[VOTE] Release Apache Knox v0.9.0

[larry mccay <lm...@apache.org>]

All -

A new candidate (rc4) for the Apache Knox 0.9.0 release is available at:

https://dist.apache.org/repos/dist/dev/knox/knox-0.9.0/

The release candidate is a zip archive of the sources in:

https://git-wip-us.apache.org/repos/asf/knox.git
Branch v0.9.0 (git checkout -b v0.9.0)

The KEYS file for signature validation is available at:
https://dist.apache.org/repos/dist/release/knox/KEYS

The driving usecases for the 0.9.0 release have been defined as the
following:
1. SSO participation by applications like Ranger and Ambari while being
proxied through the gateway.
2. Authentication natively done by Ranger and Ambari applications while
being proxied through Knox.
3. the usecase of a custom application like the Knoxplorer sample can now
be hosted by Knox and this needs to be covered and tested with KnoxSSO.
4. Default Knox authentication with form based application as KnoxSSO IDP.
5. any additional API support and various features and improvements.

For testing KnoxSSO for Ambari with Default IDP (form-based authentication):
https://cwiki.apache.org/confluence/display/KNOX/Ambari+via+KnoxSSO+and+Default+IDP

For testing new applications that are hosted on Knox and consuming Hadoop
REST APIs with KnoxSSO:
https://github.com/lmccay/knoxplorer2


Please vote on releasing this package as Apache Knox 0.9.0.
The vote is open for the next 72 hours and passes if a majority of at
least three +1 Apache Knox PMC votes are cast.

[ ] +1 Release this package as Apache Knox 0.9.0
[ ] -1 Do not release this package because...


thanks,

--larry

Re: [VOTE] Release Apache Knox v0.9.0

[Sumit Gupta <su...@hortonworks.com>]

Here are my official results as well:

+1


* Verified signatures
* Build the project from branch source and ran unit tests
* Ran curl examples from the user guide for WebHDFS, WebHCat, Oozie, HBase
and Yarn 
* Ran a sample Java client code for JDBC driver based HiveServer2 access

* Basic testing of Ambari proxy UI
* Basic testing of Ranger proxy UI

Sumit.


On 4/20/16, 9:58 AM, "larry mccay" <lm...@apache.org> wrote:

