You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by km...@apache.org on 2013/03/27 15:33:55 UTC
svn commit: r1461609 [2/2] - in /incubator/knox: site/ trunk/ trunk/src/
trunk/src/site/ trunk/src/site/markdown/ trunk/src/site/resources/
trunk/src/site/resources/images/
Added: incubator/knox/trunk/src/site/markdown/getting-started.md.vm
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/markdown/getting-started.md.vm?rev=1461609&view=auto
==============================================================================
--- incubator/knox/trunk/src/site/markdown/getting-started.md.vm (added)
+++ incubator/knox/trunk/src/site/markdown/getting-started.md.vm Wed Mar 27 14:33:54 2013
@@ -0,0 +1,364 @@
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+------------------------------------------------------------------------------
+Apache Knox Gateway - Getting Started
+------------------------------------------------------------------------------
+This guide describes the steps required to install, deploy and validate the
+Apache Knox Gateway.
+
+------------------------------------------------------------------------------
+Requirements
+------------------------------------------------------------------------------
+The following prerequisites must be installed to successfully complete the
+steps described in this guide.
+
+${HHH} Java
+Java 1.6 or later
+
+${HHH} Hadoop
+A local installation of a Hadoop Cluster is required at this time.
+Hadoop EC2 cluster and/or Sandbox installations are currently difficult
+to access remotely via the Gateway. The EC2 and Sandbox limitation is
+caused by Hadoop services running with internal IP addresses. For the
+Gateway to work in these cases it will need to be deployed on the EC2
+cluster or Sandbox, at this time.
+
+The instructions that follow assume that the Gateway is *not* collocated
+with the Hadoop clusters themselves and (most importantly) that the
+hostnames and IP addresses of the cluster services are accessible by the
+gateway where ever it happens to be running.
+
+The Hadoop cluster should be ensured to have WebHDFS, WebHCat
+(i.e. Templeton) and Oozie configured, deployed and running.
+
+This release of the Apache Knox Gateway has been tested against the
+[Hortonworks Sandbox 1.2][hsb] with [these changes][sb].
+
+[hsb]: http://hortonworks.com/products/hortonworks-sandbox/
+[sb]: sandbox.html
+
+------------------------------------------------------------------------------
+Installation
+------------------------------------------------------------------------------
+${HHH} 1. Extract the distribution ZIP
+
+Download and extract the gateway-${gateway-version}.zip file into the
+installation directory that will contain your `{GATEWAY_HOME}`
+
+ jar xf gateway-${gateway-version}.zip
+
+This will create a directory `gateway-${gateway-version}` in your current
+directory.
+
+${HHH} 2. Enter the `{GATEWAY_HOME}` directory
+
+ cd gateway-${gateway-version}
+
+The fully qualified name of this directory will be referenced as
+`{GATEWAY_HOME}` throughout the remainder of this document.
+
+${HHH} 3. Start the demo LDAP server (ApacheDS)
+
+First, understand that the LDAP server provided here is for demonstration
+purposes. You may configure the LDAP specifics within the topology
+descriptor for the cluster as described in step 5 below, in order to
+customize what LDAP instance to use. The assumption is that most users
+will leverage the demo LDAP server while evaluating this release and should
+therefore continue with the instructions here in step 3.
+
+Edit `{GATEWAY_HOME}/conf/users.ldif` if required and add your users and
+groups to the file. A number of normal Hadoop users
+(e.g. hdfs, mapred, hcat, hive) have already been included. Note that
+the passwords in this file are "fictitious" and have nothing to do with
+the actual accounts on the Hadoop cluster you are using. There is also
+a copy of this file in the templates directory that you can use to start
+over if necessary.
+
+Start the LDAP server - pointing it to the config dir where it will find
+the users.ldif file in the conf directory.
+
+ java -jar bin/ldap.jar conf &
+
+There are a number of log messages of the form `Created null.` that can
+safely be ignored. Take note of the port on which it was started as this
+needs to match later configuration. This will create a directory named
+'org.apache.hadoop.gateway.security.EmbeddedApacheDirectoryServer' that
+can safely be ignored.
