Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Recordings

Recorded Session 2018-04-25

Attendees

Goals

  • Upcoming milestones
  • Release artifacts
  • Documentation

Discussion items


Model-loader

Update 25 April: James Forsyth will create how to document on wiki.  Instructions to include: access to windRiver lab, logging into system, pulling the dockers from A&A&, how to run OOM and start the mS.


OOMJames Forsyth

Update 25 April: James Forsyth and Venkata Harish Kajur to audit what is currently running then setup multiple nodes that can be used for testing; space defined and coordinated within the team; will work it offline and then share with the team via the wiki.


Next Milestone: RC1

RC1 is May 3 - during this time the team should support integration testing and work on documentation. We should close the existing bugs that are open in AAI:



KeySummaryTCreatedUpdatedDueAssigneeReporterPStatusResolution
AAI-1051 API Spec is specifying v12 in v13 file
Bug
Apr 17, 2018Apr 18, 2018
James ForsythJames Forsyth
High
Open Unresolved
AAI-1049 [Model Loader] - Remove dependency on PowerMockito
Bug
Apr 17, 2018Apr 18, 2018
Mark LeonardGabriel Sanchez
High
Open Unresolved
AAI-1035 Security: Springboot 1.5.10 has new nexusIQ critical exceptions
Bug
Apr 16, 2018Apr 16, 2018
James ForsythJames Forsyth
High
Open Unresolved

3 issues Refresh


Update 11 April: James Forsyth - investigate c-set jobs for validating services.


Spring boot 1.5.10 vulnerabilites

Need to move to latest stable version 1.5.12

AAI-1035 - Security: Springboot 1.5.10 has new nexusIQ critical exceptions Open


Code Coverage Policy Enforcement

For aai-common, resources, and traversal we've enabled jacoco threshold to make sure that code coverage doesn't fall on a commit. This will prevent users from contributing code that would negatively impact the overall code coverage on a repo. Let's discuss enabling this across the board on all AAI repos.

Update 11 April: James Forsyth and Venkata Harish Kajur - Look at automated PoC polling script, add test coverage.


Release version

Need to discuss how we manage our release versions on our artifacts, including docker images and the various internal dependencies.

Update 4 April: Currently using snapshot version for Dev branch; need US to remove ref to internal snapshots for each report; need US releasing current versions of each repo.

Update 11 April: Plan release version next Wed after meeting, take all components as is then take patch for RC1 for those that are unversioned.

Update 18 April: Order of release:

  • aai-common
  • logging-service (only if anything depends on 1.2.2-SNAPSHOT - Steve Blimkie will verify)

  • event-client
  • rest-client (only if anything depends on 1.2.1-SNAPSHOT - Steve Blimkie will verify)

  • resources
  • traversal
  • model-loader
  • sparky-be
  • champ
  • gizmo

Beijing Demo Hostnames

How should AAI hostnames/ports being configured in AAI clients? Are we still using aai.api.simpledemo.onap.org? How do we configure the toy certificates? Will there be a new hostname for clients who connect via MSB? Perhaps Former user (Deleted) can comment how other systems are handling these issues. If there will be multiple hostnames that clients can use to connect to AAI, should we configure SAN certificates for the demo (example: aai.api.simpledemo.onap.org:8443 and aai.msb.api.simpledemo.onap.org:10081). It is still unclear which system will serve as the demo CA to issue our server certs.

Update 16 March:

MSB will listen on port 443 - our clients will need to configure a new hostname for the MSB endpoint - https://msb-iag.onap:443 in k8

hostname:port need to be runtime configurable variables

Will there be a CA for .onap hostnames?

PATH1: Client → AAI aai.api.simpledemo.onap.org:8443 (HAPROXY) → AAI resources port 8447, AAI traversal 8446 (cert with subject aai.api.simpledemo.onap.org) - client needs to trust the signer of the onap.org CERT which currently is the openecomp.org CA

PATH2: Client → msb-iag.onap:443 MSB → aai-ms.onap which is the same service, AAI resources port 8447j, AAI traversal 8446 (will be default, probably only path after Beijing)

SAN (Subject Alternate Name) cert that allows both aai.api.simpledemo.onap.org and aai-resources.onap

Tell clients to disable hostname verfication?

Huabing: I guess we just use ssl for encryption, but not for the authentication until ONAP has an internal CA available.

Update 21 March:

Client → (https) MSB → (https private key + self-signed certificate) ESR → (https) AAI

Update 17 April: AAF has signed a new certificate which we will be releasing with our new artifacts and docker images for RC0.  Francis Paquette - Follow up with the sparky certificate


JanusGraph across all AAI mS

Plan to merge janusGraph support for the resources and traversal microservices (should be done by meeting time). Need to make sure we have alignment across all configs to use the Janus libraries and create Janus tables in cassandra at AAI spin up either in HEAT or OOM. Need to up date resources/traversal/champ configs - anywhere else?