>Very well - here are my test results:
>
>+1
>
>* verified signatures
>* built from source and ran unit tests
>* ran samples for HBase, WebHDFS, WebHCat/templeton, Hive
>* manually tested form-based authentication provider for KnoxSSO with
>Ambari
>* manually tested form-based authentication provider for KnoxSSO for Knox
>hosted applications
>* manually tested SAML 2 IDP (Okta) for KnoxSSO with Ambari
>* manually tested SAML 2 IDP (Okta) for KnoxSSO for Knox hosted
>applications
>* tested webhdfs and webhcat from node.js based CLI
>
>Unless Kevin has some reservation about releasing 0.9.0 with KNOX-711
>outstanding, we will move forward.
>
>
>On Wed, Apr 20, 2016 at 9:51 AM, Sumit Gupta <su...@hortonworks.com>
>wrote:
>
>> Sorry I thought I sent my +1 for the release last night. In any case, my
>> release testing has also gone well for this RC. I agree with you that we
>> should go ahead with 0.9.0 release and address UI proxying issues for
>>the
>> various UIs that we now support in a 0.9.1 release. There are a few
>>issues
>> I see in JIRA related to UI proxying but they could all be related to
>> KNOX-711. But certainly along with KNOX-711 we should get in a fix for
>> https://issues.apache.org/jira/browse/KNOX-705 in a follow on release.
>>
>> Sumit.
>>
>> On 4/20/16, 9:06 AM, "larry mccay" <lm...@apache.org> wrote:
>>
>> >My release testing has gone well but before I provide my +1 for this
>>rc, I
>> >would like to discuss an issue [1] that has come to light.
>> >This issue primarily affects UI proxying but could theoretically affect
>> >service definitions as well.
>> >Given that there is a workaround of deploying separate topologies to
>>avoid
>> >overlapping rewrite rule matching patterns, I propose that we address
>>this
>> >issue in a narrowly scoped 0.9.1 release and document it as a
>>limitation
>> >for 0.9.0.
>> >
>> >What are your thoughts?
>> >
>> >1. https://issues.apache.org/jira/browse/KNOX-711
>> >
>> >
>> >On Thu, Apr 14, 2016 at 2:41 PM, Kevin Minder
>> ><ke...@hortonworks.com>
>> >wrote:
>> >
>> >> +1 (binding)
>> >>
>> >> * Verified signatures
>> >> * Built from source and ran/passed all unit tests
>> >> * Ran Groovy samples for WebHDFS, WebHCat, Oozie, HBase
>> >> * Basic testing of HiveServer2 support via JDBC Driver based client
>> >> * Basic testing of KnoxSSO with Default Knox IDP using Ambari
>> >> * Basic testing of Ambari UI Proxy support
>> >> * Basic testing of KnoxSSO+DefaultIdP+AmbariUIProxy
>> >>
>> >>
>> >>
>> >> On 4/14/16, 8:53 AM, "larry mccay" <lm...@apache.org> wrote:
>> >>
>> >> >All -
>> >> >
>> >> >A new candidate (rc4) for the Apache Knox 0.9.0 release is available
>> >>at:
>> >> >
>> >> >https://dist.apache.org/repos/dist/dev/knox/knox-0.9.0/
>> >> >
>> >> >The release candidate is a zip archive of the sources in:
>> >> >
>> >> >https://git-wip-us.apache.org/repos/asf/knox.git
>> >> >Branch v0.9.0 (git checkout -b v0.9.0)
>> >> >
>> >> >The KEYS file for signature validation is available at:
>> >> >https://dist.apache.org/repos/dist/release/knox/KEYS
>> >> >
>> >> >The driving usecases for the 0.9.0 release have been defined as the
>> >> >following:
>> >> >1. SSO participation by applications like Ranger and Ambari while
>>being
>> >> >proxied through the gateway.
>> >> >2. Authentication natively done by Ranger and Ambari applications
>>while
>> >> >being proxied through Knox.
>> >> >3. the usecase of a custom application like the Knoxplorer sample
>>can
>> >>now
>> >> >be hosted by Knox and this needs to be covered and tested with
>>KnoxSSO.
>> >> >4. Default Knox authentication with form based application as
>>KnoxSSO
>> >>IDP.
>> >> >5. any additional API support and various features and improvements.
>> >> >
>> >> >For testing KnoxSSO for Ambari with Default IDP (form-based
>> >> authentication):
>> >> >
>> >>
>> >>
>> 
>>https://cwiki.apache.org/confluence/display/KNOX/Ambari+via+KnoxSSO+and+D
>> >>efault+IDP
>> >> >
>> >> >For testing new applications that are hosted on Knox and consuming
>> >>Hadoop
>> >> >REST APIs with KnoxSSO:
>> >> >https://github.com/lmccay/knoxplorer2
>> >> >
>> >> >
>> >> >Please vote on releasing this package as Apache Knox 0.9.0.
>> >> >The vote is open for the next 72 hours and passes if a majority of
>>at
>> >> >least three +1 Apache Knox PMC votes are cast.
>> >> >
>> >> >[ ] +1 Release this package as Apache Knox 0.9.0
>> >> >[ ] -1 Do not release this package because...
>> >> >
>> >> >
>> >> >thanks,
>> >> >
>> >> >--larry
>> >>
>>
>>

Re: [VOTE] Release Apache Knox v0.9.0

[larry mccay <lm...@apache.org>]

Very well - here are my test results:

+1

* verified signatures
* built from source and ran unit tests
* ran samples for HBase, WebHDFS, WebHCat/templeton, Hive
* manually tested form-based authentication provider for KnoxSSO with Ambari
* manually tested form-based authentication provider for KnoxSSO for Knox
hosted applications
* manually tested SAML 2 IDP (Okta) for KnoxSSO with Ambari
* manually tested SAML 2 IDP (Okta) for KnoxSSO for Knox hosted applications
* tested webhdfs and webhcat from node.js based CLI

Unless Kevin has some reservation about releasing 0.9.0 with KNOX-711
outstanding, we will move forward.


