[DISCUSS] Promote RC2 (515) to 1.0.0 GA

Matt Hogstrom

Update on 1.0.0 and the security managers TSS and ACF2.  Working with Mark and Joe we discovered some inconsistencies in the doc which led to an incorrect definition of a security resource.  Good news, worked like a champ, permission denied.  Once  corrected, comms between ZSS and ZWESIS01 was functional.  

Mark is going to complete some tests in the morning with some the security folks on his team and give us his vote.  I’ll hold mine until then but its looking good.  The first one is always the hardest.

Thanks to Joe and Mark … if I needed to storm the gates of hell armed only with squirt guns, I’d go with these guys.

Talk to you tomorrow.

Matt Hogstrom
PGP Key: 0x90ECB270
Facebook  LinkedIn  Twitter

I’m like so hyper-organized it just “looks” like confusion to the un-trained eye.  - Hogstrom

On Feb 7, 2019, at 3:23 PM, Matt Hogstrom <matt@...> wrote:


I don’t think it holds up 1.0.0 but it highlights the need for a diverse set of systems that we can test on that have RACF / TSS and ACF2.  (Three separate systems of course).   I’ve also seen that we have some users that are sh users and others use bash which I think also accounts for variances in install and configuration experience.  

Independent of the 1.0.0 vote, I’d suggest that we can create two additional z/OS instances on River for now with the two additional being a TSS instance and the other being ACF2.  We can restrict access to the instances as needed.  Going forward, we need to begin an installation smoke test across the three environments.  Working for IBM I do not work on RACF and am somewhat indifferent to the security managers apart from ensuring that we have a good install experience and would offer to help.  

I do a lot of sysadmin and would be happy to help out.  Something that perhaps you and JeanLouis can discuss.  I’m not an ACF2 expert by any stretch but I did some systems programming work using it when I was a customer.  Please PM me if you prefer to discuss in that venue.

Let me know how I can help.

Matt Hogstrom
PGP Key: 0x90ECB270
Facebook  LinkedIn  Twitter

“It may be cognitive, but, it ain’t intuitive."
— Hogstrom

On Feb 7, 2019, at 3:11 PM, Mark.Ackert via Lists.Openmainframeproject.Org <Mark.Ackert=broadcom.com@...> wrote:

No vote yet, but I want to expand on current ACF2/TSS status in relation to 1.0.0:

Since ZSS now requires SAF security definitions as part of the install, there are some gaps with respect to TSS and ACF2 systems.
1. Automated install only fully supports RACF. ACF2/TSS sites will not install smoothly like RACF; it will fail on ZSS server install. 
2. ZSS Manual install documentation is probably in need of a partial rewrite based on my experience with it in last 24 hours, and we critically need to add TSS/ACF2 commands so those users can install Zowe at all.

The question I have is - are these gaps show-stoppers for 1.0? Do we have any users running TSS/ACF2 that want to run with Zowe 1.0.0 right away?

My current expectation for remediation is:

1. Immediately improve documentation for manual install with ACF2/TSS securities. This can be done on a seperate lifecycle from the Zowe PAX & 1.0.0, since nothing will need ot change in binaries to support manual documentation. I expect to complete a manual install within a business day or two, and will use that experience to update the manual doc.

2. Target Zowe 1.0.1 in ~3-4 weeks to add TSS/ACF2 automation in install scripts. 


On Thu, Feb 7, 2019 at 2:38 PM Matt Hogstrom <matt@...> wrote:
ZLC member votes are binding, the community is encouraged and welcome to provide their votes as well. 

+1 you have reviewed the source release and tested the binary build and support moving RC2 to GA status

0 you have no opinion

-1 Do not release (please provide rationale

Matt Hogstrom
PGP Key: 0x90ECB270

"Aut Inveniam Viam Aut Faciam" translated -
"I shall either find a way or make one."

The phrase has been attributed to Hannibal; when his generals told him it was impossible to cross the Alps by elephant,