+
+${HHH} 4. Start the Gateway server
+
+ java -jar bin/server.jar
+
+Take note of the port identified in the logging output as you will need this
+for accessing the gateway.
+
+The server will prompt you for the master secret (password). This secret is
+used to secure artifacts used to secure artifacts used by the gateway server
+for things like SSL, credential/password aliasing. This secret will have to
+be entered at startup unless you choose to persist it. Remember this secret
+and keep it safe. It represents the keys to the kingdom. See the Persisting
+the Master section for more information.
+
+${HHH} 5. Configure the Gateway with the topology of your Hadoop cluster
+Edit the file `{GATEWAY_HOME}/deployments/sample.xml`
+
+Change the host and port in the urls of the `<service>` elements for
+NAMENODE, TEMPLETON and OOZIE services to match your Hadoop cluster
+deployment.
+
+The default configuration contains the LDAP URL for a LDAP server. By
+default that file is configured to access the demo ApacheDS based LDAP
+server and its default configuration. By default, this server listens on
+port 33389. Optionally, you can change the LDAP URL for the LDAP server
+to be used for authentication. This is set via the
+main.ldapRealm.contextFactory.url property in the
+`<gateway><provider><authentication>` section.
+
+Save the file. The directory {GATEWAY_HOME}/deployments is monitored
+by the Gateway server and reacts to the discovery of a new or changed
+cluster topology descriptor by provisioning the endpoints and required
+filter chains to serve the needs of each cluster as described by the
+topology file. Note that the name of the file excluding the extension
+is also used as the path for that cluster in the URL. So for example
+the sample.xml file will result in Gateway URLs of the form
+`http://{gateway-host}:{gateway-port}/gateway/sample/namenode/api/v1`
+
+${HHH} 6. Test the installation and configuration of your Gateway
+Invoke the LISTSATUS operation on HDFS represented by your configured
+NAMENODE by using your web browser or curl:
+
+ curl -i -k -u hdfs:hdfs-password -X GET \
+ 'https://localhost:8443/gateway/sample/namenode/api/v1/?op=LISTSTATUS'
+
+The results of the above command should result in something to along the
+lines of the output below. The exact information returned is subject to
+the content within HDFS in your Hadoop cluster.
+
+ HTTP/1.1 200 OK
+ Content-Type: application/json
+ Content-Length: 760
+ Server: Jetty(6.1.26)
+
+ {"FileStatuses":{"FileStatus":[
+ {"accessTime":0,"blockSize":0,"group":"hdfs","length":0,"modificationTime":1350595859762,"owner":"hdfs","pathSuffix":"apps","permission":"755","replication":0,"type":"DIRECTORY"},
+ {"accessTime":0,"blockSize":0,"group":"mapred","length":0,"modificationTime":1350595874024,"owner":"mapred","pathSuffix":"mapred","permission":"755","replication":0,"type":"DIRECTORY"},
+ {"accessTime":0,"blockSize":0,"group":"hdfs","length":0,"modificationTime":1350596040075,"owner":"hdfs","pathSuffix":"tmp","permission":"777","replication":0,"type":"DIRECTORY"},
+ {"accessTime":0,"blockSize":0,"group":"hdfs","length":0,"modificationTime":1350595857178,"owner":"hdfs","pathSuffix":"user","permission":"755","replication":0,"type":"DIRECTORY"}
+ ]}}
+
+For additional information on WebHDFS, Templeton/WebHCat and Oozie
+REST APIs, see the following URLs respectively:
+
+* WebHDFS - http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/WebHDFS.html
+* Templeton/WebHCat - http://people.apache.org/~thejas/templeton_doc_v1/
+* Oozie - http://oozie.apache.org/docs/3.3.1/WebServicesAPI.html
+
+------------------------------------------------------------------------------
+Examples
+------------------------------------------------------------------------------
+More examples can be found [here](/examples.html).
+
+------------------------------------------------------------------------------
+Persisting the Master Secret
+------------------------------------------------------------------------------
+The master secret is required to start the server. This secret is used to
+access secured artifacts by the gateway instance. Keystore, trust stores and
+credential stores are all protected with the master secret.
+
+You may persist the master secret by supplying the *-persist-master* switch at
+startup. This will result in a warning indicating that persisting the secret
+is less secure than providing it at startup. We do make some provisions in
+order to protect the persisted password.
