Duration 90 minutes
Agenda Items | Presented by | Time | Notes/Links | JIRA Tasks | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Subcommittee Update | 30 mins | Dublin Use Cases Update
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Casablanca Maintenance Release | 30 mins | Casablanca Maintenance Release Guidelines already shared with PTLs
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Any Infrastructure Improvement/Plan | Linux Foundation | 5 mins | Any LF showstopper ONAP Helpdesk #65225, 64966 (CLM Issues) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Security Matters | 30 mins | Note: CLM and Sonar jobs run on master - should we also add casablanca versions to the ci-management yaml - ie: https://git.onap.org/ci-management/tree/jjb/logging-analytics/logging-analytics.yaml#n23 - Michael O'Brien Addressing nexus-iq server down 20181104 |
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Undercloud Security CLM/CVE | 5 mins 1:21 | A requirement to manage the CLM security of the undercloud infrastructure. Docker, Kubernetes versions Several of us cl664y@att.com Michael O'Brien Mike Elliott James MacNider ran into the new level 9 CVE on Tue https://github.com/kubernetes/kubernetes/issues/71411 According to the shared-responsibility model - the cloud provider handles physical/VM/blade security, however it is our responsibility to keep up with CVE issues in our undercloud stack (Ubuntu 16, Docker 17, Kubernetes 1.11, Helm 2.9, Rancher 1.6) |
related
(and 4 other jiras for the other installs) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
TSC Activities and Deadlines | ONAP TSC Special Election: Chaker Al-Hakim has been elected Kick-Off TSC Vice-Chair self-nomination - deadline: December 12th, 2018 Noon PST |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Incoming ONAP Events | 5 mins | ONAP Project Developers Event, Dec 10 - 12, 2018, (Virtual Webinars) Jan 8-11 - Dublin Release F2F Developer Design Forum (France): https://wiki.lfnetworking.org/pages/viewpage.action?pageId=8257579 Feel free to request your VISA: http://events.linuxfoundation.org/visa-request Submit your proposal: https://wiki.lfnetworking.org/display/LN/OPNFV-ONAP+January+2019+Session+Proposals |
Zoom Chat Log:
Anchor | ||||
---|---|---|---|---|
|
05:59:10 From Viswa KSP ( Verizon ) : #info Viswa, Verizon
05:59:44 From Alla Goldner : #Alla Goldner, Amdocs
05:59:57 From Andreas Geissler (Deutsche Telekom) : #info Andreas Geissler (DT)
06:00:22 From Yan Chen : #info Yan Chen?China Telecom
06:00:25 From Catherine Lefevre : #info, Catherine Lefevre (AT&T)
06:00:37 From Jason Hunt : #info Jason Hunt, IBM
06:00:38 From Ranny Haiby : #info Ranny Haiby, Nokia
06:00:59 From Bin Yang (Wind River) : #info Bin Yang, Wind River
06:01:08 From Eric Debeau : #info Eric Debeau, Orange
06:02:08 From Kedar Ambekar : #info proxy Kedar Ambekar, TechMahindra
06:02:48 From Alla Goldner : #info Alla Goldner, Amdocs
06:03:08 From Murat Turpcu ( Turk Telekom) : #info Murat Turpcu, Turk Telekom
06:03:38 From Catherine Lefevre : #action we are canceling meetings conflicting with V2F
06:05:04 From Gildas Lanilis : #Action schedule PTL meetig on Monday (after vF2F) at 8:00 am PST.
06:05:08 From Kenny Paul (LFN) : #topic Dublin Usecase Update
06:05:10 From Alexis de Talhouët : #info Alexis de Talhouët; Bell Canada
06:05:55 From Catherine Lefevre : #action (Kenny) add bridge for V2F
06:07:26 From John Quilty : #info John Quilty Ericsson proxy for Stephen Terrill
06:07:50 From Kenny Paul (LFN) to Alexis de Talhouët (Privately) : seen. thank you
06:07:53 From Chaker Al-Hakim : #info Chaker Al-Hakim, Huawei
06:08:04 From Kenny Paul (LFN) to John Quilty (Privately) : seen. thank you
06:08:15 From Kenny Paul (LFN) to Chaker Al-Hakim (Privately) : seen. thank you.
06:08:51 From Kenny Paul (LFN) to Murat Turpcu ( Turk Telekom) (Privately) : seen. thank you
06:11:19 From Kenny Paul (LFN) : Alla reports that usecase requirements are not likely to be available next week for VF2F
06:12:31 From Viswa KSP ( Verizon ) : Does this mean that M1 of R4 likely to get delayed ?
06:13:03 From Gildas Lanilis : @Viswa. date won't chnage
06:13:11 From Gildas Lanilis : M1 is Jan 17.
