Re: [DISCUSS] Slack Channel Use

[Otto Fowler]

What we need is a slackbot where you can:

- start a discuss thread, that will get sent to email list
- listen to emails ( be on the list ) and post any discuss thread replies
not from slack TO slack
- add tagged comments to discuss thread

the list-slack singularity



On November 12, 2018 at 11:49:15, Scott C. Cote (scottcc...@gmail.com)
wrote:

I realize that I’m a “new kid” here, but I think you can have your cake and
eat it too…..

If I can create it, find it, or configure it, perhaps the really best way
is to be able to either:

1) dump public slack conversations to the developer thread - arbitrarily
2) dump public slack conversations to the user thread - IFF the
thread/conversation was tagged #user (or equivalent)

Slack is a wonderful tool for facilitating discussions - I cannot emphasize
how often spam filters and the inherent slowness email servers - have
interfered with rapid conversations. Additionally, the big “ask” of any
resolution on slack - has been “can you put this in the email thread”. Goes
without saying that the even bigger ask has been - can this be contributed
to the documentation.

I strongly recommend that you streamline the flow of information from Slack
to the list archives.

SCott
Scott C. Cote
scottcc...@gmail.com
972.900.1561

twitter: @scottccote



> On Nov 12, 2018, at 9:07 AM, Justin Leet  wrote:
>
> I wanted to add back onto this thread after putting some more thought
into
> it.
>
> I like Slack for the type of small developer "what's going on here?" type
> discussions. That's the kind of thing I like being real-time ("Hey, full
> dev is acting weird", "What's the basic layout of this stuff?", "Anybody
> else seen this test failure?", etc.). I think we've been pretty good
about
> keeping our decision type dev discussions to the list (e.g. this exact
> conversation).
>
> We've been doing this more, but I would like to see more of the user and
> troubleshooting move to the list. I think we've gotten a bit better about
> it as we've settled into Slack, but having that sort of helpful stuff
> exposed and searchable for users who come in afterwards is a big selling
> point of the lists, imo.
>
> To add onto this, I'd probably like to see
>
https://cwiki.apache.org/confluence/display/METRON/Community+Resources#CommunityResources-ApacheMetronCommunityResources
> (and any other relevant links) updated to emphasize a Slack focus on
> developing Metron itself, and the user lists for configuration,
> troubleshooting, etc.
>
> Essentially, I'm proposing:
> Dev list / Jira / PRs as usual for any actual decisions + concrete
feature
> discussion/review.
> Slack for Metron development "Hey, anyone seen this or have insight or a
> starting point?" and "I'm seeing something weird in our tests" type stuff
> User list for usage and troubleshooting questions. Generally, discussions
> like this in Slack should be redirected to the user list.
>
> Is this a reasonable way separate our concerns here?
>
> On Wed, Oct 24, 2018 at 11:37 AM Michael Miklavcic <
> michael.miklav...@gmail.com> wrote:
>
>> Yeah, I'm also surprised by that comment about the mailing list
activity.
>> Our dev/user list discussions are by far more active than they've ever
>> been. Just have a look at the list of DISCUSS threads that have come up
in
>> the past few months and it's clear that not only participation has
>> increased, but diversity of topic and participant.
>>
>> On Wed, Oct 24, 2018 at 8:08 AM Casey Stella  wrote:
>>
>>> Not for nothing, but at least according to the last board report that I
>>> submitted, the user@ traffic is up 100% and the dev list traffic is
flat
>>> as
>>> compared to last quarter. That's not to say that we couldn't stand more
>>> discussion on the lists, but a lot of the dev discussion happens on
>> github
>>> and JIRA and I'm happy to see an uptick in user traffic.
>>>
>>> On Wed, Oct 24, 2018 at 10:05 AM Otto Fowler 
>>> wrote:
>>>
 I wouldn’t be so quick to related the slack discussion with perceived
 activity on the list.
 That is more do to the other things that are bigger issues.


 On October 24, 2018 at 07:15:30, Nick Allen (n...@nickallen.org)
>> wrote:

> I have heard recently people thought Metron is sort of dead just
>>> because
 the mailing list is not so active anymore!

 That is exactly my concern.


 On Wed, Oct 24, 2018, 2:49 AM Ali Nazemian 
>>> wrote:

> I kind of expect to have Slack for more dev related discussions
>> rather
 than
> user QA. I guess it is quite common to expect mailing list to be used
>>> for
> the purpose of knowledge sharing to make sure it will be accessible
>> by
> other users as well. Of course, it is a trade-off that most of the
>>> other
> Apache projects decided to accept the risk of keeping user related
> discussions out of Slack/IRC. However, it sometimes happens to see
>> the
> mixture of questions coming to Slack. I have heard recently people
 

Re: [DISCUSS] Slack Channel Use

[zeo...@gmail.com]

Spot on Justin, I totally agree.  My only nit is that often it's much
easier troubleshooting in Slack as opposed to the mailing lists, so I'm
game to allow some troubleshooting in Slack as long as the issue and
resolution makes it back to the lists.  Given that slack message history is
being kept (although to what degree I'm not sure), we could fairly easily
link to the start of a discussion in slack in the wrap-up mailing list
email for future reference.

Jon

On Mon, Nov 12, 2018 at 2:08 PM Casey Stella  wrote:

> Piling on, +1 to what Justin said.
>
> On Mon, Nov 12, 2018 at 12:42 PM Michael Miklavcic <
> michael.miklav...@gmail.com> wrote:
>
> > I'm also +1 to Justin's points.
> >
> > On Mon, Nov 12, 2018 at 10:38 AM Nick Allen  wrote:
> >
> > > +1 to all your points Justin.
> > >
> > > On Mon, Nov 12, 2018 at 10:08 AM Justin Leet 
> > > wrote:
> > >
> > > > I wanted to add back onto this thread after putting some more thought
> > > into
> > > > it.
> > > >
> > > > I like Slack for the type of small developer "what's going on here?"
> > type
> > > > discussions.  That's the kind of thing I like being real-time ("Hey,
> > full
> > > > dev is acting weird", "What's the basic layout of this stuff?",
> > "Anybody
> > > > else seen this test failure?", etc.).  I think we've been pretty good
> > > about
> > > > keeping our decision type dev discussions to the list (e.g. this
> exact
> > > > conversation).
> > > >
> > > > We've been doing this more, but I would like to see more of the user
> > and
> > > > troubleshooting move to the list.  I think we've gotten a bit better
> > > about
> > > > it as we've settled into Slack, but having that sort of helpful stuff
> > > > exposed and searchable for users who come in afterwards is a big
> > selling
> > > > point of the lists, imo.
> > > >
> > > > To add onto this, I'd probably like to see
> > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/METRON/Community+Resources#CommunityResources-ApacheMetronCommunityResources
> > > > (and any other relevant links) updated to emphasize a Slack focus on
> > > > developing Metron itself, and the user lists for configuration,
> > > > troubleshooting, etc.
> > > >
> > > > Essentially, I'm proposing:
> > > > Dev list / Jira / PRs as usual for any actual decisions + concrete
> > > feature
> > > > discussion/review.
> > > > Slack for Metron development "Hey, anyone seen this or have insight
> or
> > a
> > > > starting point?" and "I'm seeing something weird in our tests" type
> > stuff
> > > > User list for usage and troubleshooting questions.  Generally,
> > > discussions
> > > > like this in Slack should be redirected to the user list.
> > > >
> > > > Is this a reasonable way separate our concerns here?
> > > >
> > > > On Wed, Oct 24, 2018 at 11:37 AM Michael Miklavcic <
> > > > michael.miklav...@gmail.com> wrote:
> > > >
> > > > > Yeah, I'm also surprised by that comment about the mailing list
> > > activity.
> > > > > Our dev/user list discussions are by far more active than they've
> > ever
> > > > > been. Just have a look at the list of DISCUSS threads that have
> come
> > up
> > > > in
> > > > > the past few months and it's clear that not only participation has
> > > > > increased, but diversity of topic and participant.
> > > > >
> > > > > On Wed, Oct 24, 2018 at 8:08 AM Casey Stella 
> > > wrote:
> > > > >
> > > > > > Not for nothing, but at least according to the last board report
> > > that I
> > > > > > submitted, the user@ traffic is up 100% and the dev list traffic
> > is
> > > > flat
> > > > > > as
> > > > > > compared to last quarter.  That's not to say that we couldn't
> stand
> > > > more
> > > > > > discussion on the lists, but a lot of the dev discussion happens
> on
> > > > > github
> > > > > > and JIRA and I'm happy to see an uptick in user traffic.
> > > > > >
> > > > > > On Wed, Oct 24, 2018 at 10:05 AM Otto Fowler <
> > > ottobackwa...@gmail.com>
> > > > > > wrote:
> > > > > >
> > > > > > > I wouldn’t be so quick to related the slack discussion with
> > > perceived
> > > > > > > activity on the list.
> > > > > > > That is more do to the other things that are bigger issues.
> > > > > > >
> > > > > > >
> > > > > > > On October 24, 2018 at 07:15:30, Nick Allen (
> n...@nickallen.org)
> > > > > wrote:
> > > > > > >
> > > > > > > > I have heard recently people thought Metron is sort of dead
> > just
> > > > > > because
> > > > > > > the mailing list is not so active anymore!
> > > > > > >
> > > > > > > That is exactly my concern.
> > > > > > >
> > > > > > >
> > > > > > > On Wed, Oct 24, 2018, 2:49 AM Ali Nazemian <
> > alinazem...@gmail.com>
> > > > > > wrote:
> > > > > > >
> > > > > > > > I kind of expect to have Slack for more dev related
> discussions
> > > > > rather
> > > > > > > than
> > > > > > > > user QA. I guess it is quite common to expect mailing list to
> > be
> > > > used
> > > > > > for
> > > > > > > > the purpose of knowledge sharing to make sure it will be
> > > accessible
> 

