
IBM Silicon Valley Lab - 555 Bailey Ave., San Jose, CA 95161
408-463-5089   t/l  543-5089




From:   larry mccay <lmc...@apache.org>
To: Jeffrey Rodriguez <jeffr...@us.ibm.com>, dev@knox.apache.org
Date:   08/29/2017 12:11 PM
Subject:Suggested first commit



Hi Jeffrey -

I've added you to committers groups for git and svn access and for JIRA.

It would be good to test out your new karma with an update to the team list
on the site.
Please add yourself as a PMC to the pom.xml for the site/docs project.

Just find one of the others to use as an example.

Something like the following should work:

svn up
vi ./trunk/pom.xml
ant
ant review
svn ci --message "Updating team list as initial commit"

thanks!

--larry

Re: [DISCUSS] Planning for Apache Knox 0.13.0 (1.0.0) Release

2017-06-26 Thread Jeffrey Rodriguez 
Thanks for you efforts to resolve the encoding issues.

Being that most of this changes were introduce to help with Ambari URL
mapping.

These changes cause some grief to us (my team) when moving to Knox 0.11.0
and some of the UIs we supported would break.

Instead of making such a general changes and being that UIs don't follow a
spec. thus we may run into special cases. It would have been nice to make
the encoding an "optional" attribute thus the changes could have been made
just for Ambari  UI URL or any other UI that require these changes for
encoding.

On a related topic, it is very hard to support different versions of the UI
even with versioning. The issue is that most of the times we don't know
what has changed and rules that used to work may not work. Here is the need
to have a tool to test the UI in a systematic way. We thought of a crawling
tool but that presented other challenges. I bring this up so we may discuss
UI rewrites which different of REST which are APIs change from version to
version,  also UI page are more complex in style and way to manipulate
requests/responses.

Regards,
Jeff Rodriguez




On Mon, Jun 26, 2017 at 8:47 AM, larry mccay  wrote:

> While working on the encoding issues, we have had a number of JIRAs filed
> for updated UI service definitions.
> I know this happens to be a sore spot for many deployments since many have
> become obsolete.
> UIs are such a moving target.
>
> I would like to try and wait to get these patches in for the 0.13.0
> release.
>
> We also have some additional verification of the encoding fix outstanding
> and we are waiting treating this as a blocker for the release.
>
> I will be making another pass through the open JIRAs shortly in order to
> push things out to the next release for managing scope of 0.13.0.
>
> Thank you for your patience!
>
> On Thu, Jun 8, 2017 at 9:12 AM, larry mccay  wrote:
>
> > All -
> >
> > Just an FYI - I am currently trying to resolve a number of url encoding
> > related issues that were introduced by a change to get proxying of Ambari
> > UI working properly.
> >
> > Personally, I feel this is a blocker and would like to get a fix in for
> > 0.13.0.
> > At the same time, we may determine that most of the issues are edge cases
> > or at least not very common.
> > I am aware of WebHDFS issues with spaces in the filename or path and
> HBase
> > related issues where reserved characters such as '/' are being used.
> >
> > It appears that this has been introduced by trying to accommodate
> Ambari's
> > use of an unwise character '|' in its URLs.
> > A general approach of encoding and decoding the URL has led to a number
> of
> > inconsistencies with what the backend services expect.
> >
> > I will attempt to find the most surgical and least invasive fix for this
> > issue as to reduce risk for 0.13.0 closedown.
> >
> > thanks,
> >
> > --larry
> >
> > On Wed, May 24, 2017 at 9:49 AM, Sandeep More 
> > wrote:
> >
> >> Ah ! got it.
> >>
> >>
> >> On Wed, May 24, 2017 at 9:46 AM, larry mccay  wrote:
> >>
> >>> Actually, what I am proposing is that we *branch* on Monday and double
> >>> commit as necessary in order to close down before the rc and through
> the
> >>> release process. I'd like to get to a rc by the end of next week - 6/2
> - if
> >>> not sooner.
> >>>
> >>> We will also likely need to double commit bug fixes to master and
> 0.13.0
> >>> branch for some time in case we need a new 0.13.x release to avoid the
> >>> 1.0.0 refactoring for existing deployments.
> >>>
> >>> On Wed, May 24, 2017 at 9:29 AM, Sandeep More 
> >>> wrote:
> >>>
>  Hello Larry,
> 
>  Thanks for starting the discussion, given that we are away from the
>  target date just by a week I too think that releasing 0.13.0 on
> Monday and
>  then working towards 1.0.0 (package refactoring) would be a good
> idea. One
>  upshot of this is that we don't have to double commit as we had
> initially
>  thought :)
> 
>  Best,
>  Sandeep
> 
>  On Tue, May 23, 2017 at 4:44 PM, larry mccay 
> wrote:
> 
> > All -
> >
> > As we targeted a 5/31 date for the release of 0.13.0, I think we need
> > to look at managing the current scope for 0.13.0 as well as the plan
> for a
> > 1.0.0 again.
> > Since we are just a week away from the target date, I think that
> > refactoring the package names for the 1.0.0 release at the same time
> is a
> > stretch.
> >
> > We currently have 22 or so JIRAs and will not be able to get them all
> > into 0.13.0.
> > What do you think about the following:
> >
> > * We manage the existing scope over the rest of this week.
> > * I will post comments on some JIRAs about potentially moving them
> out
> > and without any movement will move them out by Friday 26th.
> > * JIRAs that I think