+
+It is encrypted with AES 128 bit encryption and where possible the file
+permissions are set to only be accessable by the user that the gateway is
+running as.
+
+After persisting the secret, ensure that the file at config/security/master
+has the appropriate permissions set for your environment. This is probably
+the most important layer of defense for master secret. Do not assume that
+the encryption if sufficient protection.
+
+A specific user should be created to run the gateway this will protect a
+persisted master file.
+
+------------------------------------------------------------------------------
+Management of Security Artifacts
+------------------------------------------------------------------------------
+There are a number of artifacts that are used by the gateway in ensuring the
+security of wire level communications, access to protected resources and the
+encryption of sensitive data. These artifacts can be managed from outside of
+the gateway instances or generated and populated by the gateway instance
+itself.
+
+The following is a description of how this is coordinated with both standalone
+(development, demo, etc) gateway instances and instances as part of a cluster
+of gateways in mind.
+
+Upon start of the gateway server we:
+
+1. Look for an identity store at conf/security/keystores/gateway.jks. The
+identity store contains the certificate and private key used to represent the
+identity of the server for SSL connections and signature creation.
+
+ * If there is no identity store we create one and generate a self-signed
+ certificate for use in standalone/demo mode. The certificate is stored
+ with an alias of gateway-identity.
+ * If there is an identity store found than we ensure that it can be loaded
+ using the provided master secret and that there is an alias with called
+ gateway-identity.
+
+2. Look for a credential store at
+ `conf/security/keystores/__gateway-credentials.jceks`. This credential
+ store is used to store secrets/passwords that are used by the gateway.
+ For instance, this is where the pass-phrase for accessing the
+ gateway-identity certificate is kept.
+
+ * If there is no credential store found then we create one and populate it
+ with a generated pass-phrase for the alias `gateway-identity-passphrase`.
+ This is coordinated with the population of the self-signed cert into the
+ identity-store.
+ * If a credential store is found then we ensure that it can be loaded using
+ the provided master secret and that the expected aliases have been
+ populated with secrets.
+
+Upon deployment of a Hadoop cluster topology within the gateway we:
+
+1. Look for a credential store for the topology. For instance, we have a
+ sample topology that gets deployed out of the box. We look for
+ `conf/security/keystores/sample-credentials.jceks`. This topology specific
+ credential store is used for storing secrets/passwords that are used for
+ encrypting sensitive data with topology specific keys.
+
+ * If no credential store is found for the topology being deployed then
+ one is created for it. Population of the aliases is delegated to the
+ configured providers within the system that will require the use of a
+ secret for a particular task. They may programmatic set the value
+ of the secret or choose to have the value for the specified alias
+ generated through the AliasService.
+ * If a credential store is found then we ensure that it can be loaded
+ with the provided master secret and the configured providers have the
+ opportunity to ensure that the aliases are populated and if not to
+ populate them.
+
+By leveraging the algorithm described above we can provide a window of
+opportunity for management of these artifacts in a number of ways.
+
+1. Using a single gateway instance as a master instance the artifacts can be
+ generated or placed into the expected location and then replicated across
+ all of the slave instances before startup.
+2. Using an NFS mount as a central location for the artifacts would provide
+ a single source of truth without the need to replicate them over the
+ network. Of course, NFS mounts have their own challenges.
+
+Summary of Secrets to be Managed:
+
+1. Master secret - the same for all gateway instances in a cluster of gateways
+2. All security related artifacts are protected with the master secret
+3. Secrets used by the gateway itself are stored within the gateway credential
+ store and are the same across all gateway instances in the cluster of
+ gateways
+4. Secrets used by providers within cluster topologies are stored in topology
+ specific credential stores and are the same for the same topology across
+ the cluster of gateway instances. However, they are specific to the
+ topology - so secrets for one hadoop cluster are different from those of
+ another. This allows for fail-over from one gateway instance to another
+ even when encryption is being used while not allowing the compromise of one
+ encryption key to expose the data for all clusters.