Re: [DISCUSS] Slack Channel Use

[Casey Stella]

Piling on, +1 to what Justin said.

On Mon, Nov 12, 2018 at 12:42 PM Michael Miklavcic <
michael.miklav...@gmail.com> wrote:

> I'm also +1 to Justin's points.
>
> On Mon, Nov 12, 2018 at 10:38 AM Nick Allen  wrote:
>
> > +1 to all your points Justin.
> >
> > On Mon, Nov 12, 2018 at 10:08 AM Justin Leet 
> > wrote:
> >
> > > I wanted to add back onto this thread after putting some more thought
> > into
> > > it.
> > >
> > > I like Slack for the type of small developer "what's going on here?"
> type
> > > discussions.  That's the kind of thing I like being real-time ("Hey,
> full
> > > dev is acting weird", "What's the basic layout of this stuff?",
> "Anybody
> > > else seen this test failure?", etc.).  I think we've been pretty good
> > about
> > > keeping our decision type dev discussions to the list (e.g. this exact
> > > conversation).
> > >
> > > We've been doing this more, but I would like to see more of the user
> and
> > > troubleshooting move to the list.  I think we've gotten a bit better
> > about
> > > it as we've settled into Slack, but having that sort of helpful stuff
> > > exposed and searchable for users who come in afterwards is a big
> selling
> > > point of the lists, imo.
> > >
> > > To add onto this, I'd probably like to see
> > >
> > >
> >
> https://cwiki.apache.org/confluence/display/METRON/Community+Resources#CommunityResources-ApacheMetronCommunityResources
> > > (and any other relevant links) updated to emphasize a Slack focus on
> > > developing Metron itself, and the user lists for configuration,
> > > troubleshooting, etc.
> > >
> > > Essentially, I'm proposing:
> > > Dev list / Jira / PRs as usual for any actual decisions + concrete
> > feature
> > > discussion/review.
> > > Slack for Metron development "Hey, anyone seen this or have insight or
> a
> > > starting point?" and "I'm seeing something weird in our tests" type
> stuff
> > > User list for usage and troubleshooting questions.  Generally,
> > discussions
> > > like this in Slack should be redirected to the user list.
> > >
> > > Is this a reasonable way separate our concerns here?
> > >
> > > On Wed, Oct 24, 2018 at 11:37 AM Michael Miklavcic <
> > > michael.miklav...@gmail.com> wrote:
> > >
> > > > Yeah, I'm also surprised by that comment about the mailing list
> > activity.
> > > > Our dev/user list discussions are by far more active than they've
> ever
> > > > been. Just have a look at the list of DISCUSS threads that have come
> up
> > > in
> > > > the past few months and it's clear that not only participation has
> > > > increased, but diversity of topic and participant.
> > > >
> > > > On Wed, Oct 24, 2018 at 8:08 AM Casey Stella 
> > wrote:
> > > >
> > > > > Not for nothing, but at least according to the last board report
> > that I
> > > > > submitted, the user@ traffic is up 100% and the dev list traffic
> is
> > > flat
> > > > > as
> > > > > compared to last quarter.  That's not to say that we couldn't stand
> > > more
> > > > > discussion on the lists, but a lot of the dev discussion happens on
> > > > github
> > > > > and JIRA and I'm happy to see an uptick in user traffic.
> > > > >
> > > > > On Wed, Oct 24, 2018 at 10:05 AM Otto Fowler <
> > ottobackwa...@gmail.com>
> > > > > wrote:
> > > > >
> > > > > > I wouldn’t be so quick to related the slack discussion with
> > perceived
> > > > > > activity on the list.
> > > > > > That is more do to the other things that are bigger issues.
> > > > > >
> > > > > >
> > > > > > On October 24, 2018 at 07:15:30, Nick Allen (n...@nickallen.org)
> > > > wrote:
> > > > > >
> > > > > > > I have heard recently people thought Metron is sort of dead
> just
> > > > > because
> > > > > > the mailing list is not so active anymore!
> > > > > >
> > > > > > That is exactly my concern.
> > > > > >
> > > > > >
> > > > > > On Wed, Oct 24, 2018, 2:49 AM Ali Nazemian <
> alinazem...@gmail.com>
> > > > > wrote:
> > > > > >
> > > > > > > I kind of expect to have Slack for more dev related discussions
> > > > rather
> > > > > > than
> > > > > > > user QA. I guess it is quite common to expect mailing list to
> be
> > > used
> > > > > for
> > > > > > > the purpose of knowledge sharing to make sure it will be
> > accessible
> > > > by
> > > > > > > other users as well. Of course, it is a trade-off that most of
> > the
> > > > > other
> > > > > > > Apache projects decided to accept the risk of keeping user
> > related
> > > > > > > discussions out of Slack/IRC. However, it sometimes happens to
> > see
> > > > the
> > > > > > > mixture of questions coming to Slack. I have heard recently
> > people
> > > > > > thought
> > > > > > > Metron is sort of dead just because the mailing list is not so
> > > active
> > > > > > > anymore!
> > > > > > >
> > > > > > > Cheers,
> > > > > > > Ali
> > > > > > >
> > > > > > > On Tue, Oct 23, 2018 at 8:23 AM Casey Stella <
> ceste...@gmail.com
> > >
> > > > > wrote:
> > > > > > >
> > > > > > > > Agreed, the benefit of the mailing list is that it’s
> searchable
> 

Re: [DISCUSS] Slack Channel Use

[Michael Miklavcic]

I'm also +1 to Justin's points.