[jira] [Commented] (KNOX-788) Apache Atlas Admin UI Support through Knox

2017-04-27 Thread Jeffrey Rodriguez (JIRA) 

[ 
https://issues.apache.org/jira/browse/KNOX-788?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15987119#comment-15987119
 ] 

Jeffrey Rodriguez commented on KNOX-788:


Thanks Chandana.

> Apache Atlas Admin UI Support through Knox
> --
>
> Key: KNOX-788
> URL: https://issues.apache.org/jira/browse/KNOX-788
> Project: Apache Knox
>  Issue Type: New Feature
>  Components: Server
>Reporter: Jeffrey E  Rodriguez
>Assignee: Chandana Mirashi
> Fix For: 0.13.0
>
>
> Apache Atlas Admin UI Support through Knox.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

KNOX-751 - rewrite function for OUTPUT rewrite to get query parameter.

2017-03-28 Thread Jeffrey Rodriguez 
Hi folks,

 The usage for this solution is to be able to add an obtain an inbound
request query parameter so in the OUTPUT rewrite we can access it. This
allow us to attach the query parameter which may have information we may
want to use on the content of the OUTPUT rewrite.

In Knox, we would create one single service definition with a one url. This
map one-to-one a service definition to one service. Let’s say we want to
use Knox with multiple instances of a service, for example we may have
multiple DataNodes UIs (on port 50075). We could support this case by:

1.Creating a topology service definition to one of the DataNodes.

2.From the UI supporting the links to multiple DataNode hosts we could
do:

a.Link to DataNode1 can be IN rewritten using Knox to the hostname of
DataNode1, and we add the hostname to query parameter.

b.Link to DataNode2 can be IN rewritten using Knox to the hostname of
DataNode2. And we add the hostname to query parameter.

c. …….

3.Then when response is OUT rewritten.

a.We can attach using the function of this Jira to the query parameter
passed to the URI content (in this case HTML href).

b.…..

4.Since we have the parameter on the query (and the links are rewritten
to go through Knox) we can do the same as step 2, and forward to the host
defined in query parameter thus supporting multiple instances.

One advantage of this solution is to we can add a new datanode and we would
be able to proxy to it without modifying the topology.

One improvement for this Jira KNOX-751  would be to encrypt the value of
the query parameter we are passing. I may explore opening this additional
Jira.



The places where I found the need of this two function are: In the HDFS UI
links to DataNodes, and the links of the Yarn RM UI to their local logs. (
I will upload these into additional Jiras to update the service definitions
for URI that we previously contributed).