+
+NOTE: the SSL certificate will need special consideration depending on the
+type of certificate. Wildcard certs may be able to be shared across all
+gateway instances in a cluster. When certs are dedicated to specific machines
+the gateway identity store will not be able to be blindly replicated as
+hostname verification problems will ensue. Obviously, trust-stores will need
+to be taken into account as well.
+
+------------------------------------------------------------------------------
+Mapping Gateway URLs to Hadoop cluster URLs
+------------------------------------------------------------------------------
+The Gateway functions much like a reverse proxy. As such it maintains a
+mapping of URLs that are exposed externally by the Gateway to URLs that are
+provided by the Hadoop cluster. Examples of mappings for the NameNode and
+Templeton are shown below. These mapping are generated from the combination
+of the Gateway configuration file (i.e. {GATEWAY_HOME}/gateway-site.xml)
+and the cluster topology descriptors
+(e.g. {GATEWAY_HOME}/deployments/{cluster-name}.xml).
+
+* HDFS (NameNode)
+ * Gateway: `http://{gateway-host}:{gateway-port}/{gateway-path}/{cluster-name}/namenode/api/v1`
+ * Cluster: `http://{namenode-host}:50070/webhdfs/v1`
+* WebHCat (Templeton)
+ * Gateway: `http://{gateway-host}:{gateway-port}/{gateway-path}/{cluster-name}/templeton/api/v1`
+ * Cluster: `http://{templeton-host}:50111/templeton/v1`
+* Oozie
+ * Gateway: `http://{gateway-host}:{gateway-port}/{gateway-path}/{cluster-name}/oozie/api/v1`
+ * Cluster: `http://{templeton-host}:11000/oozie/v1`
+
+The values for `{gateway-host}`, `{gateway-port}`, `{gateway-path}` are
+provided via the Gateway configuration file
+(i.e. `{GATEWAY_HOME}/gateway-site.xml`).
+
+The value for `{cluster-name}` is derived from the name of the cluster
+topology descriptor (e.g. `{GATEWAY_HOME}/deployments/{cluster-name}.xml`).
+
+The value for `{namenode-host}` and `{templeton-host}` is provided via the
+cluster topology descriptor
+(e.g. `{GATEWAY_HOME}/deployments/{cluster-name}.xml`).
+
+Note: The ports 50070, 50111 and 11000 are the defaults for NameNode,
+ Templeton and Oozie respectively. Their values can also be provided via
+ the cluster topology descriptor if your Hadoop cluster uses different
+ ports.
+
+------------------------------------------------------------------------------
+Enabling logging
+------------------------------------------------------------------------------
+If necessary you can enable additional logging by editing the
+`log4j.properties` file in the `conf` directory. Changing the rootLogger
+value from `ERROR` to `DEBUG` will generate a large amount of debug logging.
+A number of useful, more fine loggers are also provided in the file.
+
+------------------------------------------------------------------------------
+Filing bugs
+------------------------------------------------------------------------------
+Currently we do not have Jira setup for Knox. Therefore if you find an issue
+please send an email to the Knox user list (user AT knox.incubator.apache.org)
+with a subject prefix of [BUG] describing the issue. Please include the
+results of this command in the email.
+
+ java -jar bin/server.jar -version
+
+in the Environment section. Also include the version of Hadoop being used.
+
+One we have Jira setup the email archive will be reviewed and Jira issues
+created for each bug.
+
+------------------------------------------------------------------------------
+Disclaimer
+------------------------------------------------------------------------------
+The Apache Knox Gateway is an effort undergoing incubation at the
+Apache Software Foundation (ASF), sponsored by the Apache Incubator PMC.
+
+Incubation is required of all newly accepted projects until a further review
+indicates that the infrastructure, communications, and decision making process
+have stabilized in a manner consistent with other successful ASF projects.
+
+While incubation status is not necessarily a reflection of the completeness
+or stability of the code, it does indicate that the project has yet to be
+fully endorsed by the ASF.
+
Added: incubator/knox/trunk/src/site/markdown/index.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/markdown/index.md?rev=1461609&view=auto
==============================================================================
--- incubator/knox/trunk/src/site/markdown/index.md (added)
+++ incubator/knox/trunk/src/site/markdown/index.md Wed Mar 27 14:33:54 2013
@@ -0,0 +1,36 @@
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+Introduction
+------------
+The charter for the Apache Knox Gateway project is to simplify and normalize
+the deployment and implementation of secure Hadoop clusters as well as be
+a central access point for the service specific REST APIs exposed from
+within the Hadoop clusters.