On Mon, Nov 12, 2018 at 10:38 AM Nick Allen  wrote:

> +1 to all your points Justin.
>
> On Mon, Nov 12, 2018 at 10:08 AM Justin Leet 
> wrote:
>
> > I wanted to add back onto this thread after putting some more thought
> into
> > it.
> >
> > I like Slack for the type of small developer "what's going on here?" type
> > discussions.  That's the kind of thing I like being real-time ("Hey, full
> > dev is acting weird", "What's the basic layout of this stuff?", "Anybody
> > else seen this test failure?", etc.).  I think we've been pretty good
> about
> > keeping our decision type dev discussions to the list (e.g. this exact
> > conversation).
> >
> > We've been doing this more, but I would like to see more of the user and
> > troubleshooting move to the list.  I think we've gotten a bit better
> about
> > it as we've settled into Slack, but having that sort of helpful stuff
> > exposed and searchable for users who come in afterwards is a big selling
> > point of the lists, imo.
> >
> > To add onto this, I'd probably like to see
> >
> >
> https://cwiki.apache.org/confluence/display/METRON/Community+Resources#CommunityResources-ApacheMetronCommunityResources
> > (and any other relevant links) updated to emphasize a Slack focus on
> > developing Metron itself, and the user lists for configuration,
> > troubleshooting, etc.
> >
> > Essentially, I'm proposing:
> > Dev list / Jira / PRs as usual for any actual decisions + concrete
> feature
> > discussion/review.
> > Slack for Metron development "Hey, anyone seen this or have insight or a
> > starting point?" and "I'm seeing something weird in our tests" type stuff
> > User list for usage and troubleshooting questions.  Generally,
> discussions
> > like this in Slack should be redirected to the user list.
> >
> > Is this a reasonable way separate our concerns here?
> >
> > On Wed, Oct 24, 2018 at 11:37 AM Michael Miklavcic <
> > michael.miklav...@gmail.com> wrote:
> >
> > > Yeah, I'm also surprised by that comment about the mailing list
> activity.
> > > Our dev/user list discussions are by far more active than they've ever
> > > been. Just have a look at the list of DISCUSS threads that have come up
> > in
> > > the past few months and it's clear that not only participation has
> > > increased, but diversity of topic and participant.
> > >
> > > On Wed, Oct 24, 2018 at 8:08 AM Casey Stella 
> wrote:
> > >
> > > > Not for nothing, but at least according to the last board report
> that I
> > > > submitted, the user@ traffic is up 100% and the dev list traffic is
> > flat
> > > > as
> > > > compared to last quarter.  That's not to say that we couldn't stand
> > more
> > > > discussion on the lists, but a lot of the dev discussion happens on
> > > github
> > > > and JIRA and I'm happy to see an uptick in user traffic.
> > > >
> > > > On Wed, Oct 24, 2018 at 10:05 AM Otto Fowler <
> ottobackwa...@gmail.com>
> > > > wrote:
> > > >
> > > > > I wouldn’t be so quick to related the slack discussion with
> perceived
> > > > > activity on the list.
> > > > > That is more do to the other things that are bigger issues.
> > > > >
> > > > >
> > > > > On October 24, 2018 at 07:15:30, Nick Allen (n...@nickallen.org)
> > > wrote:
> > > > >
> > > > > > I have heard recently people thought Metron is sort of dead just
> > > > because
> > > > > the mailing list is not so active anymore!
> > > > >
> > > > > That is exactly my concern.
> > > > >
> > > > >
> > > > > On Wed, Oct 24, 2018, 2:49 AM Ali Nazemian 
> > > > wrote:
> > > > >
> > > > > > I kind of expect to have Slack for more dev related discussions
> > > rather
> > > > > than
> > > > > > user QA. I guess it is quite common to expect mailing list to be
> > used
> > > > for
> > > > > > the purpose of knowledge sharing to make sure it will be
> accessible
> > > by
> > > > > > other users as well. Of course, it is a trade-off that most of
> the
> > > > other
> > > > > > Apache projects decided to accept the risk of keeping user
> related
> > > > > > discussions out of Slack/IRC. However, it sometimes happens to
> see
> > > the
> > > > > > mixture of questions coming to Slack. I have heard recently
> people
> > > > > thought
> > > > > > Metron is sort of dead just because the mailing list is not so
> > active
> > > > > > anymore!
> > > > > >
> > > > > > Cheers,
> > > > > > Ali
> > > > > >
> > > > > > On Tue, Oct 23, 2018 at 8:23 AM Casey Stella  >
> > > > wrote:
> > > > > >
> > > > > > > Agreed, the benefit of the mailing list is that it’s searchable
> > by
> > > > > > ponymail
> > > > > > > and the major search engines.
> > > > > > > On Mon, Oct 22, 2018 at 17:18 Nick Allen 
> > > wrote:
> > > > > > >
> > > > > > > > I don't know that it is the same kind of searchable. Is it
> > being
> > > > > > indexed
> > > > > > > > by the major search engines? I have never used a search
> engine
> > > and
> > > > > > > > uncovered the answer to my problem in a Slack archive.
> > > > > > > >
> > > > > > > > On Mon

Re: [DISCUSS] Slack Channel Use

[Michael Miklavcic]

Your suggestion is well received. I think what we're trying to avoid is a
big dump of Slack's stream of consciousness. There is an inherent
organization and required collection of thoughts that comes with the
dev/user list discussions that doesn't occur on Slack. Maybe threads can
help that a bit, but I'm not sure it should be a full replacement.

On Mon, Nov 12, 2018 at 9:49 AM Scott C. Cote  wrote:

> I realize that I’m a  “new kid” here, but I think you can have your cake
> and eat it too…..
>
> If I can create it, find it, or configure it, perhaps the really best way
> is to be able to either:
>
> 1) dump public slack conversations to the developer thread - arbitrarily
> 2) dump public slack conversations to the user thread - IFF the
> thread/conversation was tagged #user (or equivalent)
>
> Slack is a wonderful tool for facilitating discussions - I cannot
> emphasize how often spam filters and the inherent slowness email servers -
> have interfered with rapid conversations.  Additionally, the big “ask” of
> any resolution on slack -  has been “can you put this in the email
> thread”.  Goes without saying that the even bigger ask has been - can
> this be contributed to the documentation.
>
> I strongly recommend that you streamline the flow of information from
> Slack to the list archives.
>
> SCott
> Scott C. Cote
> scottcc...@gmail.com
> 972.900.1561
>
> twitter: @scottccote
>
>
>
> > On Nov 12, 2018, at 9:07 AM, Justin Leet  wrote:
> >
> > I wanted to add back onto this thread after putting some more thought
> into
> > it.
> >
> > I like Slack for the type of small developer "what's going on here?" type
> > discussions.  That's the kind of thing I like being real-time ("Hey, full
> > dev is acting weird", "What's the basic layout of this stuff?", "Anybody
> > else seen this test failure?", etc.).  I think we've been pretty good
> about
> > keeping our decision type dev discussions to the list (e.g. this exact
> > conversation).
> >
> > We've been doing this more, but I would like to see more of the user and
> > troubleshooting move to the list.  I think we've gotten a bit better
> about
> > it as we've settled into Slack, but having that sort of helpful stuff
> > exposed and searchable for users who come in afterwards is a big selling
> > point of the lists, imo.
> >
> > To add onto this, I'd probably like to see
> >
> https://cwiki.apache.org/confluence/display/METRON/Community+Resources#CommunityResources-ApacheMetronCommunityResources
> > (and any other relevant links) updated to emphasize a Slack focus on
> > developing Metron itself, and the user lists for configuration,
> > troubleshooting, etc.
> >
> > Essentially, I'm proposing:
> > Dev list / Jira / PRs as usual for any actual decisions + concrete
> feature
> > discussion/review.
> > Slack for Metron development "Hey, anyone seen this or have insight or a
> > starting point?" and "I'm seeing something weird in our tests" type stuff
> > User list for usage and troubleshooting questions.  Generally,
> discussions
> > like this in Slack should be redirected to the user list.
> >
> > Is this a reasonable way separate our concerns here?
> >
> > On Wed, Oct 24, 2018 at 11:37 AM Michael Miklavcic <
> > michael.miklav...@gmail.com> wrote:
> >
> >> Yeah, I'm also surprised by that comment about the mailing list
> activity.
> >> Our dev/user list discussions are by far more active than they've ever
> >> been. Just have a look at the list of DISCUSS threads that have come up
> in
> >> the past few months and it's clear that not only participation has
> >> increased, but diversity of topic and participant.
> >>
> >> On Wed, Oct 24, 2018 at 8:08 AM Casey Stella 
> wrote:
> >>
> >>> Not for nothing, but at least according to the last board report that I
> >>> submitted, the user@ traffic is up 100% and the dev list traffic is
> flat
> >>> as
> >>> compared to last quarter.  That's not to say that we couldn't stand
> more
> >>> discussion on the lists, but a lot of the dev discussion happens on
> >> github
> >>> and JIRA and I'm happy to see an uptick in user traffic.
> >>>
> >>> On Wed, Oct 24, 2018 at 10:05 AM Otto Fowler 
> >>> wrote:
> >>>
>  I wouldn’t be so quick to related the slack discussion with perceived
>  activity on the list.
>  That is more do to the other things that are bigger issues.
> 
> 
>  On October 24, 2018 at 07:15:30, Nick Allen (n...@nickallen.org)
> >> wrote:
> 
> > I have heard recently people thought Metron is sort of dead just
> >>> because
>  the mailing list is not so active anymore!
> 
>  That is exactly my concern.
> 
> 
>  On Wed, Oct 24, 2018, 2:49 AM Ali Nazemian 
> >>> wrote:
> 
> > I kind of expect to have Slack for more dev related discussions
> >> rather
>  than
> > user QA. I guess it is quite common to expect mailing list to be used
> >>> for
> > the purpose of knowledge sharing to make sure it will be accessible
> >> by
> > other

Re: [DISCUSS] Slack Channel Use

[Nick Allen]

+1 to all your points Justin.

