Page Comparison

11/21: How to handle registration / provisioning of a new dr-node instance to an existing and/or "edge" DR deployment.

Dominic Lunanuova recommended to use bus-controller api. Existing script in OOM BusController deploy.

Is there a k8s way to do this "registration / unregistration"?

12/5: Deploy DR node, thinking on how you register to the API of BusController -

12/12: Similar issues across ONAP teams - continue to discuss with OOM team

DMAAP-534 

01/28: Mail thread in relation to this - should DR move to CADI to incorporate AAF roles (good idea!)

Sunil might run through on Fri

02/01: CADI - Steps sent onto Mariusz

Role based access will remain under AAF

02/04: DR looking into integrating AAF for provisioning via BC

02/06: Fiachra in discussions with Sunil to resolve and need to contact AAF but we already have certificates

02/11: Dom to ask Roman to attend to explain ECOMP strategy for Publisher api access. These changes could be ported back to DR code base.

02/13: Internally Romans team have done it for both prov and publish API - Roman willing to forward on the solution it back to ONAP

DR Team will implement it

02/15: Prashant - need to structure -walkthrough from very high level

02/20: Dom to track down files as per requested

02/22: All files sent - team to continue implementation

Dom to see if he can get Prashant to have chat with Fiachra

02/27: Meetings proceeded - keeping open until implementation complete

03/01: Work ongoing -

03/08: testing on windriver environment - take a call offline

03/13: Mail chain - Still blocked (Sunil to assist after call)

03/15: Issue resolved, so progress being made - mail chain

03/15 Fiachra to request port for dr-node

and Sunil to request AAF team to take snapshot of permissions/roles

03/20: blocked - cannot add prov id to dr-admin role- similar issues to meeting call last week (identity itself is missing)

(use aaf deployed within helm charts - )

What do we need to do now??? Sunil to send mail need AAF team to reset up test environment

03/22: Plan is to have this disabled by default

Can be enabled for integration testing - then whenever we satisfied we can set it to enabled by default

windriver image to be taken next week sometime!!

Impact on BC to be conveyed early next week

How to document this  - DR API and equivalent in BC API

03/25: Cadi enabled for MR by default, use same variable name across all DMaaP.

03/29: Code in for review - Plan is to have it disabled by default for this release (Ability to turn on if desired -aafID passed will dictate its on) - Impacts on Bus controller

Danger: Provisoner tries to use AAF, DR off, BC on - ?

Risk: AAF environment req'd (More stable now with ability to deploy aaf locally)

04/01: Code review in process and docs in progress ( Bc updates also reqd)

04/03: Code merged/doc up for review/OOM code not merged

4/5: Remaining work items in Jira:

02/04: Discussion on Edge deployment commitments.

Centralized ONAP Deployment (DMAAP + DCAE)

DCAE k8s deployment - Epic

DFC -

PM Mapper -

DFC + Mapper instantiated at edge, central or both - dependency on DR and MR

Service provider provision topic

Work on it and review progress at M3

02/06: is there a central registry - AAI (Vijay in communication with them)

How do you retrieve edge locations? a label/name is what we need (need to be consistent with DCAE)

Secondary consideration : how do we deploy component in edge and are aware of these - managing HELM charts?

2/8: Dom started to capture approach based on ongoing meetings with OOM: DMaaP Edge Deployment

02/13: Edge Deployment group asked for page to be reviewed with their team - DOM to forward out meeting call to all

02/15: OOM meeting 13 Feb 2019 - Experiment with edge, DMaaP have voluntereed to assist here 

lets wait for answer to whether or not to split out components might be solution going forward

02/20: Mike to discuss further - OOM

02/22: Mike still investigating this topic further

Fiachra to look into why DR is structured the way it is? -see 02/27

OOM losing personnel - CNI in particular to get HA K8s up and running - keep an eye on

02/27: might have a solution for this part - mariadb sub requirement under dr-prov, issue in relation to helm with regard this

OOM meeting - 3-4 to discuss further

03/01: Mike to attend on Monday

03/04: Mike is holidays week 11-12, need to ensure Conor commit gets merged

Dom & Sunil have changes to follow suit after Conor's merge

03/06: James Mckinder (OOM team) having issues - potentially - not cleaned correctly - to be discussed at OOM meeting