+
+Disclaimer
+----------
+The Apache Knox Gateway is an effort undergoing incubation at the
+Apache Software Foundation (ASF), sponsored by the Apache Incubator PMC.
+
+Incubation is required of all newly accepted projects until a further review
+indicates that the infrastructure, communications, and decision making process
+have stabilized in a manner consistent with other successful ASF projects.
+
+While incubation status is not necessarily a reflection of the completeness
+or stability of the code, it does indicate that the project has yet to be
+fully endorsed by the ASF.
\ No newline at end of file
Added: incubator/knox/trunk/src/site/markdown/news.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/markdown/news.md?rev=1461609&view=auto
==============================================================================
--- incubator/knox/trunk/src/site/markdown/news.md (added)
+++ incubator/knox/trunk/src/site/markdown/news.md Wed Mar 27 14:33:54 2013
@@ -0,0 +1,34 @@
+<!---
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+2013-03-05
+----------
+Started creating the site.
+
+Disclaimer
+----------
+The Apache Knox Gateway is an effort undergoing incubation at the
+Apache Software Foundation (ASF), sponsored by the Apache Incubator PMC.
+
+Incubation is required of all newly accepted projects until a further review
+indicates that the infrastructure, communications, and decision making process
+have stabilized in a manner consistent with other successful ASF projects.
+
+While incubation status is not necessarily a reflection of the completeness
+or stability of the code, it does indicate that the project has yet to be
+fully endorsed by the ASF.
\ No newline at end of file
Added: incubator/knox/trunk/src/site/markdown/privacy-policy.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/markdown/privacy-policy.md?rev=1461609&view=auto
==============================================================================
--- incubator/knox/trunk/src/site/markdown/privacy-policy.md (added)
+++ incubator/knox/trunk/src/site/markdown/privacy-policy.md Wed Mar 27 14:33:54 2013
@@ -0,0 +1,43 @@
+<!---
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+Privacy Policy
+--------------
+
+Information about your use of this website is collected using server access logs and a tracking cookie. The
+collected information consists of the following:
+
+1. The IP address from which you access the website;
+2. The type of browser and operating system you use to access our site;
+3. The date and time you access our site;
+4. The pages you visit; and
+5. The addresses of pages from where you followed a link to our site.
+
+Part of this information is gathered using a tracking cookie set by the
+[Google Analytics][1] service and handled by Google as described in their
+[privacy policy][2]. See your browser documentation for instructions on how to
+disable the cookie if you prefer not to share this data with Google.
+
+We use the gathered information to help us make our site more useful to visitors and to better understand how and
+when our site is used. We do not track or collect personally identifiable information or associate gathered data
+with any personally identifying information from other sources.
+
+By using this website, you consent to the collection of this data in the manner and for the purpose described above.
+
+[1]: http://www.google.com/analytics/
+[2]: http://www.google.com/privacy.html
\ No newline at end of file
Added: incubator/knox/trunk/src/site/markdown/release-0-2-0.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/markdown/release-0-2-0.md?rev=1461609&view=auto
==============================================================================
--- incubator/knox/trunk/src/site/markdown/release-0-2-0.md (added)
+++ incubator/knox/trunk/src/site/markdown/release-0-2-0.md Wed Mar 27 14:33:54 2013
@@ -0,0 +1,35 @@
+<!---
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+Introduction
+------------
+TODO
+
+
+Disclaimer
+----------
+The Apache Knox Gateway is an effort undergoing incubation at the
+Apache Software Foundation (ASF), sponsored by the Apache Incubator PMC.
+
+Incubation is required of all newly accepted projects until a further review
+indicates that the infrastructure, communications, and decision making process
+have stabilized in a manner consistent with other successful ASF projects.
+
+While incubation status is not necessarily a reflection of the completeness
+or stability of the code, it does indicate that the project has yet to be
+fully endorsed by the ASF.