On Mon, Nov 12, 2018 at 10:08 AM Justin Leet  wrote:

> I wanted to add back onto this thread after putting some more thought into
> it.
>
> I like Slack for the type of small developer "what's going on here?" type
> discussions.  That's the kind of thing I like being real-time ("Hey, full
> dev is acting weird", "What's the basic layout of this stuff?", "Anybody
> else seen this test failure?", etc.).  I think we've been pretty good about
> keeping our decision type dev discussions to the list (e.g. this exact
> conversation).
>
> We've been doing this more, but I would like to see more of the user and
> troubleshooting move to the list.  I think we've gotten a bit better about
> it as we've settled into Slack, but having that sort of helpful stuff
> exposed and searchable for users who come in afterwards is a big selling
> point of the lists, imo.
>
> To add onto this, I'd probably like to see
>
> https://cwiki.apache.org/confluence/display/METRON/Community+Resources#CommunityResources-ApacheMetronCommunityResources
> (and any other relevant links) updated to emphasize a Slack focus on
> developing Metron itself, and the user lists for configuration,
> troubleshooting, etc.
>
> Essentially, I'm proposing:
> Dev list / Jira / PRs as usual for any actual decisions + concrete feature
> discussion/review.
> Slack for Metron development "Hey, anyone seen this or have insight or a
> starting point?" and "I'm seeing something weird in our tests" type stuff
> User list for usage and troubleshooting questions.  Generally, discussions
> like this in Slack should be redirected to the user list.
>
> Is this a reasonable way separate our concerns here?
>
> On Wed, Oct 24, 2018 at 11:37 AM Michael Miklavcic <
> michael.miklav...@gmail.com> wrote:
>
> > Yeah, I'm also surprised by that comment about the mailing list activity.
> > Our dev/user list discussions are by far more active than they've ever
> > been. Just have a look at the list of DISCUSS threads that have come up
> in
> > the past few months and it's clear that not only participation has
> > increased, but diversity of topic and participant.
> >
> > On Wed, Oct 24, 2018 at 8:08 AM Casey Stella  wrote:
> >
> > > Not for nothing, but at least according to the last board report that I
> > > submitted, the user@ traffic is up 100% and the dev list traffic is
> flat
> > > as
> > > compared to last quarter.  That's not to say that we couldn't stand
> more
> > > discussion on the lists, but a lot of the dev discussion happens on
> > github
> > > and JIRA and I'm happy to see an uptick in user traffic.
> > >
> > > On Wed, Oct 24, 2018 at 10:05 AM Otto Fowler 
> > > wrote:
> > >
> > > > I wouldn’t be so quick to related the slack discussion with perceived
> > > > activity on the list.
> > > > That is more do to the other things that are bigger issues.
> > > >
> > > >
> > > > On October 24, 2018 at 07:15:30, Nick Allen (n...@nickallen.org)
> > wrote:
> > > >
> > > > > I have heard recently people thought Metron is sort of dead just
> > > because
> > > > the mailing list is not so active anymore!
> > > >
> > > > That is exactly my concern.
> > > >
> > > >
> > > > On Wed, Oct 24, 2018, 2:49 AM Ali Nazemian 
> > > wrote:
> > > >
> > > > > I kind of expect to have Slack for more dev related discussions
> > rather
> > > > than
> > > > > user QA. I guess it is quite common to expect mailing list to be
> used
> > > for
> > > > > the purpose of knowledge sharing to make sure it will be accessible
> > by
> > > > > other users as well. Of course, it is a trade-off that most of the
> > > other
> > > > > Apache projects decided to accept the risk of keeping user related
> > > > > discussions out of Slack/IRC. However, it sometimes happens to see
> > the
> > > > > mixture of questions coming to Slack. I have heard recently people
> > > > thought
> > > > > Metron is sort of dead just because the mailing list is not so
> active
> > > > > anymore!
> > > > >
> > > > > Cheers,
> > > > > Ali
> > > > >
> > > > > On Tue, Oct 23, 2018 at 8:23 AM Casey Stella 
> > > wrote:
> > > > >
> > > > > > Agreed, the benefit of the mailing list is that it’s searchable
> by
> > > > > ponymail
> > > > > > and the major search engines.
> > > > > > On Mon, Oct 22, 2018 at 17:18 Nick Allen 
> > wrote:
> > > > > >
> > > > > > > I don't know that it is the same kind of searchable. Is it
> being
> > > > > indexed
> > > > > > > by the major search engines? I have never used a search engine
> > and
> > > > > > > uncovered the answer to my problem in a Slack archive.
> > > > > > >
> > > > > > > On Mon, Oct 22, 2018 at 5:05 PM Otto Fowler <
> > > ottobackwa...@gmail.com
> > > > >
> > > > > > > wrote:
> > > > > > >
> > > > > > > > According to Greg Stein, an infra admin on the NiFi slack,
> the
> > > ASF
> > > > > > slack
> > > > > > > > that metron is in IS the standard plan, not the free one and
> is
> > > > > > > searchable
> > > > > > > > past 10,000 messages.
> > > > > > > >
> >

Re: [DISCUSS] Slack Channel Use

[Scott C. Cote]

I realize that I’m a  “new kid” here, but I think you can have your cake and 
eat it too…..

If I can create it, find it, or configure it, perhaps the really best way is to 
be able to either:

1) dump public slack conversations to the developer thread - arbitrarily 
2) dump public slack conversations to the user thread - IFF the 
thread/conversation was tagged #user (or equivalent)

Slack is a wonderful tool for facilitating discussions - I cannot emphasize how 
often spam filters and the inherent slowness email servers -  have interfered 
with rapid conversations.  Additionally, the big “ask” of any resolution on 
slack -  has been “can you put this in the email thread”.  Goes without 
saying that the even bigger ask has been - can this be contributed to the 
documentation.

I strongly recommend that you streamline the flow of information from Slack to 
the list archives.