06:13:36 From Viswa KSP ( Verizon ) : Thnx Gildas
06:14:50 From NingSo : #info Ning So, Reliance Jio
06:15:02 From Kenny Paul (LFN) to NingSo (Privately) : seen. thankyou
06:15:49 From Catherine Lefevre : #action items for the subcommittees - prepare your first top 3 requirements (Use Case, Security, architecture, contriol loop and modeling)
06:17:25 From Catherine Lefevre : these first 3 top items are they meeting the checklist ....
06:17:31 From Catherine Lefevre : Did they meet the checklist? • [SP Interest] • Reqs Details: • Use Case/Archi Review: • Impacted Components
06:17:55 From Catherine Lefevre : then we can pursue with with PTLs on • Estimates (T-Shirt): • Committed Resources:
06:18:05 From Catherine Lefevre : Estimates = DEV & TEST
06:20:12 From Catherine Lefevre : Feedback received - is there a way to highlight functionalities through these use cases
06:22:25 From Kenny Paul (LFN) : https://wiki.onap.org/display/DW/SP+priorities+for+Dublin
06:23:12 From Eric Debeau : +2 with Alexis
06:25:02 From Catherine Lefevre : The question that we need to answer as TSC: shall we focus on our "technical debt" (documentation, security, remove hardcode, container optimization) = TSC MUST HAVE and maybe select 1 requirement from each subcomittee?
06:25:37 From Catherine Lefevre : onap capacity seems to be fixed
06:26:17 From Catherine Lefevre : Use cases could be part of our 3 years roadmap?
06:28:40 From Kenny Paul (LFN) : #topic Casablanca Maint. Release
06:29:09 From Alla Goldner : we must define, I believe, 3 highest priority items per eaxh subcommittee, S3P, etc.
06:29:28 From Alla Goldner : then we commit to those, and optionally to additional things, if there are resources available
06:29:35 From Alla Goldner : can this be a way forward?
06:30:03 From Kenny Paul (LFN) : M1 Dec 10: scope locked
06:30:41 From Kenny Paul (LFN) : only high/highest, security updates, doc imporovements
06:30:52 From Kenny Paul (LFN) : NO NEW FEATURES
06:31:23 From Kenny Paul (LFN) : commit to casablanca branch, cherry pick into master
06:31:37 From Eric Debeau : ExtrenalAPI/NBI may also be part of Csa Release
06:32:59 From Alexis de Talhouët : > commit to casablanca branch, cherry pick into master
06:33:10 From Alexis de Talhouët : just for fixes, please. No new features
06:33:19 From Kenny Paul (LFN) : usecaseui-174
06:34:26 From Catherine Lefevre : severity has been increased to Hghest
06:35:41 From Steven Wright : VNFRQTS (like Docs) may have some updates for the maintenance branch
06:35:45 From Catherine Lefevre : TSC members and proxies, please add #info, your name, company name if you have joined after the meeting has started. Thank you
06:36:05 From Viswa KSP ( Verizon ) : Do we have a upgrade path from R3 to R3 Maint release ?
06:36:32 From Kedar Ambekar : I am increasing severity of TEST-133 to High to get it included in maintenance release.
06:36:57 From Catherine Lefevre : # action (PTL call) OOM Helm charts wil move to projects by dublin. To be discussed during PTL call
06:37:19 From Kenny Paul (LFN) : if a docker image changes the project teams are responsible for providing updates
06:39:13 From Brian : robot
06:42:25 From Kenny Paul (LFN) : TEST-133 == feature, to be targeted for Dublin., not Casablanca maint.
06:42:33 From Catherine Lefevre : Can we start to move to upgrade release as part of Dublin to avoid rebuilding environment from scratch?
06:42:52 From Catherine Lefevre : Mike will make a presentation at V2F
06:44:58 From Kenny Paul (LFN) : #topic Security
06:49:27 From Gildas Lanilis : @Brian F. My access to https://nexus-iq.wl.linuxfoundation.org/assets/index.html#/reports/onap-aaf-authz/b343e31d9e574e0486fccb6888bb906a works fine.
06:49:43 From Kenny Paul (LFN) : #action kenny follow-up with Rel-Eng on nexus IQ issues
06:50:48 From Gildas Lanilis : Regarding CLM access to Casablanca LF Ticket 64966 opebed.
06:52:30 From Michael O'Brien(Amdocs,LOG) : https://wiki.onap.org/display/DW/Security+Space+Wiki+Access+List
06:55:33 From Catherine Lefevre : #action PTLs to add their SMEs to Michael's wiki
06:57:24 From Catherine Lefevre : #action Kenny - to meet Sonatype and have a readout by F2F meeting - stretch goal: Jan 3rd
07:02:06 From Michael O'Brien(Amdocs,LOG) : example from my github - personal projects
07:02:07 From Michael O'Brien(Amdocs,LOG) : obriensystems’s repository security updates from the week of Nov 27 - Dec 4
obrienlabs organization organization
Warning!