\ No newline at end of file
Added: incubator/knox/trunk/src/site/markdown/release-process.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/markdown/release-process.md?rev=1461609&view=auto
==============================================================================
--- incubator/knox/trunk/src/site/markdown/release-process.md (added)
+++ incubator/knox/trunk/src/site/markdown/release-process.md Wed Mar 27 14:33:54 2013
@@ -0,0 +1,45 @@
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+Release Process
+---------------
+The Apache Knox Gateway is currently distributed as a single Zip file.
+Following the steps described below this Zip file will be created in the target directory.
+The following process can be used create a release build without an existing repository clone.
+
+ git clone https://git-wip-us.apache.org/repos/asf/incubator-knox.git knox
+ cd knox
+ ant release
+
+If the repository has already been cloned the following process should be used.
+
+ git pull
+ ant release
+
+
+Disclaimer
+----------
+The Apache Knox Gateway is an effort undergoing incubation at the
+Apache Software Foundation (ASF), sponsored by the Apache Incubator PMC.
+
+Incubation is required of all newly accepted projects until a further review
+indicates that the infrastructure, communications, and decision making process
+have stabilized in a manner consistent with other successful ASF projects.
+
+While incubation status is not necessarily a reflection of the completeness
+or stability of the code, it does indicate that the project has yet to be
+fully endorsed by the ASF.
\ No newline at end of file
Added: incubator/knox/trunk/src/site/markdown/roadmap-0-3-0.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/markdown/roadmap-0-3-0.md?rev=1461609&view=auto
==============================================================================
--- incubator/knox/trunk/src/site/markdown/roadmap-0-3-0.md (added)
+++ incubator/knox/trunk/src/site/markdown/roadmap-0-3-0.md Wed Mar 27 14:33:54 2013
@@ -0,0 +1,33 @@
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+Overview
+--------
+TODO: Here we will describe what we are targeting for 0.3.0
+
+Disclaimer
+----------
+The Apache Knox Gateway is an effort undergoing incubation at the
+Apache Software Foundation (ASF), sponsored by the Apache Incubator PMC.
+
+Incubation is required of all newly accepted projects until a further review
+indicates that the infrastructure, communications, and decision making process
+have stabilized in a manner consistent with other successful ASF projects.
+
+While incubation status is not necessarily a reflection of the completeness
+or stability of the code, it does indicate that the project has yet to be
+fully endorsed by the ASF.
\ No newline at end of file
Added: incubator/knox/trunk/src/site/markdown/sandbox.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/markdown/sandbox.md?rev=1461609&view=auto
==============================================================================
--- incubator/knox/trunk/src/site/markdown/sandbox.md (added)
+++ incubator/knox/trunk/src/site/markdown/sandbox.md Wed Mar 27 14:33:54 2013
@@ -0,0 +1,62 @@
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+------------------------------------------------------------------------------
+Sandbox Configuration
+------------------------------------------------------------------------------
+This version of the Apache Knox Gateway is tested against
+[Hortonworks Sandbox 1.2][sb]
+
+In order to correct the issue with Sandbox you can use the commands below
+to login to the Sandbox VM and modify the configuration. This assumes that
+the name sandbox is setup to resolve to the Sandbox VM. It may be necessary
+to use the IP address of the Sandbox VM instead. ***This is frequently but
+not always 192.168.56.101.***
+
+ ssh root@sandbox
+ cat /usr/lib/hadoop/conf/hdfs-site.xml | sed s/localhost/sandbox/ > /usr/lib/hadoop/conf/hdfs-site.xml
+ shutdown -r now
+
+In addition to make it very easy to follow along with the samples for the
+gateway you can configure your local system to resolve the address of the
+Sandbox by the names `vm` and `sandbox`.
+
+On Linux or Macintosh systems add a line like this to the end of the
+`/etc/hosts file on` your local machine, ***not the Sandbox VM***.
+*Note: That is a _tab_ character between the 192.168.56.101 and the vm.*
+
+ 192.168.56.101 vm sandbox
+
+On Windows systems a similar but different mechanism can be used. On recent
+versions of windows the file that should be modified is
+`%systemroot%\system32\drivers\etc\hosts`
+
+[sb]: http://hortonworks.com/products/hortonworks-sandbox/
+
+------------------------------------------------------------------------------
+Disclaimer
+------------------------------------------------------------------------------
+The Apache Knox Gateway is an effort undergoing incubation at the
+Apache Software Foundation (ASF), sponsored by the Apache Incubator PMC.