Thank you very much for your feedback.


Jeffrey E Rodriguez Viana

[jira] [Commented] (KNOX-618) Rewrite function for accessing header values

2016-03-29 Thread Jeffrey Rodriguez (JIRA) 

[ 
https://issues.apache.org/jira/browse/KNOX-618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15217037#comment-15217037
 ] 

Jeffrey Rodriguez commented on KNOX-618:


Thanks Kevin.
The issue manifest in the case of pages in a cluster like Yarn Resource
Manager UI:  http://myrm.com:8088,
this page contains links to Yarn Node Managers: http://mynm1.com:8042,
http://mynm2.com, http://mynm3.com.

The Resource Manager page has links to the Node Managers.

We defined  two roles RMUI service:


   RMUI
http://myrm.com:8088


  NMUI
http://mynm1.com:8042



1. During RM UI page output
In the page we may have content like  embedded script with href=
http://mynm2.com:8042
We want to be able to rewrite  href=http://mynm2.com:8042 to
https://knoxhost:knoxport/gateway/rmui/rm?{host=mynm2.com}?{port=8042

2. When we click
https://knoxhost:knoxport/gateway/rmui/rm?{host=mynm2.com}?{port=8042}
we apply an IN rewrite rule to access http://mynm2.com:8042.

3. The issue is that on the response to 2, we need to rewrite the href
content with the same method we apply in 2., add query params rm?{host=
mynm2.com}?{port=8042}

e.g.
mynm2.com web page  href="/logs" we want to apply a rule to include service
Host header (Header = mynm2.com ) so href will end up as /logs??{host=
mynm2.com}?{port=8042}

Then when we user clicks that link it will be rewritten to
http://mynm2.com:8042/logs

Unfortunately  $serviceUrl[NODEUI] would not work since it would have the
wrong NMUI host: http://mynm1.com:8042

So something like this would help





So I think that KNOX-618 may work for me. I can give a try to the parch you
just posted.

The other issue I want to discuss is the fact that the some of the user
interfaces usually refer to more than one server like in the case of Yarn
Resurce manager (refers to nodemanagers). and HBase Master UI (refers also
to region servers).

Even though I could have created more than one role like :


  NMUI1
http://mynm1.com:8042


  NMUI2
http://mynm2.com:8042


  NMUI3
http://mynm3.com:8042


The issue is that during output rewrite there is very little I can do since
the information of the namenode hosts is already hardwired by the Yarn RM
UI.

There has to be a better way to deal with proxying to a  Server which
refers to other servers.

Regards,

Jeff Rodriguez

On Tue, Mar 29, 2016 at 2:43 PM, Kevin Minder (JIRA) <j...@apache.org>



> Rewrite function for accessing header values
> 
>
> Key: KNOX-618
> URL: https://issues.apache.org/jira/browse/KNOX-618
> Project: Apache Knox
>  Issue Type: New Feature
>  Components: Server
>Affects Versions: 0.6.0
>Reporter: Kevin Minder
>Assignee: Kevin Minder
>Priority: Minor
> Fix For: Future
>
> Attachments: KNOX-618_001.patch
>
>
> I recently ran into a situation where it would have been useful to have 
> access to header values in the rewrite rules.  In particular it would be 
> useful sometimes to API version with a header like this.
> {code}
> 
>  template=""{scheme}://{host}:{port}/api/{$header[version]}/{path}?{**}""/>
> 
> {code}
> As implied above the rewrite function plugin model seems like an excellent 
> way to provide basic access to header information.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: Can Knox Work without LDAP -- Adding PAM Module into Knox

2015-07-15 Thread Jeffrey Rodriguez 
Thanks Tanping, I am happy to see you also agree with that.
Regards,
   Jeff

On Tue, Jul 14, 2015 at 10:22 PM, Tanping Wang tanpi...@gmail.com wrote:

 It seems that we all agree that PAM support for Knox. is very valuable to
 have.  Just created the JIRA:
 https://issues.apache.org/jira/browse/KNOX-568

 Jeff,
 Please upload the design and patch for the Knox community to review.
 Please make sure to add unit test.