On Wed, Apr 20, 2016 at 9:51 AM, Sumit Gupta <su...@hortonworks.com>
wrote:

> Sorry I thought I sent my +1 for the release last night. In any case, my
> release testing has also gone well for this RC. I agree with you that we
> should go ahead with 0.9.0 release and address UI proxying issues for the
> various UIs that we now support in a 0.9.1 release. There are a few issues
> I see in JIRA related to UI proxying but they could all be related to
> KNOX-711. But certainly along with KNOX-711 we should get in a fix for
> https://issues.apache.org/jira/browse/KNOX-705 in a follow on release.
>
> Sumit.
>
> On 4/20/16, 9:06 AM, "larry mccay" <lm...@apache.org> wrote:
>
> >My release testing has gone well but before I provide my +1 for this rc, I
> >would like to discuss an issue [1] that has come to light.
> >This issue primarily affects UI proxying but could theoretically affect
> >service definitions as well.
> >Given that there is a workaround of deploying separate topologies to avoid
> >overlapping rewrite rule matching patterns, I propose that we address this
> >issue in a narrowly scoped 0.9.1 release and document it as a limitation
> >for 0.9.0.
> >
> >What are your thoughts?
> >
> >1. https://issues.apache.org/jira/browse/KNOX-711
> >
> >
> >On Thu, Apr 14, 2016 at 2:41 PM, Kevin Minder
> ><ke...@hortonworks.com>
> >wrote:
> >
> >> +1 (binding)
> >>
> >> * Verified signatures
> >> * Built from source and ran/passed all unit tests
> >> * Ran Groovy samples for WebHDFS, WebHCat, Oozie, HBase
> >> * Basic testing of HiveServer2 support via JDBC Driver based client
> >> * Basic testing of KnoxSSO with Default Knox IDP using Ambari
> >> * Basic testing of Ambari UI Proxy support
> >> * Basic testing of KnoxSSO+DefaultIdP+AmbariUIProxy
> >>
> >>
> >>
> >> On 4/14/16, 8:53 AM, "larry mccay" <lm...@apache.org> wrote:
> >>
> >> >All -
> >> >
> >> >A new candidate (rc4) for the Apache Knox 0.9.0 release is available
> >>at:
> >> >
> >> >https://dist.apache.org/repos/dist/dev/knox/knox-0.9.0/
> >> >
> >> >The release candidate is a zip archive of the sources in:
> >> >
> >> >https://git-wip-us.apache.org/repos/asf/knox.git
> >> >Branch v0.9.0 (git checkout -b v0.9.0)
> >> >
> >> >The KEYS file for signature validation is available at:
> >> >https://dist.apache.org/repos/dist/release/knox/KEYS
> >> >
> >> >The driving usecases for the 0.9.0 release have been defined as the
> >> >following:
> >> >1. SSO participation by applications like Ranger and Ambari while being
> >> >proxied through the gateway.
> >> >2. Authentication natively done by Ranger and Ambari applications while
> >> >being proxied through Knox.
> >> >3. the usecase of a custom application like the Knoxplorer sample can
> >>now
> >> >be hosted by Knox and this needs to be covered and tested with KnoxSSO.
> >> >4. Default Knox authentication with form based application as KnoxSSO
> >>IDP.
> >> >5. any additional API support and various features and improvements.
> >> >
> >> >For testing KnoxSSO for Ambari with Default IDP (form-based
> >> authentication):
> >> >
> >>
> >>
> https://cwiki.apache.org/confluence/display/KNOX/Ambari+via+KnoxSSO+and+D
> >>efault+IDP
> >> >
> >> >For testing new applications that are hosted on Knox and consuming
> >>Hadoop
> >> >REST APIs with KnoxSSO:
> >> >https://github.com/lmccay/knoxplorer2
> >> >
> >> >
> >> >Please vote on releasing this package as Apache Knox 0.9.0.
> >> >The vote is open for the next 72 hours and passes if a majority of at
> >> >least three +1 Apache Knox PMC votes are cast.
> >> >
> >> >[ ] +1 Release this package as Apache Knox 0.9.0
> >> >[ ] -1 Do not release this package because...
> >> >
> >> >
> >> >thanks,
> >> >
> >> >--larry
> >>
>
>

Re: [VOTE] Release Apache Knox v0.9.0

[Sumit Gupta <su...@hortonworks.com>]

Sorry I thought I sent my +1 for the release last night. In any case, my
release testing has also gone well for this RC. I agree with you that we
should go ahead with 0.9.0 release and address UI proxying issues for the
various UIs that we now support in a 0.9.1 release. There are a few issues
I see in JIRA related to UI proxying but they could all be related to
KNOX-711. But certainly along with KNOX-711 we should get in a fix for
https://issues.apache.org/jira/browse/KNOX-705 in a follow on release.

Sumit. 