+
+Incubation is required of all newly accepted projects until a further review
+indicates that the infrastructure, communications, and decision making process
+have stabilized in a manner consistent with other successful ASF projects.
+
+While incubation status is not necessarily a reflection of the completeness
+or stability of the code, it does indicate that the project has yet to be
+fully endorsed by the ASF.
\ No newline at end of file
Added: incubator/knox/trunk/src/site/markdown/site-process.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/markdown/site-process.md?rev=1461609&view=auto
==============================================================================
--- incubator/knox/trunk/src/site/markdown/site-process.md (added)
+++ incubator/knox/trunk/src/site/markdown/site-process.md Wed Mar 27 14:33:54 2013
@@ -0,0 +1,42 @@
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+Apache Site Publication Process
+-------------------------------
+The following process can be used to publish the generated site to Apache without an existing repository clone.
+
+ git clone https://git-wip-us.apache.org/repos/asf/incubator-knox.git knox
+ cd knox
+ ant publish
+
+If the repository has already been cloned the following process should be used.
+
+ git pull
+ ant publish
+
+Unfortunately there are two know issues with this process.
+
+1. All files in the site are updated in Subversion even if they have not change.
+ As the site becomes larger and contains more images this may become a serious issue.
+
+2. Any renamed or removed files will result in "orphaned" files in Subversion.
+ These will need to be cleaned up explicitly.
+
+
+
+
+
Added: incubator/knox/trunk/src/site/markdown/template.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/markdown/template.md?rev=1461609&view=auto
==============================================================================
--- incubator/knox/trunk/src/site/markdown/template.md (added)
+++ incubator/knox/trunk/src/site/markdown/template.md Wed Mar 27 14:33:54 2013
@@ -0,0 +1,35 @@
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+------------------------------------------------------------------------------
+Section
+------------------------------------------------------------------------------
+
+
+------------------------------------------------------------------------------
+Disclaimer
+------------------------------------------------------------------------------
+The Apache Knox Gateway is an effort undergoing incubation at the
+Apache Software Foundation (ASF), sponsored by the Apache Incubator PMC.
+
+Incubation is required of all newly accepted projects until a further review
+indicates that the infrastructure, communications, and decision making process
+have stabilized in a manner consistent with other successful ASF projects.
+
+While incubation status is not necessarily a reflection of the completeness
+or stability of the code, it does indicate that the project has yet to be
+fully endorsed by the ASF.
\ No newline at end of file
Added: incubator/knox/trunk/src/site/resources/images/apache-incubator-logo.png
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/resources/images/apache-incubator-logo.png?rev=1461609&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/knox/trunk/src/site/resources/images/apache-incubator-logo.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/knox/trunk/src/site/resources/images/apache-logo.gif
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/resources/images/apache-logo.gif?rev=1461609&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/knox/trunk/src/site/resources/images/apache-logo.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/knox/trunk/src/site/site.xml
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/src/site/site.xml?rev=1461609&view=auto
==============================================================================
--- incubator/knox/trunk/src/site/site.xml (added)
+++ incubator/knox/trunk/src/site/site.xml Wed Mar 27 14:33:54 2013
@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<project xmlns="http://maven.apache.org/DECORATION/1.3.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/DECORATION/1.3.0 h"
+ name="Knox Gateway">
+ <!--
+ <skin>
+ <groupId>org.apache.maven.skins</groupId>
+ <artifactId>maven-stylus-skin</artifactId>
+ <version>1.5</version>
+ </skin>
+ <skin>
+ <groupId>org.apache.maven.skins</groupId>
+ <artifactId>maven-fluido-skin</artifactId>
+ <version>1.3.0</version>
+ </skin>
+ -->
+ <!--
+ <custom>
+ <fluidoSkin>
+ <topBarEnabled>false</topBarEnabled>
+ <sideBarEnabled>true</sideBarEnabled>
+ </fluidoSkin>
+ </custom>
+ -->
+ <bannerLeft>
+ <name>Knox Gateway</name>
+ <src>http://incubator.apache.org/knox/images/apache-logo.gif</src>
+ <href>http://incubator.apache.org/knox</href>
+ </bannerLeft>
+ <bannerRight>
+ <name>Apache Incubator</name>
+ <src>http://incubator.apache.org/knox/images/apache-incubator-logo.png</src>
+ <href>http://incubator.apache.org</href>
+ </bannerRight>
+
+ <publishDate position="right"/>
+ <version position="right"/>
+
+ <body>
+ <head>
+ <!-- Start of Google analytics -->
+ <!--
+ <script type="text/javascript">
+ var _gaq = _gaq || [];
+ _gaq.push(['_setAccount', 'UA-27188762-1']);
+ _gaq.push(['_trackPageview']);
+
+ (function() {
+ var ga = document.createElement('script');
+ ga.type = 'text/javascript'; ga.async = true;
+ ga.src = ('https:' == document.location.protocol ?
