Attendee-List:

Agenda

Video:

Today's topic:

Proposal for TSC accepted ONAP component disabling: OOM New Delhi Release
- TBD:
  - Patch to disable components
  - Update healthchecks, smoke tests to exclude component related tests
Update of New Delhi Key Updates: New Delhi Release Key Updates
Logging improvement proposal (TCL) Mateusz Pilat
- All components have to log to STDOUT
- They should use a common format (JSON struct) with defined attributes (example: https://git.onap.org/oom/tree/kubernetes/cps/components/cps-core/resources/config/logback-spring.xml)
- A list will be provided for the required changes in components
- Presentation next week in the TSC
Presentation for DDF next week (presented by Florian Bachmann )

Patches:

Readiness is updated, as it did not support services without "Selector"
- https://gerrit.onap.org/r/c/oom/readiness/+/137651?usp=search
- Created new release 6.0.3 (https://gerrit.onap.org/r/c/oom/readiness/+/137657?usp=search)
- Patch to update the OOM charts to use 6.0.3 and the "service" option https://gerrit.onap.org/r/c/oom/+/137672?usp=search
DB Operators
- Add mongodb-init chart to be added (TBD)
ONAP Streamlining
- Patch for imagePullSecret: https://gerrit.onap.org/r/c/oom/+/137537
Chart restructuring
- Move DGBuilder and network-name-gen under SDNC (https://gerrit.onap.org/r/c/oom/+/137663?usp=search)
Platform Updates
- K8S version update to 1.18.6 (later 1.29.x)
- Istio (1.21.0)
- Strimzi + Kafka https://gerrit.onap.org/r/c/oom/+/137184?usp=search
- Documenting Infrastructure changes: https://gerrit.onap.org/r/c/oom/+/137636?usp=search (WIP)
Make ONAP production ready, Epic: Jira LegacyMake ONAP production ready, Epic:
Jira Legacy
server System Jira
serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176
key OOM-3288
- Charts have host paths mounted (etc. /etc/localtime), which conflicts with common policies (at least in DT)
  - we need to check the OOM charts and remove these paths, if possible
  - e.g. https://gerrit.onap.org/r/c/oom/+/137479?usp=search (AAI)
  - Removed entries: https://gerrit.onap.org/r/c/oom/+/137689?usp=search
- Further patches are plannes
- ...
Keycloak/Oauth2Proxy/Realm
- Update of Keycloak version Configurable REALM and AuthorizationPolicies:
  Jira Legacy
  server System Jira
  serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176
  key OOM-3267
  
  3292
  - WIP patch: https://gerrit.onap.org/r/c/oom/+/137736
- Update of Oauth2Proxy version (7.5.1) and update of configuration (check with Mateusz Pilat ):
  Jira Legacy
  server System Jira
  serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176
  key OOM-3268
  - Received charts for "authentication" creating:
    - Keycloak deployment
    - Realm creation for keycloak
    - Oauth2 setup and configuration incl. Redis setup
  - Created a page to sum up the proposal (Improvement for NewDelhi Release)
    - Questions:
      - MeshConfig (see https://docs.onap.org/projects/onap-oom/en/latest/sections/guides/infra_guides/oom_infra_base_config_setup.html#istio-service-mesh=
        vs. RequestAuthentication
      - Oauth2-proxy config

MR indepenency:

Policy
- Patch for Policy (https://gerrit.onap.org/r/c/oom/+/137529?usp=search) → (Drools is disabled, as some investigation is ongoing)
NBI
- Patch for NBI only in DT internal fork, as NBI in Archived mode)
- TSC Decision request for "NewDelhi"
  - → if we disable MR, should we disable NBI ?
HOLMES
- No patch available, as not active
- TSC Decision request for "NewDelhi"
  - → if we disable MR, should we disable Holmes ?

SDNC

SDNC-DMAAP-Listener (to be checked)

Is the Listener required ?

currently listening on, but none topic exists:

Code Block

DEBUG 2024-03-25 17:45:31.268 +0000 DmaapListener - Initializing consumer org.onap.ccsdk.sli.northbound.dmaapclient.OofPciPocDmaapConsumers(/opt/onap/sdnc/data/properties/dmaap-consumer-oofpcipoc.properties)
DEBUG 2024-03-25 17:45:31.275 +0000 DmaapListener - Initializing consumer org.onap.ccsdk.sli.northbound.dmaapclient.A1AdapterPolicyDmaapConsumer(/opt/onap/sdnc/data/properties/dmaap-consumer-a1Adapter-policy.properties)
DEBUG 2024-03-25 17:45:31.282 +0000 DmaapListener - Initializing consumer org.onap.ccsdk.sli.northbound.dmaapclient.CMNotifyDmaapConsumer(/opt/onap/sdnc/data/properties/dmaap-consumer-CMNotify.properties)
DEBUG 2024-03-25 17:45:31.288 +0000 DmaapListener - Initializing consumer org.onap.ccsdk.sli.northbound.dmaapclient.SdncRANSliceDmaapConsumer(/opt/onap/sdnc/data/properties/dmaap-consumer-RANSlice.properties)
...INFO 2024-03-25 17:46:07.549 +0000 SdncDmaapConsumer - A1AdapterPolicyDmaapConsumer received ResponseMessage: No such topic exists.-[A1-P]
INFO 2024-03-25 17:46:07.548 +0000 SdncDmaapConsumer - CMNotifyDmaapConsumer received ResponseMessage: No such topic exists.-[CM-NOTIFICATION]
INFO 2024-03-25 17:46:07.551 +0000 SdncDmaapConsumer - SdncDhcpEventConsumer received ResponseMessage: No such topic exists.-[VCPE-DHCP-EVENT]
INFO 2024-03-25 17:46:02.473 +0000 SdncDmaapConsumer - SdncLcmDmaapConsumer received ResponseMessage: No such topic exists.-[SDNC-LCM-READ]
INFO 2024-03-25 17:46:02.472 +0000 SdncDmaapConsumer - OofPciPocDmaapConsumers received ResponseMessage: No such topic exists.-[SDNR-CL]
INFO 2024-03-25 17:46:02.448 +0000 SdncDmaapConsumer - SdncRANSliceDmaapConsumer received ResponseMessage: No such topic exists.-[RAN-Slice-Mgmt]

TSC Decision request for "NewDelhi"
- → if we disable MR, should we disable SDNC DmaaP Listener ?

DCAEGEN2-Services MSs
- dcae-ves-collector →
  - OOM https://gerrit.onap.org/r/c/oom/+/137002?usp=search
  - code: https://git.onap.org/dcaegen2/collectors/ves/commit/?id=47195e4ac559963cd33dc155f219bd2b127ef025
- dcae-prh → , https://gerrit.onap.org/r/c/oom/+/137153
- dcae-pmsh
- dcae-tcagen2
- dcae-son-handler
- dcae-slice-analysis-ms
- dcae-heartbeat
- dcae-kpi-ms
- dcae-datafile-collector
- dcae-snmptrap-collector
- (UPDATE info by DT) So there is a DCAE SDK for interaction with DMaaP.
  We have changed the implementation of that SDK to talk to Kafka directly.
  This new SDK is now used in VES collector and PRH services.
  If other services are using the SDK to talk to DMaaP, they can use this new version now.
  We have updated documentation of this SDK as well.https://docs.onap.org/projects/onap-dcaegen2/en/latest/sections/sdk/apis.html
- TSC Decision request for "NewDelhi"
  - → if we disable MR, should we disable all DCAE MS, which are not migrated to native Kafka ?

Hardening Istio with SPIRE/SPIFFE (https://blog.spiffe.io/hardening-istio-security-with-spire-d2f4f98f7a63) → need to check within DT
Used in Nephio
- see https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_31
- FYI, Service Mesh + SPIFFE infrastructure ongoing study in Nephio, Study: Nephio security collaboration study
- There is a separate study in Nephio for workload registration and workload/node attestation, https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_40
- https://docs.google.com/document/d/1IwWVGASgdOuLHCHYg82WaZaHdOEXyOM1/edit?pli=1#heading=h.nzahaii2p80p
- https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2bd96dea01c_0_1
Tata (ematpil ) install ONAP Montreal/London and made improvements
- will show improvements Tata did and might contribute to OOM
- Presentation shown: (Platform Customization-oom v2.pptx) .
- → Enhancements proposed:
  - Security enhancements (e.g. Keycloak/OAuthProxy, AuthorizationPolicy,...) eg: authentication.tar, oauth2 +KC research: rbac_research_wrap.pdf
  - Logging enhancements,...

...

External Kafka access → https://gerrit.onap.org/r/c/oom/+/133767
- Doc: Test external Kafka access in London
SDNC CallHome (SSH) → part of https://gerrit.onap.org/r/c/oom/+/133861
Plan to update _ingress.tpl for Gateway-API support and AuthorizationPolicy

...

(2023-05-03: No update)

Documentation: Oauth2-Proxy implementation and configuration
Oauth2-Proxy: https://gerrit.onap.org/r/c/oom/+/130445
Adding Oauth2-proxy client to ONAP realm: https://gerrit.onap.org/r/c/oom/+/133699

...

Versions Compared

Old Version 1

New Version Current

Key

Agenda

Page Comparison

Versions Compared

Old Version 1

New Version Current

Key

Agenda