Table of Contents |
---|
Bridge
Meeting pushed by 30 min for ; will start at 15.00 UTC
...
Time (est) | Topics | Requester/Assignee | Notes/Links | |||||||||
START RECORDING PARTICIPANT LIST | ||||||||||||
1 | Project Status | Release Status Frankfurt Milestone Status#RC1
| ||||||||||
DCAE Blockers/High priority |
| |||||||||||
DCAE Outstanding Jira & MED priority bugs | DCAEGEN2-2219 - DFC's SFTP client doesn't protect from MITM attacks - Moved to Guilin Open items from last meeting
| |||||||||||
2 | DCAE bootstrap updates | 05/06/2020 - Bootstrap 1.12.6 (frankfurt) - Released (OOM update pending)
Further blueprint updates will be assessed case by case if bootstrap version release is required
4/7 - onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5 released.
Reference : https://lists.onap.org/g/onap-discuss/message/20046 Blueprint management for Frankfurt - DCAEGEN2-2041 | ||||||||||
3 | CBS TLS in SDK | Review recent discussion on : https://gerrit.onap.org/r/#/c/dcaegen2/services/sdk/+/94266/ and identify next step Confluence: TLS support for CBS - Migration Plan link to the source - https://docs.onap.org/en/latest/submodules/dcaegen2.git/docs/sections/tls_enablement.html k8splugin version 2.0.0 will automatically mount the CA certificate, in PEM and JKS formats, in the directory
k8splugin version 2.0.0 uses an init container to supply the CA certificates. 4/29, 4/1 - tested on HV-VES 1.4.0 - not working - Exception in thread "main" org.onap.dcaegen2.services.sdk.security.ssl.exceptions.ReadingPasswordFromFileException: Could not read password password from /etc/ves-hv/ssl/jks.pass - jks.pass is distributed only when use_tls is set to true; need to be checked if app expects cert as server? Piotr Wielebski
5/13/ - after my investigation:
Conclusion:
| ||||||||||
4 | Repo Branching | All repository branched including documentation (dcaegen2). Committer must ensure new submissions are cherrypicked into Frankfurt branch
| ||||||||||
6 | AAF change impact | aaf_agent (2.1.20) changed in Frankfurt generates cert as non-root; need to assess impact to dcae TLS init (currently uses 2.1.15)
DCAE change to be assessed based on CMPv2 proposal; generic onap/usergroup to be discsussed with AAF team - Vijay Kumar | ||||||||||
7 | Certificate for components/instance (wild card support) | >Frankfurt | PMSH may need to support multiple instance per different usecase. The certificate generation should be supported at instance level (possible AAF dependency 4/29 - Policy may be using wildcard - *.pdp, *.pdp.onap.svc.cluster.local ; to be confirmed if supported from AAF currently - Vijay Kumar 2/20 - DCAEGEN2-2084 - support certificate generation at instance level for DCAE services OPEN to track this request for DCAE; AAF dependency will be discussed post Frankfurt and corresponding AAF Jira to be created | |||||||||
8 | Guilin Items | Platform
Requirments from OOM team to be discussed with team
| ||||||||||
Frankfurt Artifacts Release versions
Check "Artifacts released" section under RTD - https://docs.onap.org/en/latest/submodules/dcaegen2.git/docs/sections/release-notes.html
Open Action Items
New Action items
...