+ 'https://ssl' : 'http://www') +
+ '.google-analytics.com/ga.js';
+ var s = document.getElementsByTagName('script')[0];
+ s.parentNode.insertBefore(ga, s);
+ })();
+ </script>
+ -->
+ <!-- End of Google analytics -->
+ </head>
+
+ <links>
+ <item name="Git" href="https://git-wip-us.apache.org/repos/asf/incubator-knox.git" />
+ <item name="Svn" href="https://svn.apache.org/repos/asf/incubator/knox/site" />
+ <item name="Jira" href="https://issues.apache.org/jira/browse/KNOX" />
+ <item name="Wiki" href="https://cwiki.apache.org/confluence/display/KNOX/Index" />
+ </links>
+
+ <breadcrumbs>
+ <item name="Knox" href="index.html"/>
+ </breadcrumbs>
+
+ <menu name="Knox">
+ <item name="Welcome" href="index.html"/>
+ <item name="News" href="news.html"/>
+ <item name="License" href="license.html"/>
+ </menu>
+
+ <menu name="Documentation">
+ <item name="Getting Started" href="getting-started.html"/>
+ <item name="Usage Examples" href="examples.html"/>
+ <item name="Client (KnoxShell DSL)" href="client.html"/>
+ <item name="Sandbox Configuration" href="https://cwiki.apache.org/KNOX/sandbox-configuration.html"/>
+ <item name="Wiki" href="https://cwiki.apache.org/confluence/display/KNOX/Index"/>
+ </menu>
+
+ <menu name="Releases">
+ <item name="0.2.0 (coming soon)" href="release-0-2-0.html"/>
+ <item name="0.3.0 (planning)" href="roadmap-0-3-0.html"/>
+ </menu>
+
+ <menu name="Processes">
+ <item name="Build" href="build-process.html"/>
+ <item name="Release" href="release-process.html"/>
+ <item name="Contribute" href="contribute-process.html"/>
+ <item name="Site Publication" href="site-process.html"/>
+ </menu>
+
+ <menu name="Resources">
+ <item name="Source Code" href="https://git-wip-us.apache.org/repos/asf/incubator-knox.git"/>
+ <item name="Project Team" href="team-list.html"/>
+ <item name="Mailing Lists" href="mail-lists.html"/>
+ <item name="Issue Tracking" href="issue-tracking.html"/>
+ </menu>
+
+ <menu name="ASF">
+ <item name="How Apache Works" href="http://www.apache.org/foundation/how-it-works.html"/>
+ <item name="Foundation" href="http://www.apache.org/foundation/"/>
+ <item name="Sponsoring Apache" href="http://www.apache.org/foundation/sponsorship.html"/>
+ <item name="Thanks" href="http://www.apache.org/foundation/thanks.html"/>
+ </menu>
+
+ <footer>
+ <div class="row span12">
+ Apache Knox Gateway, Apache, the Apache feather logo and the Apache Knox Gateway project logos
+ are trademarks of The Apache Software Foundation.
+ All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ <div class="row span12">
+ <a href="privacy-policy.html">Privacy Policy</a>
+ </div>
+ </footer>
+
+ </body>
+</project>