SCott
Scott C. Cote
scottcc...@gmail.com
972.900.1561

twitter: @scottccote



> On Nov 12, 2018, at 9:07 AM, Justin Leet  wrote:
> 
> I wanted to add back onto this thread after putting some more thought into
> it.
> 
> I like Slack for the type of small developer "what's going on here?" type
> discussions.  That's the kind of thing I like being real-time ("Hey, full
> dev is acting weird", "What's the basic layout of this stuff?", "Anybody
> else seen this test failure?", etc.).  I think we've been pretty good about
> keeping our decision type dev discussions to the list (e.g. this exact
> conversation).
> 
> We've been doing this more, but I would like to see more of the user and
> troubleshooting move to the list.  I think we've gotten a bit better about
> it as we've settled into Slack, but having that sort of helpful stuff
> exposed and searchable for users who come in afterwards is a big selling
> point of the lists, imo.
> 
> To add onto this, I'd probably like to see
> https://cwiki.apache.org/confluence/display/METRON/Community+Resources#CommunityResources-ApacheMetronCommunityResources
> (and any other relevant links) updated to emphasize a Slack focus on
> developing Metron itself, and the user lists for configuration,
> troubleshooting, etc.
> 
> Essentially, I'm proposing:
> Dev list / Jira / PRs as usual for any actual decisions + concrete feature
> discussion/review.
> Slack for Metron development "Hey, anyone seen this or have insight or a
> starting point?" and "I'm seeing something weird in our tests" type stuff
> User list for usage and troubleshooting questions.  Generally, discussions
> like this in Slack should be redirected to the user list.
> 
> Is this a reasonable way separate our concerns here?
> 
> On Wed, Oct 24, 2018 at 11:37 AM Michael Miklavcic <
> michael.miklav...@gmail.com> wrote:
> 
>> Yeah, I'm also surprised by that comment about the mailing list activity.
>> Our dev/user list discussions are by far more active than they've ever
>> been. Just have a look at the list of DISCUSS threads that have come up in
>> the past few months and it's clear that not only participation has
>> increased, but diversity of topic and participant.
>> 
>> On Wed, Oct 24, 2018 at 8:08 AM Casey Stella  wrote:
>> 
>>> Not for nothing, but at least according to the last board report that I
>>> submitted, the user@ traffic is up 100% and the dev list traffic is flat
>>> as
>>> compared to last quarter.  That's not to say that we couldn't stand more
>>> discussion on the lists, but a lot of the dev discussion happens on
>> github
>>> and JIRA and I'm happy to see an uptick in user traffic.
>>> 
>>> On Wed, Oct 24, 2018 at 10:05 AM Otto Fowler 
>>> wrote:
>>> 
 I wouldn’t be so quick to related the slack discussion with perceived
 activity on the list.
 That is more do to the other things that are bigger issues.
 
 
 On October 24, 2018 at 07:15:30, Nick Allen (n...@nickallen.org)
>> wrote:
 
> I have heard recently people thought Metron is sort of dead just
>>> because
 the mailing list is not so active anymore!
 
 That is exactly my concern.
 
 
 On Wed, Oct 24, 2018, 2:49 AM Ali Nazemian 
>>> wrote:
 
> I kind of expect to have Slack for more dev related discussions
>> rather
 than
> user QA. I guess it is quite common to expect mailing list to be used
>>> for
> the purpose of knowledge sharing to make sure it will be accessible
>> by
> other users as well. Of course, it is a trade-off that most of the
>>> other
> Apache projects decided to accept the risk of keeping user related
> discussions out of Slack/IRC. However, it sometimes happens to see
>> the
> mixture of questions coming to Slack. I have heard recently people
 thought
> Metron is sort of dead just because the mailing list is not so active
> anymore!
> 
> Cheers,
> Ali
> 
> On Tue, Oct 23, 2018 at 8:23 AM Casey Stella 
>>> wrote:
> 
>> Agreed, the benefit of the mailing list is that it’s searchable by
> ponymail
>> and 

Re: [DISCUSS] Knox SSO feature branch review and features

[Simon Elliston Ball]

What you're looking for is an OUT rewrite rule, and a filter rule on
content-type. It's not spectacularly well documented, but
https://knox.apache.org/books/knox-1-0-0/dev-guide.html#Rewrite+Provider
and specifically
https://knox.apache.org/books/knox-1-0-0/dev-guide.html#Rewrite+Steps is a
starting point. There are some reasonable examples in Knox itself for the
webhdfs service, which uses this mechanism:
https://github.com/apache/knox/blob/master/gateway-service-webhdfs/src/main/resources/org/apache/knox/gateway/hdfs/WebHdfsDeploymentContributor/rewrite.xml


Hope that helps. It's not well doc-ed sadly, and not massively flexible,
but should work. I suspect from my previous experiments with this you may
also need to build this file as part of the UI builds, so it is aware of
the bundle names generated, because the Knox matching rules don't have
proper back reference capabilities.

I did a POC of this sometime back in March, that I might be able to dig out
if it would help.

Simon

On Mon, 12 Nov 2018 at 14:59, Ryan Merriman  wrote:

> I'm just coming up to speed on Knox so maybe rewriting assets links are
> trivial.  If anyone has a good example of how to do that or can point to
> some documentation, please share.
>
> On Mon, Nov 12, 2018 at 8:54 AM Simon Elliston Ball <
> si...@simonellistonball.com> wrote:
>
> > Doing the Knox proxy work first certainly does make a lot of sense vs the
> > SSO first approach, so I'm in favour of this. It bypasses all the
> anti-CORS
> > proxying stuff the other solution needed by being on the same URL space.
> >
> > Is there are reason we're not re-writing the asset link URLs in Knox? We
> > should have a reverse content rewrite rule to avoid that problem and make
> > it entirely transparent whether there is Knox or not. We shouldn't be
> > changing anything about the UI services themselves. If the rewrite
> service
> > is complete, there is no change to base ref in the UI code, Knox would
> > effectively apply it by content filtering. Note also that the gateway URL
> > is configurable and likely to vary from Knox to Knox, so baking it into
> the
> > ng build will break non-full-dev builds. (e.g. gateway/default could well
> > be gateway/xyz).
> >
> > I would also like to discuss removing the JDBC auth, because it's a set
> of
> > plaintext passwords in a mysql DB... it introduces a problematic
> dependency
> > (mysql) a ton of java dependencies we could cut out (JPA, eclipselink)
> and
> > opens up a massive security hole. I personally know of several
> > organisations who are blocked from using Metron by the presence of the
> JDBC
> > authentication method in its current form.
> >
> > Simon
> >
> > On Mon, 12 Nov 2018 at 14:36, Ryan Merriman  wrote:
> >
> > > Let me clarify on exposing both legacy and Knox URLs at the same time.
> > The
> > > base urls will look something like this:
> > >
> > > Legacy REST - http://node1:8082/api/v1
> > > Legacy Alerts UI - http://node1:4201:/alerts-list
> > >
> > > Knox REST - https://node1:8443/gateway/default/metron/api/v1
> > > Knox Alerts UI -
> > > https://node1:8443/gateway/default/metron-alerts-ui/alerts-list
> > >
> > > If Knox were turned on and the alerts UI deployed as is, it would not
> > > work.  This is because static assets are referenced with
> > > http://node1:4201/assets/some-asset.js which does not include the
> > correct
> > > context path to the alerts UI in knox.  To make it work, you have to
> set
> > > the base ref to "/gateway/default/metron-alerts-ui" so that static
> assets
> > > are referenced at
> > >
> https://node1:8443/gateway/default/metron-alerts-ui/assets/some-asset.js
> > .
> > > When you do that, the legacy alerts UI will no longer work.  I guess
> the
> > > point I'm trying to make is that we would have to switch between them
> or
> > > have 2 separate application running.  I imagine most users only need
> one
> > or
> > > the other running so probably not an issue.
> > >
> > > Jon, the primary upgrade consideration I see is with authentication.
> To
> > be
> > > able to use Knox, you would have to upgrade to LDAP-based
> authentication
> > if
> > > you were still using JDBC-based authentication in REST.  The urls would
> > > also change obviously.
> > >
> > > On Sun, Nov 11, 2018 at 6:38 PM zeo...@gmail.com 
> > wrote:
> > >
> > > > Phew, that was quite the thread to catch up on.
> > > >
> > > > I agree that this should be optional/pluggable to start, and I'm
> > > interested
> > > > to hear the issues as they relate to upgrading an existing cluster
> > (given
> > > > the suggested approach) and exposing both legacy and knox URLs at the
> > > same
> > > > time.
> > > >
> > > > Jon
> > > >
> > > > On Fri, Nov 9, 2018, 4:46 PM Michael Miklavcic <
> > > > michael.miklav...@gmail.com>
> > > > wrote:
> > > >
> > > > > A couple more things, and I think this goes without saying -
> whatever
> > > we
> > > > do
> > > > > with Knox should NOT
> > > > >
> > > > >1. Require unit and integration tests t

Re: [DISCUSS] Knox SSO feature branch review and features

[Sandeep Moré]

Hello Ryan,

I am still catching up on the architecture so let me know if I am
misunderstanding anything.
You could have multiple serviced deployed in Knox
   1. for metron (metron/api/v1)
   2. for alerts-ui (metron-alerts-ui/alerts-list)
and have them run in one Knox instance and you could have one service
reference from other (not recommended but possible).