Update 28 March: Steve Blimkie / Venkata Harish Kajurto coordinate for OOM and test config.

Update 11 April: Venkata Harish Kajur to work with Marco to see if can be done in the lab.


Update dmaap dependencies

In the various repos that still use com.att.nsa, it should be:

<groupId>org.onap.dmaap.messagerouter.dmaapclient</groupId>

<artifactId>dmaapClient</artifactId>

<version>1.1.3</version>

AAI-841 - Replace dmaapclient dependency Open

Update 9 March: Event-client recently added to ONAP (found in pom.xml); Tian Lee to update to use the latest version (1.1.3) in pom.xml.  Recommendation is to use the aai.event.client instead of dmaap client.  Please update each of your own micro services.

Update 16 March: Venkata Harish Kajur to complete resources, traversal.


BabelDamian Nowak

Tian Lee provided an overview of Babel. Damian requested documentation, Tian Lee and CT Paterson suggested some docs that can be provided.

Models come into AAI thru babel, so changes to the models must be made in SDC.

Nokia is interested in model changes for 5G PNF support.

Clarified difference between service/resource models and schema.

Tian Lee working with Damian - adding model to OXM, liasing with SDNC for models containing pnfs - will run thru Babel to see if additional work is needed;

Olaf Burdziakowski working with Damian Nowak regarding pnfs needed

3/02: Schema changes and defined APIs needed by next Thu (8 March). 

Update 8 March: Gerrit review https://gerrit.onap.org/r/#/c/34489/ is awaiting feedback from Olaf Burdziakowski

Update 9 March: Olaf Burdziakowski updated OXM; Successfully tested the OXM updates in lab: set up aai instance, called API.

Any issues reach out to Venkata Harish Kajur or James Forsyth.  Leave this item for future meetings.


Nexus IQ

Anything Red for Security Issues and License Analysis need to be fixed in order to pass M4 (29 March).

Vulnerabilities due to AJSC need to have a plan on how to mitigate.

James Forsyth has created parent story in JIRA for each repo; need each repo owner to bring us in to full compliance.  JIRA labels added: Security, AJSCDependency

By M3 (9 March) need to have plan on how to mitigate.

Nexus IQ higher priority than CII Badging.

Venkata Harish Kajur to provide Richard Epp with guidance on Spring Boot templates.

3/02: Richard Epp uploaded spreadsheet containing next candidates if vulnerabilities still exist.

Update 9 March: GREAT progress on this item - we replaced the AJSC dependencies with Springboot 1.5.1 and have cleared all critical issues from resources, down to only 2 in

Update 9 March: Main work needed for M4. Venkata Harish Kajur working on aai.com; majority are related to AJSC, which has been dropped and replaced with spring boot 1.5.10.  Venkata Harish Kajur has few changes still needed in pom.xml of change of parent pom (AJSC to spring boot) and AJSC dependencies to spring boot.

Aai.service – possibly remove as no longer used; Venkata Harish Kajur to email Jimmy on removal.

Please review your responsible app and any questions send to James Forsyth.

Update 14 March: Deadline for this for all repos is 24 March. This means all dependencies that can be upgraded will have been merged by 24 March. Any policy violations that cannot be cleare will be tracked here: AAI R2 Security/Vulnerability Threat Template

Colin Burns will provide a mitigation strategy by 21 March

Update 21 March: Wiki page: AAI R2 Security/Vulnerability Threat Matrix created under R2 Release Planning.  Please add to the matrix if your app will not make the remediations needed  for Sev 7, 8, or 9 before code freeze.  We will not pass M4 unless we have a plan in place.  Also alert James Forsyth if your app is not going to make it in time.

Update 4 April: Discuss next week Risk vs Benefits along with level of confidence on changes made late in cycle.

Update 18 April:James Forsyth - Write JIRA ticket for http4.5 event-client; Zi Li - Needs to check Nexus IQ report for ESR server; Venkata Harish Kajur - Look @ Nexus-IQ common report - high priority.


CII Badging

Wiki page with instructions on the process: CII Badging Program

We have two CII Badging submissions currently active on CII Best Practice Badge Program: 1) AAI and 2) Sparky-fe

The team needs to decide how to split up the project - AAI is too big to fit under a single project.  James Forsyth proposes the following breakdown for CII badging:

1) AAI core (REST providers and common code): James Forsyth - Project created, ongoing progress.