On 4/20/16, 9:06 AM, "larry mccay" <lm...@apache.org> wrote:

>My release testing has gone well but before I provide my +1 for this rc, I
>would like to discuss an issue [1] that has come to light.
>This issue primarily affects UI proxying but could theoretically affect
>service definitions as well.
>Given that there is a workaround of deploying separate topologies to avoid
>overlapping rewrite rule matching patterns, I propose that we address this
>issue in a narrowly scoped 0.9.1 release and document it as a limitation
>for 0.9.0.
>
>What are your thoughts?
>
>1. https://issues.apache.org/jira/browse/KNOX-711
>
>
>On Thu, Apr 14, 2016 at 2:41 PM, Kevin Minder
><ke...@hortonworks.com>
>wrote:
>
>> +1 (binding)
>>
>> * Verified signatures
>> * Built from source and ran/passed all unit tests
>> * Ran Groovy samples for WebHDFS, WebHCat, Oozie, HBase
>> * Basic testing of HiveServer2 support via JDBC Driver based client
>> * Basic testing of KnoxSSO with Default Knox IDP using Ambari
>> * Basic testing of Ambari UI Proxy support
>> * Basic testing of KnoxSSO+DefaultIdP+AmbariUIProxy
>>
>>
>>
>> On 4/14/16, 8:53 AM, "larry mccay" <lm...@apache.org> wrote:
>>
>> >All -
>> >
>> >A new candidate (rc4) for the Apache Knox 0.9.0 release is available
>>at:
>> >
>> >https://dist.apache.org/repos/dist/dev/knox/knox-0.9.0/
>> >
>> >The release candidate is a zip archive of the sources in:
>> >
>> >https://git-wip-us.apache.org/repos/asf/knox.git
>> >Branch v0.9.0 (git checkout -b v0.9.0)
>> >
>> >The KEYS file for signature validation is available at:
>> >https://dist.apache.org/repos/dist/release/knox/KEYS
>> >
>> >The driving usecases for the 0.9.0 release have been defined as the
>> >following:
>> >1. SSO participation by applications like Ranger and Ambari while being
>> >proxied through the gateway.
>> >2. Authentication natively done by Ranger and Ambari applications while
>> >being proxied through Knox.
>> >3. the usecase of a custom application like the Knoxplorer sample can
>>now
>> >be hosted by Knox and this needs to be covered and tested with KnoxSSO.
>> >4. Default Knox authentication with form based application as KnoxSSO
>>IDP.
>> >5. any additional API support and various features and improvements.
>> >
>> >For testing KnoxSSO for Ambari with Default IDP (form-based
>> authentication):
>> >
>> 
>>https://cwiki.apache.org/confluence/display/KNOX/Ambari+via+KnoxSSO+and+D
>>efault+IDP
>> >
>> >For testing new applications that are hosted on Knox and consuming
>>Hadoop
>> >REST APIs with KnoxSSO:
>> >https://github.com/lmccay/knoxplorer2
>> >
>> >
>> >Please vote on releasing this package as Apache Knox 0.9.0.
>> >The vote is open for the next 72 hours and passes if a majority of at
>> >least three +1 Apache Knox PMC votes are cast.
>> >
>> >[ ] +1 Release this package as Apache Knox 0.9.0
>> >[ ] -1 Do not release this package because...
>> >
>> >
>> >thanks,
>> >
>> >--larry
>>

Re: [VOTE] Release Apache Knox v0.9.0

[larry mccay <lm...@apache.org>]

My release testing has gone well but before I provide my +1 for this rc, I
would like to discuss an issue [1] that has come to light.
This issue primarily affects UI proxying but could theoretically affect
service definitions as well.
Given that there is a workaround of deploying separate topologies to avoid
overlapping rewrite rule matching patterns, I propose that we address this
issue in a narrowly scoped 0.9.1 release and document it as a limitation
for 0.9.0.

What are your thoughts?