03/08: Code has been merged to facilitate component deployment in diff sites

release name has release and component name in them - this is causing an issue for configMap at DMAAP level 

helm install vs helm deploy work differently - potential a bug in helm deploy

• can disable components to only deploy individual components (aids testing greatly)
• component changes: helm variables expand are getting long, e.g. filebeat configmap for datarouter at dmapp resource level - component expands out to include component name - potentially move filebeat down into relevant level (keep all dmaap components independent - )

03/15: Dom has done some great work on post install script - plan is to get the components and discuss plan going forward

03/20: Patch set 4, awaiting a MERGE once merged Sunil has follow up changes - mirror maker

03/22: Need to confirm if BC is working after merge (aaf permissions?)

03/29: Commit up for review to resolve 03/22 issue

Dom trying to release 1.0.5 -

04/01 - Image released and updated -https://gerrit.onap.org/r/#/c/83671/ should resolve OOM issue

No more running as root on containers

Proposed Updates to Release Templates (Dublin) - Security Questions

Is it required for M2 ?

02/11 Doesn't need to be implemented by M2, nice to have for M4. (Try to plan for M4).

Here's the link to the Jira where applications are being asked to update their impact and concerns regarding this item.

02/13: Dublin timeframe - Not mandatory, if possible complete, if not have a backlog item for El Alto

Mandar to update ticket

02/15: ticket updated to work on this in El Alto - Mandar to ask reporter how do we interpret this ticket?

  created ticket in backlog

02/27: Is this related to Alpine solution - not clear

New requirement : Wanted position to be part of Dublin

03/04: Action to start investigating - how will this be verified - Mandar

03/08: krzysztof to write script to enable verifcation -mandar to chase up

"Actually the script can be merged into oneliner:

kubectl --namespace=onap get pods | tail -n +2 | awk '{print $1}' |\ xargs -d \\n -I % kubectl --namespace=onap exec '%' -- /bin/sh -c \ 'ps aux | sed "s/^/%\t/"' | tee ps-all.txt

What it does it just exec into every pod and list processes that runs as a root. In general, if you run container using docker you can use user namespaces and match a root user inside the container to any uid on the host that you want but according kubernetes doc user namespace are not supported which effectively means that if sth runs as a root inside the container it is also a root on a host (just certain capabilities may be

dropped)

Best regards,

--

Krzysztof Opasiak"

03/13: Mail forward onto team

03/20: what is required, when is it achievable

03/29: Required by M4 (think its delayed to 11/4?)

04/01: work in progress for DR

Code is Merged for DR - https://gerrit.onap.org/r/#/c/83879/

02/15: Mail sent from Emmett - any feedback in relation to this?

Is it Mandatory or not?

Manageability as part of platform maturity requirements

Target level is 2 for Dublin - mandatory

02/27: Create EPIC -

03/11: Epic created in Jira :

03/15: appears to be a stretch goal for existing components

DR AAF Certificates expired - DR broken in Casablanca now.

Possibly generate new certs.

02/22: Johnaton to supply fresh ones

02/27: Certs updated and merged for Dublin & Casablanca

Need to get new artifacts released per release - mail sent to Ram/Mandar

03/01: Artifacts released - Code up and awaiting merge and release documents updates needed

03/04: Master - code needs to be merged in OOM

Casablanca - Process (Post maintenance release process to be determined) to get change into this release - 3.0.1 tag is already created - due to be discussed at PTL meeting 11 Mar 2019 

----------

Dmaap 1066 follow up to see if related - replica DB failed to come up (Closed)

Dmaap 1076

03/15: An overall ticket - to bundle all changes in together - Mandar to source ticket (power point in relation to release?)

03:18: updates from Mandar:
PPT: (TSC policy for maintenance releases)
https://jira.onap.org/secure/attachment/13434/Prosal%20for%20a%20TSC%20Policy%20on%20ONAP%20Release%20Maintenance-pa5.pptx

Tickets:

All changes related to this cert expired issue should be committed before 3/25. Casablanca 3.0.2 will be released on 3/25.

03/22: awaiting for merge to solution

03/29: Bulk PM use case verified on Casablanca wind river environment

04/01: Release new image with cert of 12 month duration - working on this

04/03: Waiting on OOM review to sign off on this