  • aai-common
  • aai-resources
  • aai-traversal
  • gizmo
  • champ
  • graphadmin
  • event-client

2) GUI - Arul Nambi - Need to include more repos to the current "front-end" project

  • sparky-fe
  • sparky-be
  • data-router
  • search-data-service
  • router-core

3) Model loader - Tian Lee / Mark Tooski- Need to create projects

  • model-loader
  • babel

  • 4) Graph utils / eventing / logging - Steve Blimkie - Need to create projects
  • spike
  • gap - Tian Lee
  • graphgraph - Stretch for Beijing
  • event-client - Tian Lee
  • rest-client

4) ESR - Zi Li - Project is created, still ongoing process to meet all the requirements

  • esr-gui
  • esr-server


The idea is that we assign one key person who will be responsible for getting the badge on their set of repos.  This is just a suggestion, and I invite discussion, re-categorization, and complete rewrites. Owners of the sets can decide whether it makes sense to group sets into one CII badging request, or split. Every repo above must be included in 1 CII submission.

23 Feb:

Need readout next week per repo as to where we stand and how we can close before M4 (3/29).

Zi Li and Arul Nambi will work together to see if same kind of scan will work for both components

2 March: SONAR will not report on java script based so those need to be run manually via another tool locally.

Update 3/8: Urgent - need to document our plan and have a commitment to get to 50% coverage by m4. Preferably sooner to prevent giving your PTL a heart attack.

Offending repos:

ALSO: if your repo is part of Beijing but is NOT part of the SONAR scan, (Venkata Harish Kajur, graphadmin leaps to mind) please fix that ASAP

Update 9 March: Steve Blimkie needs James Forsyth’s signoff on moving small libraries within event and rest clients to aai.core; Spike and Gap not used in Beijing;  Tian Lee to create project for Model loader; may need secondary URL describing model-loader but point to aai.core.

Gizmo – Giulio Graziani requesting adding it to his team's work list.

Common – Venkata Harish Kajur working on

Router-core – AMDOCs to work

Update 16 March: James Forsyth to verify on PTL call if all vulnerabilities 4 or above need to be cleared in order to pass.

Update 21 March: Title of project must have ONAP as the first word; Mark Tooski to pickup Tian Lee's action items while he is out.

Update 4 April: We are at 97%


AAI-494 - Improve API Swagger Documentation IN PROGRESS

Issue 1 - Parsing of YAML file into RST format

Richard Epp to send yaml file via email to Pavel and attach to wiki so all can see.

YAML file too large and resulting RST file cannot be read by readmedoc causing it to be unusable.

Issues parsing the YAML file into RST format - structure is not correct - structure of YAML file must follow SWAGGER structure.


Issue 2 - Exposing AAI Swagger through MSB

Suggestion of using MSB portal with link of file to readmedoc.

How to display REST APIs via the swagger UI integrated with MSB: https://wiki.onap.org/display/DW/Microservice+Bus+API+Documentation#MicroserviceBusAPIDocumentation-APIDefinitionandSwagger-UI

Will need to continue as open item until resolved.

Contact Zi Li / Former user (Deleted) for more information about integration. Just require the swagger JSON file for integration - Richard Epp please provide the JSON to Zi Li -

https://wiki.onap.org/display/DW/2018-02-02+AAI+Weekly+Meeting+notes?preview=%2F25429783%2F25432551%2FNetwork_v13.yaml

Zi Li - please download the yaml file above and see if you can make use of it in MSB

Note: Alternate Swagger UI service already available.

Huabing - Please refer to the below comments for session sticky and AAF plugin progress

2018-02-16: Generator of the RST can't find the definitions (there is a getDefinitions and patchDefinitions) and parser can't deal with it. Generator only can parse ASCII and there are characters outside the ASCII set. PATCH and GET methods can possibly be split into their own files. Richard Epp will look into installing swagger UI in Windriver lab; Venkata Harish Kajur knows how to access, contact Stephen Gooch for access

23 Feb:

Richard Epp split up the files; James Forsyth uploaded network put and get (RST files) which Passed.  Will do REST next.

Richard Epp to get access to JIRA (LF)

Venkata Harish Kajur to provide guidance to Richard Epp on setting up Dev env locally.

2 March: Richard Epp uploaded all RST files to wiki yesterday; not able to run GET commands, will work on Permissions issue.

Update 8 March: Richard Epp was OOO this week, need to close on this one soon. Also need to regenerate based on the current v13 schema files (including pending commits that aren't merged yet)

Update 16 March: Follow-up needed with Richard Epp

Update 21 March: Richard Epp will add to Gerrit before next Thu in time before M4; will use git review.  He will reach out to James Forsyth if any issues encountered.

Update 4 April: Richard Epp and Rich Bennett discussed, no path forward.  James Forsyth to ask for continued exception for our documentation.  James Forsyth to create US for v12 versus v13.