1. https://issues.apache.org/jira/browse/KNOX-711


On Thu, Apr 14, 2016 at 2:41 PM, Kevin Minder <ke...@hortonworks.com>
wrote:

> +1 (binding)
>
> * Verified signatures
> * Built from source and ran/passed all unit tests
> * Ran Groovy samples for WebHDFS, WebHCat, Oozie, HBase
> * Basic testing of HiveServer2 support via JDBC Driver based client
> * Basic testing of KnoxSSO with Default Knox IDP using Ambari
> * Basic testing of Ambari UI Proxy support
> * Basic testing of KnoxSSO+DefaultIdP+AmbariUIProxy
>
>
>
> On 4/14/16, 8:53 AM, "larry mccay" <lm...@apache.org> wrote:
>
> >All -
> >
> >A new candidate (rc4) for the Apache Knox 0.9.0 release is available at:
> >
> >https://dist.apache.org/repos/dist/dev/knox/knox-0.9.0/
> >
> >The release candidate is a zip archive of the sources in:
> >
> >https://git-wip-us.apache.org/repos/asf/knox.git
> >Branch v0.9.0 (git checkout -b v0.9.0)
> >
> >The KEYS file for signature validation is available at:
> >https://dist.apache.org/repos/dist/release/knox/KEYS
> >
> >The driving usecases for the 0.9.0 release have been defined as the
> >following:
> >1. SSO participation by applications like Ranger and Ambari while being
> >proxied through the gateway.
> >2. Authentication natively done by Ranger and Ambari applications while
> >being proxied through Knox.
> >3. the usecase of a custom application like the Knoxplorer sample can now
> >be hosted by Knox and this needs to be covered and tested with KnoxSSO.
> >4. Default Knox authentication with form based application as KnoxSSO IDP.
> >5. any additional API support and various features and improvements.
> >
> >For testing KnoxSSO for Ambari with Default IDP (form-based
> authentication):
> >
> https://cwiki.apache.org/confluence/display/KNOX/Ambari+via+KnoxSSO+and+Default+IDP
> >
> >For testing new applications that are hosted on Knox and consuming Hadoop
> >REST APIs with KnoxSSO:
> >https://github.com/lmccay/knoxplorer2
> >
> >
> >Please vote on releasing this package as Apache Knox 0.9.0.
> >The vote is open for the next 72 hours and passes if a majority of at
> >least three +1 Apache Knox PMC votes are cast.
> >
> >[ ] +1 Release this package as Apache Knox 0.9.0
> >[ ] -1 Do not release this package because...
> >
> >
> >thanks,
> >
> >--larry
>

Re: [VOTE] Release Apache Knox v0.9.0

[Kevin Minder <ke...@hortonworks.com>]

+1 (binding)

* Verified signatures
* Built from source and ran/passed all unit tests
* Ran Groovy samples for WebHDFS, WebHCat, Oozie, HBase
* Basic testing of HiveServer2 support via JDBC Driver based client
* Basic testing of KnoxSSO with Default Knox IDP using Ambari
* Basic testing of Ambari UI Proxy support
* Basic testing of KnoxSSO+DefaultIdP+AmbariUIProxy



On 4/14/16, 8:53 AM, "larry mccay" <lm...@apache.org> wrote:

>All -
>
>A new candidate (rc4) for the Apache Knox 0.9.0 release is available at:
>
>https://dist.apache.org/repos/dist/dev/knox/knox-0.9.0/
>
>The release candidate is a zip archive of the sources in:
>
>https://git-wip-us.apache.org/repos/asf/knox.git
>Branch v0.9.0 (git checkout -b v0.9.0)
>
>The KEYS file for signature validation is available at:
>https://dist.apache.org/repos/dist/release/knox/KEYS
>
>The driving usecases for the 0.9.0 release have been defined as the
>following:
>1. SSO participation by applications like Ranger and Ambari while being
>proxied through the gateway.
>2. Authentication natively done by Ranger and Ambari applications while
>being proxied through Knox.
>3. the usecase of a custom application like the Knoxplorer sample can now
>be hosted by Knox and this needs to be covered and tested with KnoxSSO.
>4. Default Knox authentication with form based application as KnoxSSO IDP.
>5. any additional API support and various features and improvements.
>
>For testing KnoxSSO for Ambari with Default IDP (form-based authentication):
>https://cwiki.apache.org/confluence/display/KNOX/Ambari+via+KnoxSSO+and+Default+IDP
>
>For testing new applications that are hosted on Knox and consuming Hadoop
>REST APIs with KnoxSSO:
>https://github.com/lmccay/knoxplorer2
>
>
>Please vote on releasing this package as Apache Knox 0.9.0.
>The vote is open for the next 72 hours and passes if a majority of at
>least three +1 Apache Knox PMC votes are cast.
>
>[ ] +1 Release this package as Apache Knox 0.9.0
>[ ] -1 Do not release this package because...
>
>
>thanks,
>
>--larry