You can tailor rewrite rules to update the context path for the assets as
well, pointed out by Simon.

Knox Wiki [1] has some blogs and tutorials that you can look at. This [2]
is a good tutorial on how rewriting static assets, there is also a blog [3]
on basics of rewrite rules that should be a good reference.

I would also be glad to look at the service definitions you have and answer
any questions.

[1] https://cwiki.apache.org/confluence/display/KNOX/Index
[2]
https://cwiki.apache.org/confluence/display/KNOX/Proxying+a+UI+using+Knox
[3]
https://cwiki.apache.org/confluence/display/KNOX/Proxying+a+UI+using+Knox

Best,
Sandeep

P.S. I am a Knox committer and new to Metron.

On Mon, Nov 12, 2018 at 9:59 AM Ryan Merriman  wrote:

> I'm just coming up to speed on Knox so maybe rewriting assets links are
> trivial.  If anyone has a good example of how to do that or can point to
> some documentation, please share.
>
> On Mon, Nov 12, 2018 at 8:54 AM Simon Elliston Ball <
> si...@simonellistonball.com> wrote:
>
> > Doing the Knox proxy work first certainly does make a lot of sense vs the
> > SSO first approach, so I'm in favour of this. It bypasses all the
> anti-CORS
> > proxying stuff the other solution needed by being on the same URL space.
> >
> > Is there are reason we're not re-writing the asset link URLs in Knox? We
> > should have a reverse content rewrite rule to avoid that problem and make
> > it entirely transparent whether there is Knox or not. We shouldn't be
> > changing anything about the UI services themselves. If the rewrite
> service
> > is complete, there is no change to base ref in the UI code, Knox would
> > effectively apply it by content filtering. Note also that the gateway URL
> > is configurable and likely to vary from Knox to Knox, so baking it into
> the
> > ng build will break non-full-dev builds. (e.g. gateway/default could well
> > be gateway/xyz).
> >
> > I would also like to discuss removing the JDBC auth, because it's a set
> of
> > plaintext passwords in a mysql DB... it introduces a problematic
> dependency
> > (mysql) a ton of java dependencies we could cut out (JPA, eclipselink)
> and
> > opens up a massive security hole. I personally know of several
> > organisations who are blocked from using Metron by the presence of the
> JDBC
> > authentication method in its current form.
> >
> > Simon
> >
> > On Mon, 12 Nov 2018 at 14:36, Ryan Merriman  wrote:
> >
> > > Let me clarify on exposing both legacy and Knox URLs at the same time.
> > The
> > > base urls will look something like this:
> > >
> > > Legacy REST - http://node1:8082/api/v1
> > > Legacy Alerts UI - http://node1:4201:/alerts-list
> > >
> > > Knox REST - https://node1:8443/gateway/default/metron/api/v1
> > > Knox Alerts UI -
> > > https://node1:8443/gateway/default/metron-alerts-ui/alerts-list
> > >
> > > If Knox were turned on and the alerts UI deployed as is, it would not
> > > work.  This is because static assets are referenced with
> > > http://node1:4201/assets/some-asset.js which does not include the
> > correct
> > > context path to the alerts UI in knox.  To make it work, you have to
> set
> > > the base ref to "/gateway/default/metron-alerts-ui" so that static
> assets
> > > are referenced at
> > >
> https://node1:8443/gateway/default/metron-alerts-ui/assets/some-asset.js
> > .
> > > When you do that, the legacy alerts UI will no longer work.  I guess
> the
> > > point I'm trying to make is that we would have to switch between them
> or
> > > have 2 separate application running.  I imagine most users only need
> one
> > or
> > > the other running so probably not an issue.
> > >
> > > Jon, the primary upgrade consideration I see is with authentication.
> To
> > be
> > > able to use Knox, you would have to upgrade to LDAP-based
> authentication
> > if
> > > you were still using JDBC-based authentication in REST.  The urls would
> > > also change obviously.
> > >
> > > On Sun, Nov 11, 2018 at 6:38 PM zeo...@gmail.com 
> > wrote:
> > >
> > > > Phew, that was quite the thread to catch up on.
> > > >
> > > > I agree that this should be optional/pluggable to start, and I'm
> > > interested
> > > > to hear the issues as they relate to upgrading an existing cluster
> > (given
> > > > the suggested approach) and exposing both legacy and knox URLs at the
> > > same
> > > > time.
> > > >
> > > > Jon
> > > >
> > > > On Fri, Nov 9, 2018, 4:46 PM Michael Miklavcic <
> > > > michael.miklav...@gmail.com>
> > > > wrote:
> > > >
> > > > > A couple more things, and I think this goes without saying -
> whatever
> > > we
> > > > do
> > > > > with Knox should NOT
> > > > >

Re: [DISCUSS] Slack Channel Use

[Justin Leet]

I wanted to add back onto this thread after putting some more thought into
it.

I like Slack for the type of small developer "what's going on here?" type
discussions.  That's the kind of thing I like being real-time ("Hey, full
dev is acting weird", "What's the basic layout of this stuff?", "Anybody
else seen this test failure?", etc.).  I think we've been pretty good about
keeping our decision type dev discussions to the list (e.g. this exact
conversation).

We've been doing this more, but I would like to see more of the user and
troubleshooting move to the list.  I think we've gotten a bit better about
it as we've settled into Slack, but having that sort of helpful stuff
exposed and searchable for users who come in afterwards is a big selling
point of the lists, imo.

To add onto this, I'd probably like to see
https://cwiki.apache.org/confluence/display/METRON/Community+Resources#CommunityResources-ApacheMetronCommunityResources
(and any other relevant links) updated to emphasize a Slack focus on
developing Metron itself, and the user lists for configuration,
troubleshooting, etc.

Essentially, I'm proposing:
Dev list / Jira / PRs as usual for any actual decisions + concrete feature
discussion/review.
Slack for Metron development "Hey, anyone seen this or have insight or a
starting point?" and "I'm seeing something weird in our tests" type stuff
User list for usage and troubleshooting questions.  Generally, discussions
like this in Slack should be redirected to the user list.

Is this a reasonable way separate our concerns here?

On Wed, Oct 24, 2018 at 11:37 AM Michael Miklavcic <
michael.miklav...@gmail.com> wrote:

> Yeah, I'm also surprised by that comment about the mailing list activity.
> Our dev/user list discussions are by far more active than they've ever
> been. Just have a look at the list of DISCUSS threads that have come up in
> the past few months and it's clear that not only participation has
> increased, but diversity of topic and participant.
>
> On Wed, Oct 24, 2018 at 8:08 AM Casey Stella  wrote:
>
> > Not for nothing, but at least according to the last board report that I
> > submitted, the user@ traffic is up 100% and the dev list traffic is flat
> > as
> > compared to last quarter.  That's not to say that we couldn't stand more
> > discussion on the lists, but a lot of the dev discussion happens on
> github
> > and JIRA and I'm happy to see an uptick in user traffic.
> >
> > On Wed, Oct 24, 2018 at 10:05 AM Otto Fowler 
> > wrote:
> >
> > > I wouldn’t be so quick to related the slack discussion with perceived
> > > activity on the list.
> > > That is more do to the other things that are bigger issues.
> > >
> > >
> > > On October 24, 2018 at 07:15:30, Nick Allen (n...@nickallen.org)
> wrote:
> > >
> > > > I have heard recently people thought Metron is sort of dead just
> > because
> > > the mailing list is not so active anymore!
> > >
> > > That is exactly my concern.
> > >
> > >
> > > On Wed, Oct 24, 2018, 2:49 AM Ali Nazemian 
> > wrote:
> > >
> > > > I kind of expect to have Slack for more dev related discussions
> rather
> > > than
> > > > user QA. I guess it is quite common to expect mailing list to be used
> > for
> > > > the purpose of knowledge sharing to make sure it will be accessible
> by
> > > > other users as well. Of course, it is a trade-off that most of the
> > other
> > > > Apache projects decided to accept the risk of keeping user related
> > > > discussions out of Slack/IRC. However, it sometimes happens to see
> the
> > > > mixture of questions coming to Slack. I have heard recently people
> > > thought
> > > > Metron is sort of dead just because the mailing list is not so active
> > > > anymore!
> > > >
> > > > Cheers,
> > > > Ali
> > > >
> > > > On Tue, Oct 23, 2018 at 8:23 AM Casey Stella 
> > wrote:
> > > >
> > > > > Agreed, the benefit of the mailing list is that it’s searchable by
> > > > ponymail
> > > > > and the major search engines.
> > > > > On Mon, Oct 22, 2018 at 17:18 Nick Allen 
> wrote:
> > > > >
> > > > > > I don't know that it is the same kind of searchable. Is it being
> > > > indexed
> > > > > > by the major search engines? I have never used a search engine
> and
> > > > > > uncovered the answer to my problem in a Slack archive.
> > > > > >
> > > > > > On Mon, Oct 22, 2018 at 5:05 PM Otto Fowler <
> > ottobackwa...@gmail.com
> > > >
> > > > > > wrote:
> > > > > >
> > > > > > > According to Greg Stein, an infra admin on the NiFi slack, the
> > ASF
> > > > > slack
> > > > > > > that metron is in IS the standard plan, not the free one and is
> > > > > > searchable
> > > > > > > past 10,000 messages.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On October 22, 2018 at 15:35:51, Michael Miklavcic (
> > > > > > > michael.miklav...@gmail.com) wrote:
> > > > > > >
> > > > > > > ...From an archival and broader reach point of view, I do think
> > > > there's
> > > > > > > something to be said about using the mailing list. It's also
> > easier