Update 17 April: New format for Casablanca, we might do it for Beijing because it works better for us: Example New Offereapis Page


Jenkins

Release jenkins jobs are still failing.  Helpdesk ticket # 52082

Changes to AAI-COMMON not picked up by downstream projects (resources, traversal)

Unable to release aai-common, as cannot release multiple times, without incrementing the version.

Liasing with ONAP helpdesk about whether we can release multiple minor versions of an artifact.

Proposal for Monday PTL meeting to align SNAPSHOT strategy

Venkata Harish Kajur to include Steve Blimkie on email exhange with ONAP Help desk.

2018-02-16: James Forsyth raised on the PTL call on Monday. Decision is to use SNAPSHOT for Beijing development, currently we're setting our snapshot as 1.2.1 Disabled the daily jobs (which fail because the snapshot/staging artifacts don't exist). Removed all amsterdam jjb jobs.

Need a better plan for Casablanca.

23 Feb: Steve Blimkie will check on dependency and fix.

Update 9 March: Steve Blimkie provided fix:  Need better plan for Casablanca.

Update 21 March: James Forsyth will cut releases upon return from CA.

Update 18 April: LF is going to turn off the daily docker build job in Jenkins - there will a weekly build, but a new docker will be built when there is a merge.


MSB Integration Status

The MSB AAF auth plugin
Two-way SSL at MSB API Gateway
Any problems in the integration

AAI-671 - Replace HAPROXY with MSB OPEN Opened questions to be answered

Might need a plugin in MSB to achieve stickiness of requests

Huabing asked Jonathan Gathman about AAF API - further details required.

2018-02-16: Adrian Slavkovsky  is waiting for MSB fixes - stickyness/ip_hash load balancing doesn't work. kube2msb registrator doesn't register ports correctly. We need to socialize the hostname that clients will use - follow up with Former user (Deleted) and other teams about how this will work. James Forsyth will raise the issue on next Monday's PTL call.

23 Feb: Adrian Slavkovsky to follow-up and provide feedback next meeting.

28 Feb: Huabing update Adrian Slavkovsky James Forsyth

  • Stickyness/ip_hash load balancing and kub2msb registration are solved.
  • No Authentication&Authorization REST APIs from AAF can be used for MSB API Gateway auth plugin yet, we need to wait. It seems that AAF currently only support CADI and CADI approach requires every projects to do authentication and authorization seperately.

3 March: Former user (Deleted) to fix issue with ip_hash.

Update 9 March: Vijay Kumar scheduled12 March meetingto go over changes; trying to get MSB into OAM project; security issue getting MSB with AAF.

Update 16 March: Adrian Slavkovsky merged changes, will do same for heat templates next week.


Cassandra Clustering

Goal - provide HA to AAI

Issue 1 - remote storage

Meetings with Michael O'Brien - (deprecated as of 20170508) - use obrienlabs

OOM team should check the video recording of the session

@Michael O'Brien - (deprecated as of 20170508) - use obrienlabs will arrange further meeting on Monday

Issue 2 - simulating outage

Pavel + Harish will try to simulate on Monday

We have a 3 node replicated cluster configured with local storage; need to discuss if this will be adequate to the purpose of Beijing integration testing.

AAI-539 - Set up Cassandra docker images in 3 node cluster OPEN OOM-591 - AAI needs persistent volumes configured, need help with OS in lab REOPENED

Michael O'Brien from OOM team will assist w/ OOM-591

Michael O'Brien to respond back to Harish’s email and setup meeting on Monday 10 AM; Will put on OAM discussion page so others interested can attend. 

https://lists.onap.org/pipermail/onap-discuss/2018-February/007954.html

https://lists.onap.org/pipermail/onap-discuss/2018-February/007955.html

ONAP on Kubernetes on Windriver Titanium Cloud - Openlab#Openlab-20180205:AAIandOOMworkingsessiononCINDERKubernetesPV

https://wiki.onap.org/download/attachments/25431372/20180205_aai_oom_cinder_kubernetes_pv_work_session_1_of_2_zoom_0.mp4?version=1&modificationDate=1517867225191&api=v2

2016-02-16: Working cluster; titan + thrift allowed us to use Cassandra 3. Janus will not have thrift requirement.

23 Feb: Venkata Harish Kajur has connection ready; will test after node fails; will work with Former user (Deleted).

2 March: Venkata Harish Kajur to test node failure next week and advise findings.

Update 9 March: Venkata Harish Kajur testing indicates cluster not working properly, will look into Cassandra configuration.

Update 16 March: Venkata Harish Kajur made significant progress, all working as expectedAdrian Slavkovsky would like use case guidance, James Forsyth to provide contact 

Update 21 March: Bill Pezzuti to send use case to Adrian Slavkovsky and Former user (Deleted)

Update 11 April: Venkata Harish Kajur to follow-up with getting clarification on the ask from Karen Jacobs.

Update 18 April: OOM job is merged

...