 Regards,
 Tanping

 On Tue, Jul 14, 2015 at 10:13 PM, Tanping Wang tanpi...@gmail.com wrote:

  Hi, Kevin,
  The PAM module implementation request was customer driven.  We had
  customer requests on using LDAP with nest OU.  We also had requests from
  the field that they do not want to Knox authentication to work against
  LDAP.  One of the reasons being that the SSL cert generated by Knox is
  self-signed and we are having issues, for example, with the weak DH
 cipher
  key problems starting on Firefox.  So our thought was that if this is
 just
  for demo purpose anyway, we could just use the base OS to authenticate
 once
  PAM module is supported.  With the PAM module implementation, we can have
  both:
  1) LDAP nested OU support
  2) Simple authentication based on base Unix.
 
  Kevin, to answer your question:  I think we are good for now without set
  up credentials directly on the topology files for demo purpose.  Would
 like
  to hear your opinions too.
 
  Regards,
  Tanping
 
  On Tue, Jul 14, 2015 at 12:25 PM, Kevin Minder 
  kevin.min...@hortonworks.com wrote:
 
  Hi,
 
  We would be very interested in a PAM module for Knox.  Did some quick
  searching and found this: https://github.com/plaflamme/shiro-libpam4j
 
  We have done some experimentation with very simple demo setups with
  credentials directly in topology files but decided against promoting it.
  If this were something you were interested in I could re-figure this
 out.
 
  We've also been looking into buji-pac4j for several other authentication
  models (e.g. OAuth, CAS, OpenID, SAML, etc).  The limiting issue is that
  they aren’t really targeting at active profile REST API use as far as we
  have been able to determine.
 
  Kevin.
 
 
 
  On 7/14/15, 3:09 PM, Tanping Wang tanpi...@gmail.com wrote:
 
  Hi, folks,
  Today Knox can not work without LDAP.  For demo purpose that we would
  like
  to demonstrate that Knox can work with simple authentication, for
  example,
  base Unix OS authentication.  I believe this is not possible today?
  Please
  correct me if I am wrong.  We are working on adding a PAM module to
  Knox's
  shiro framework, so that Knox can
  1) authenticate against base Unix OS -- for demo purpose only
  2) more importantly, nested OU would work for LDAP.
  
  Regards,
  Tanping

Re: [jira] [Created] (KNOX-566) Knox Jetty server is vulnerable to Logjam vulnerability

2015-07-13 Thread Jeffrey Rodriguez 
No nothing else to other than restarting Knox.

On Monday, July 13, 2015, Larry McCay (JIRA) j...@apache.org wrote:


 [
 https://issues.apache.org/jira/browse/KNOX-566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14625720#comment-14625720
 ]

 Larry McCay commented on KNOX-566:
 --

 Interesting!

 [~jeffreyr97] - did you have to do anything else at all?

  Knox Jetty server is vulnerable to Logjam vulnerability
  ---
 
  Key: KNOX-566
  URL: https://issues.apache.org/jira/browse/KNOX-566
  Project: Apache Knox
   Issue Type: Bug
 Affects Versions: 0.5.0
  Environment: Red Hat Enterprise Linux Server release 6.4
 (Santiago)
 Reporter: Jeffrey E  Rodriguez
  Fix For: 0.7.0
 
 
  See description of logjam
  The Logjam Attack
  https://weakdh.org/
  To test you should do:
  [root@bdvs1392 logs]# openssl s_client -connect
 bdvs1392.svl.ibm.com:8443 -cipher EDH | grep Server Temp Key
  depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN =
 bdvs1392.svl.ibm.com
  verify error:num=18:self signed certificate
  verify return:1
  depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN =
 bdvs1392.svl.ibm.com
  verify return:1
  Server Temp Key: DH, 768 bits
  The key should = 1024



 --
 This message was sent by Atlassian JIRA
 (v6.3.4#6332)