Re: [DISCUSS] Knox SSO feature branch review and features

[Ryan Merriman]

I'm just coming up to speed on Knox so maybe rewriting assets links are
trivial.  If anyone has a good example of how to do that or can point to
some documentation, please share.

On Mon, Nov 12, 2018 at 8:54 AM Simon Elliston Ball <
si...@simonellistonball.com> wrote:

> Doing the Knox proxy work first certainly does make a lot of sense vs the
> SSO first approach, so I'm in favour of this. It bypasses all the anti-CORS
> proxying stuff the other solution needed by being on the same URL space.
>
> Is there are reason we're not re-writing the asset link URLs in Knox? We
> should have a reverse content rewrite rule to avoid that problem and make
> it entirely transparent whether there is Knox or not. We shouldn't be
> changing anything about the UI services themselves. If the rewrite service
> is complete, there is no change to base ref in the UI code, Knox would
> effectively apply it by content filtering. Note also that the gateway URL
> is configurable and likely to vary from Knox to Knox, so baking it into the
> ng build will break non-full-dev builds. (e.g. gateway/default could well
> be gateway/xyz).
>
> I would also like to discuss removing the JDBC auth, because it's a set of
> plaintext passwords in a mysql DB... it introduces a problematic dependency
> (mysql) a ton of java dependencies we could cut out (JPA, eclipselink) and
> opens up a massive security hole. I personally know of several
> organisations who are blocked from using Metron by the presence of the JDBC
> authentication method in its current form.
>
> Simon
>
> On Mon, 12 Nov 2018 at 14:36, Ryan Merriman  wrote:
>
> > Let me clarify on exposing both legacy and Knox URLs at the same time.
> The
> > base urls will look something like this:
> >
> > Legacy REST - http://node1:8082/api/v1
> > Legacy Alerts UI - http://node1:4201:/alerts-list
> >
> > Knox REST - https://node1:8443/gateway/default/metron/api/v1
> > Knox Alerts UI -
> > https://node1:8443/gateway/default/metron-alerts-ui/alerts-list
> >
> > If Knox were turned on and the alerts UI deployed as is, it would not
> > work.  This is because static assets are referenced with
> > http://node1:4201/assets/some-asset.js which does not include the
> correct
> > context path to the alerts UI in knox.  To make it work, you have to set
> > the base ref to "/gateway/default/metron-alerts-ui" so that static assets
> > are referenced at
> > https://node1:8443/gateway/default/metron-alerts-ui/assets/some-asset.js
> .
> > When you do that, the legacy alerts UI will no longer work.  I guess the
> > point I'm trying to make is that we would have to switch between them or
> > have 2 separate application running.  I imagine most users only need one
> or
> > the other running so probably not an issue.
> >
> > Jon, the primary upgrade consideration I see is with authentication.  To
> be
> > able to use Knox, you would have to upgrade to LDAP-based authentication
> if
> > you were still using JDBC-based authentication in REST.  The urls would
> > also change obviously.
> >
> > On Sun, Nov 11, 2018 at 6:38 PM zeo...@gmail.com 
> wrote:
> >
> > > Phew, that was quite the thread to catch up on.
> > >
> > > I agree that this should be optional/pluggable to start, and I'm
> > interested
> > > to hear the issues as they relate to upgrading an existing cluster
> (given
> > > the suggested approach) and exposing both legacy and knox URLs at the
> > same
> > > time.
> > >
> > > Jon
> > >
> > > On Fri, Nov 9, 2018, 4:46 PM Michael Miklavcic <
> > > michael.miklav...@gmail.com>
> > > wrote:
> > >
> > > > A couple more things, and I think this goes without saying - whatever
> > we
> > > do
> > > > with Knox should NOT
> > > >
> > > >1. Require unit and integration tests to use Knox
> > > >2. Break fulldev
> > > >
> > > > Also, I don't know that I saw you mention this, but I'm unsure how we
> > > > should leverage Knox as a core piece of the platform. i.e. should we
> > make
> > > > this required or optional? I'm open to hearing opinions on this, but
> > I'm
> > > > inclined to keep this a pluggable option.
> > > >
> > > > Mike
> > > >
> > > >
> > > > On Fri, Nov 9, 2018 at 2:42 PM Michael Miklavcic <
> > > > michael.miklav...@gmail.com> wrote:
> > > >
> > > > > Thanks for the update Ryan. Per my earlier comments, I thought it
> > might
> > > > be
> > > > > the case that we could dramatically simplify this by leveraging
> > Knox's
> > > > > proxy capabilities, and per your research that appears to be the
> > case.
> > > > This
> > > > > is a dramatic simplification and improvement of this feature imo,
> +1.
> > > I'm
> > > > > also +1 on a couple distinct steps that you've laid out: fix the UI
> > > > issues
> > > > > in master, then add Knox for SSO. That should help mitigate issues
> > with
> > > > > merge conflicts with ongoing development.
> > > > >
> > > > > > I think it will be a challenge exposing the UIs through both the
> > Knox
> > > > > url and legacy urls at the same time.
> > > > > I'm not s

Re: [DISCUSS] Knox SSO feature branch review and features

[Simon Elliston Ball]

Doing the Knox proxy work first certainly does make a lot of sense vs the
SSO first approach, so I'm in favour of this. It bypasses all the anti-CORS
proxying stuff the other solution needed by being on the same URL space.

Is there are reason we're not re-writing the asset link URLs in Knox? We
should have a reverse content rewrite rule to avoid that problem and make
it entirely transparent whether there is Knox or not. We shouldn't be
changing anything about the UI services themselves. If the rewrite service
is complete, there is no change to base ref in the UI code, Knox would
effectively apply it by content filtering. Note also that the gateway URL
is configurable and likely to vary from Knox to Knox, so baking it into the
ng build will break non-full-dev builds. (e.g. gateway/default could well
be gateway/xyz).

I would also like to discuss removing the JDBC auth, because it's a set of
plaintext passwords in a mysql DB... it introduces a problematic dependency
(mysql) a ton of java dependencies we could cut out (JPA, eclipselink) and
opens up a massive security hole. I personally know of several
organisations who are blocked from using Metron by the presence of the JDBC
authentication method in its current form.