obrienlabs / biometric
Known security vulnerabilities detected
Dependency
com.fasterxml.jackson.core:jackson-databind
Version
< 2.6.7.1
Upgrade to
~> 2.6.7.1
Vulnerabilities
CVE-2017-7525 High severity
CVE-2017-7525 High severity
CVE-2018-7489 High severity
CVE-2018-7489 High severity
CVE-2017-17485 High severity
View 1 more
Defined in
pom.xml
07:02:22 From Michael O'Brien(Amdocs,LOG) : Your GitHub security alerts for the week of Nov 27 - Dec 4
07:02:32 From Michael O'Brien(Amdocs,LOG) : mail and on the admin page
07:02:58 From Michael O'Brien(Amdocs,LOG) : agree that the microsoft tool is not well defined enough for us
07:03:47 From Kenny Paul (LFN) : TSC-32 - sonotype replacement investigation
07:05:12 From Dan Timoney : I thought I remembered discussions before Casablanca about enhancements to NexusIQ that would scan our code itself for new vulnerabilities (e.g. potential buffer overflow exploits). Is that still in the works?
07:05:52 From Kenny Paul (LFN) : SEC-50 oparent.pom as an alternative fix
07:06:16 From Michael O'Brien(Amdocs,LOG) : logging/pomba uses oparent very well
07:09:29 From Catherine Lefevre : #action PTL call - oparent will be supported bu Integration team to support common vulenrabilities, get adoption by PTLS and provide feedback to TSC
07:11:59 From Catherine Lefevre : #Action Alexis - resume discussion with ODL to fix vulneabilities so we can consume it
07:12:10 From Michael O'Brien(Amdocs,LOG) : sorry forgot to put myself on mute at 1:07:20 - sorry about that 10 seconds
07:12:25 From Kenny Paul (LFN) : oh. lol
07:13:42 From Catherine Lefevre : TSC-39 adoption of code of conduct
07:13:43 From Catherine Lefevre : CNCF has a CoC that could be edited and put forth as a starting place: https://github.com/cncf/foundation/blob/master/code-of-conduct.md
07:14:48 From Keong Lim k00759777 : cannot see screen share of the other page
07:19:27 From Keong Lim k00759777 : what is the governance around updating the CoC?
07:20:29 From Catherine Lefevre : do u see it know Keong?
07:21:23 From Kenny Paul (LFN) : TSC-39 CoC
07:21:49 From Keong Lim k00759777 : yes, i saw the screen share
07:21:56 From Michael O'Brien(Amdocs,LOG) : yes, my mike
07:22:00 From Michael O'Brien(Amdocs,LOG) : I will update the TSC
07:22:41 From Michael O'Brien(Amdocs,LOG) : @Michael O'Brien will update the TSC on TSC-25
07:24:18 From Catherine Lefevre : @mike - feel free to add to 12/13 agenda - thanks - Toolchain Matters
07:25:38 From Kenny Paul (LFN) : #topic housekeeping
07:26:23 From Kenny Paul (LFN) : LF shutdown Dec 17 - Jan 2 - emergency requests only - use helpdesk
07:26:49 From Kenny Paul (LFN) : Confluence upgrade next week
07:27:05 From Catherine Lefevre : #action OOM/Integration team to meet to plan update labs regarding K8S/CLM vulnearbility issues
07:27:30 From Kenny Paul (LFN) : #topic undercloud security CLM/CVE
07:28:02 From Catherine Lefevre : #action - identify a tool for docker scan --- TSC-58
07:28:03 From Kenny Paul (LFN) : OOM-1539
07:28:20 From Amy Zwarico : •Kubernetes v1.0.x-1.9.x •Kubernetes v1.10.0-1.10.10 (fixed in v1.10.11) •Kubernetes v1.11.0-1.11.4 (fixed in v1.11.5) •Kubernetes v1.12.0-1.12.2 (fixed in v1.12.3)
07:28:42 From Amy Zwarico : https://github.com/kubernetes/kubernetes/issues/71411
07:29:14 From Lior Nachmias AT&T : Thank you
Zoom Attendance Log
Anchor | ||||
---|---|---|---|---|
|
TSC Members Attendance: 89%
View file | ||||
---|---|---|---|---|
|
TSC Decisions
Action Items
- Meetings conflicting with the ONAP Virtual Event will be canceled
- Subcomittees to prepare their top 3 requirements (UseCase, Security, Control Loop, Modeling and Architecture)
- (Gildas/PTL Call): OOM Helm Charts will move to the project's responsibility by Dublin
- PTL to add their security SME to Michael's wiki by December 11th, 2018 -
Jira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key TSC-29 - Kenny to meet Sonatype and a readout by F2F meeting or stretch goal: 2019/1/3 -
Jira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key TSC-78 - oparent will be supported by the Integration team to support common vulnerabilities, need to get adoption by PTLS and to provide feedback to TSC
- Alexis will resume discussions with ODL -
Jira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key TSC-77 - OOM/Integration team to meet to plan update labs regarding K8S/CLM vulnerability issues
- Identify a tool for docker scan -
Jira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key TSC-58