Simon

On Mon, 12 Nov 2018 at 14:36, Ryan Merriman  wrote:

> Let me clarify on exposing both legacy and Knox URLs at the same time.  The
> base urls will look something like this:
>
> Legacy REST - http://node1:8082/api/v1
> Legacy Alerts UI - http://node1:4201:/alerts-list
>
> Knox REST - https://node1:8443/gateway/default/metron/api/v1
> Knox Alerts UI -
> https://node1:8443/gateway/default/metron-alerts-ui/alerts-list
>
> If Knox were turned on and the alerts UI deployed as is, it would not
> work.  This is because static assets are referenced with
> http://node1:4201/assets/some-asset.js which does not include the correct
> context path to the alerts UI in knox.  To make it work, you have to set
> the base ref to "/gateway/default/metron-alerts-ui" so that static assets
> are referenced at
> https://node1:8443/gateway/default/metron-alerts-ui/assets/some-asset.js.
> When you do that, the legacy alerts UI will no longer work.  I guess the
> point I'm trying to make is that we would have to switch between them or
> have 2 separate application running.  I imagine most users only need one or
> the other running so probably not an issue.
>
> Jon, the primary upgrade consideration I see is with authentication.  To be
> able to use Knox, you would have to upgrade to LDAP-based authentication if
> you were still using JDBC-based authentication in REST.  The urls would
> also change obviously.
>
> On Sun, Nov 11, 2018 at 6:38 PM zeo...@gmail.com  wrote:
>
> > Phew, that was quite the thread to catch up on.
> >
> > I agree that this should be optional/pluggable to start, and I'm
> interested
> > to hear the issues as they relate to upgrading an existing cluster (given
> > the suggested approach) and exposing both legacy and knox URLs at the
> same
> > time.
> >
> > Jon
> >
> > On Fri, Nov 9, 2018, 4:46 PM Michael Miklavcic <
> > michael.miklav...@gmail.com>
> > wrote:
> >
> > > A couple more things, and I think this goes without saying - whatever
> we
> > do
> > > with Knox should NOT
> > >
> > >1. Require unit and integration tests to use Knox
> > >2. Break fulldev
> > >
> > > Also, I don't know that I saw you mention this, but I'm unsure how we
> > > should leverage Knox as a core piece of the platform. i.e. should we
> make
> > > this required or optional? I'm open to hearing opinions on this, but
> I'm
> > > inclined to keep this a pluggable option.
> > >
> > > Mike
> > >
> > >
> > > On Fri, Nov 9, 2018 at 2:42 PM Michael Miklavcic <
> > > michael.miklav...@gmail.com> wrote:
> > >
> > > > Thanks for the update Ryan. Per my earlier comments, I thought it
> might
> > > be
> > > > the case that we could dramatically simplify this by leveraging
> Knox's
> > > > proxy capabilities, and per your research that appears to be the
> case.
> > > This
> > > > is a dramatic simplification and improvement of this feature imo, +1.
> > I'm
> > > > also +1 on a couple distinct steps that you've laid out: fix the UI
> > > issues
> > > > in master, then add Knox for SSO. That should help mitigate issues
> with
> > > > merge conflicts with ongoing development.
> > > >
> > > > > I think it will be a challenge exposing the UIs through both the
> Knox
> > > > url and legacy urls at the same time.
> > > > I'm not sure I understand the issue here. Are you referring to this
> > > > comment? "Added a ng build option to build the UI with base href set
> to
> > > > Knox base path." Isn't it just a matter of URL rewriting/forwarding?
> I
> > > > thought we'd be exposing the URL's directly in one context, and
> through
> > > > Knox in the other. Either way, it seems like we should be able to
> > > provide a
> > > > dynamic base path through configuration in our web applications. I'd
> > > expect
> > > > to modify th

Re: [DISCUSS] Knox SSO feature branch review and features

[Ryan Merriman]

Let me clarify on exposing both legacy and Knox URLs at the same time.  The
base urls will look something like this:

Legacy REST - http://node1:8082/api/v1
Legacy Alerts UI - http://node1:4201:/alerts-list

Knox REST - https://node1:8443/gateway/default/metron/api/v1
Knox Alerts UI -
https://node1:8443/gateway/default/metron-alerts-ui/alerts-list

If Knox were turned on and the alerts UI deployed as is, it would not
work.  This is because static assets are referenced with
http://node1:4201/assets/some-asset.js which does not include the correct
context path to the alerts UI in knox.  To make it work, you have to set
the base ref to "/gateway/default/metron-alerts-ui" so that static assets
are referenced at
https://node1:8443/gateway/default/metron-alerts-ui/assets/some-asset.js.
When you do that, the legacy alerts UI will no longer work.  I guess the
point I'm trying to make is that we would have to switch between them or
have 2 separate application running.  I imagine most users only need one or
the other running so probably not an issue.

Jon, the primary upgrade consideration I see is with authentication.  To be
able to use Knox, you would have to upgrade to LDAP-based authentication if
you were still using JDBC-based authentication in REST.  The urls would
also change obviously.

On Sun, Nov 11, 2018 at 6:38 PM zeo...@gmail.com  wrote:

> Phew, that was quite the thread to catch up on.
>
> I agree that this should be optional/pluggable to start, and I'm interested
> to hear the issues as they relate to upgrading an existing cluster (given
> the suggested approach) and exposing both legacy and knox URLs at the same
> time.
>
> Jon
>
> On Fri, Nov 9, 2018, 4:46 PM Michael Miklavcic <
> michael.miklav...@gmail.com>
> wrote:
>
> > A couple more things, and I think this goes without saying - whatever we
> do
> > with Knox should NOT
> >
> >1. Require unit and integration tests to use Knox
> >2. Break fulldev
> >
> > Also, I don't know that I saw you mention this, but I'm unsure how we
> > should leverage Knox as a core piece of the platform. i.e. should we make
> > this required or optional? I'm open to hearing opinions on this, but I'm
> > inclined to keep this a pluggable option.
> >
> > Mike
> >
> >
> > On Fri, Nov 9, 2018 at 2:42 PM Michael Miklavcic <
> > michael.miklav...@gmail.com> wrote:
> >
> > > Thanks for the update Ryan. Per my earlier comments, I thought it might
> > be
> > > the case that we could dramatically simplify this by leveraging Knox's
> > > proxy capabilities, and per your research that appears to be the case.
> > This
> > > is a dramatic simplification and improvement of this feature imo, +1.
> I'm
> > > also +1 on a couple distinct steps that you've laid out: fix the UI
> > issues
> > > in master, then add Knox for SSO. That should help mitigate issues with
> > > merge conflicts with ongoing development.
> > >
> > > > I think it will be a challenge exposing the UIs through both the Knox
> > > url and legacy urls at the same time.
> > > I'm not sure I understand the issue here. Are you referring to this
> > > comment? "Added a ng build option to build the UI with base href set to
> > > Knox base path." Isn't it just a matter of URL rewriting/forwarding? I
> > > thought we'd be exposing the URL's directly in one context, and through
> > > Knox in the other. Either way, it seems like we should be able to
> > provide a
> > > dynamic base path through configuration in our web applications. I'd
> > expect
> > > to modify that property based on whether Knox is configured or not.
> > >
> > > > I'm also not clear on how one would use Knox with REST set to legacy
> > > JDBC-based authentication. As far as I know Knox does not support JDBC
> so
> > > there would be a mismatch between Knox and REST.
> > > I'm OK with not having Knox work with JDBC. That's a feature of Knox
> and
> > > probably not something we care much about.
> > >
> > > >We could initially make Knox an optional feature that requires setup
> > with
> > > the help of some documentation (like Kerberos) while keeping the system
> > the
> > > way it is now by default.
> > > Sounds good to me.
> > >
> > > > I imagine we'll deprecate JDBC-based authentication at some point so
> > > that may be a good time to switch.
> > > I would like to announce deprecation in our next release and move to
> > > remove it in a following release.
> > >
> > > Thanks for taking this on and great job laying things out.
> > >
> > > Thanks,
> > > Mike
> > >
> > > On Fri, Nov 9, 2018 at 2:09 PM Ryan Merriman 
> > wrote:
> > >
> > >> I have spent some time recently reviewing this discussion and the
> > feature
> > >> branch that Simon put out.  I think this is an important feature and
> > want
> > >> to move it forward.  I started another discussion on adding Knox to
> our
> > >> stack but this discussion has a lot of good context so I will continue
> > it
> > >> here.
> > >>
> > >> I think the main point of contention was that this feature branch