Update Jiras

Oslo Package

Amy Zwarico 

Paweł Pawlak 

LF IT Support

• Oslo related Wiki under creation by Byung, Release Planning: Oslo
• Project Status in Oslo Release
• Oslo Release Key Updates,  PTL, update them by end of September
• The Architecture diagram for Oslo, Oslo-R15 Architecture Diagram
• Oslo Architecture main wiki pages, Oslo-R15 Architecture/ArchCom Wiki Page ; see its sub directories for project architecture pages
• O-parent removal from Oslo??
  • Ericsson presented their O-parent removal experience to the TSC meeting
  • See Adheli's Removal of O-Parent from Policy, Removal of O-Parent from Policy 
  • Each PTL needs to open a Jira ticket for O-Parent removal from their projects
  • For the projects without PTLs, SECCOM will open a Jira ticket 
• ARCCOM: open for requirement/architecture reviews - target date: by end of September
  • Dan Timoney plans to update the key updates wiki page for CCSDK and SDNC
  • As needed, schedule requirement and architecture review with ARCCOM (Byung-Woo Jun )
    • Dan Timoney plans to schedule CCSDK and SDNC requirement and architecture reviews soon
    • Other PTLs will add key updates
• DT supports Argo CD-based deployment support the resolution? Andreas Geißler , Marek Szwałkiewicz , 
  • WIP (DT is working on it)
• Thomas Kulik , any update ? Fiete Ostkamp , worked on SDC for outdated Ruby - will update...
• Dong Wang (China Telecom) will share the China Telecom's vision for Oslo at the TSC this Thursday.

Byung-Woo Jun 

• ONAP Streamlining Documentation Enhancements for Oslo:
  • Defining ONAP Core components and extensions (e.g., lightweight ONAP, optional components)
  • Core component functions
  • Installation guide, including ArgoCD-based deployment options
  • configuration guide
  • User guide 
  • Use cases by operators and vendors
  • reference architecture (component, interface, security, function...) for lightweight ONAP
• PTLs will be contacted for their help as needed.

Andreas Geißler 

• An ArgoCD deployment to provide an alternative the helm deployment. Marek Szwałkiewicz , Andreas Geißler , any update? Andreas Geißler will check with Marek

• CCSDK A1 controller committer permission for John Keeney;
• Dan Timoney , said he is going to start the process, and John Keeney created a proposal, Committer Promotion Request for CCSDK repo - John Keeney.
• According to John Keeney (Ericsson EST) , these are the A1PMS activities, https://gerrit.onap.org/r/q/project:ccsdk%252Foran 

• ONAP logo change update, Thomas Kulik , https://gerrit.onap.org/r/q/%22new+onap+logo%22+-status:merged ; use the new ONAP logo where applicable...
• Thomas Kulik , will update next week after DT works at next TSC meeting

• Dan Timoney promoted John Keeney (Ericsson EST) as an CCSDK committer
  • TSC approved the promotion last Thursday.
• Thomas Kulik , any update ? Fiete Ostkamp , worked on SDC for outdated Ruby - will update...
• Dong Wang (China Telecom) presented the China Telecom's vision for Oslo to the TSC last Thursday, 
  • Recommendation for LFN,ONAP Evolution.pdf

Byung-Woo Jun 

• ONAP Streamlining Documentation Enhancements for Oslo:
  • Defining ONAP Core components and extensions (e.g., lightweight ONAP, optional components)
  • Core component functions
  • Installation guide, including ArgoCD-based deployment options
  • configuration guide
  • User guide 
  • Use cases by operators and vendors
  • reference architecture (component, interface, security, function...) for lightweight ONAP
• PTLs will be contacted for their help as needed.
• Byung-Woo Jun , started the documentation for ONAP Streamlining here, ONAP Streamlining Evolution

Andreas Geißler 

• An ArgoCD deployment to provide an alternative the helm deployment. Marek Szwałkiewicz , Andreas Geißler , DT is working on it.
• 2 images failing on smoke tests - Marek is working on it.  For TSC meeting voting for Python 2 dependencies removal.

Update Jiras

Oslo Package

Amy Zwarico 

Paweł Pawlak 

Oslo task: [REQ-1592] PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR OSLO RELEASE - ONAP JIRA

Epic: https://jira.onap.org/browse/REQ-439

AAI: [AAI-3941] AAI PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR NEW DELHI RELEASE - ONAP JIRA

CCSDK: [CCSDK-4042] CCSDK PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR NEW DELHI RELEASE - ONAP JIRA

CPS: [CPS-2342] CPS PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR NEW DELHI RELEASE - ONAP JIRA

DCAE: [DCAEGEN2-3414] DCAE PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR OSLO RELEASE - ONAP JIRA

Multicloud: [MULTICLOUD-1507] MULTICLOUD PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR OSLO RELEASE - ONAP JIRA

Network Controller: [SDNC-1844] NETWORK CONTROLLER PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR OSLO RELEASE - ONAP JIRA

Policy: [POLICY-5103] POLICY PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR NEW DELHI RELEASE - ONAP JIRA

PortalNG: [PORTALNG-114] PORTALNG PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR OSLO RELEASE - ONAP JIRA

SDC: [SDC-4690] SDC PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR OSLO RELEASE - ONAP JIRA

SO: [SO-4130] SO PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR OSLO RELEASE - ONAP JIRA

UsecaseUI: [USECASEUI-840] UUI PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR OSLO RELEASE - ONAP JIRA

LF IT Support

• Pending ticket opened by Marek:

  https://jira.linuxfoundation.org/plugins/servlet/desk/portal/2/IT-25573

  • Kevin Sandi - a workaround solution will be tried;
  • Marek / Matthew - automatic building solution is needed; escalate this? Waiting for feedback from Marek 
  • Kevin/Matt/Kevin - create a ticket and try a solution (maybe Github action helps? PoC??)
  • Some action plans and updates next week
  • Kevin and Marek are working on it, testing and deployment. will report its status - 90% is working; WIP; scheduled for next week update
  • wait for argo-cd deployment update. will revisit...
  • wait for Marek's return

  Kevin: Jenkins' sandbox; security patching is working fine; downtime would be 30 mins; will notify the downtime by email to ONAP community - WIP

  Thomas Kulik - issues with Portal-NG and other documentation - 

  Kevin / marek: WIP; update in two weeks.

  IT-26899 Project is not created in RTD - Kevin; found a root cause; almost done, pushed the fixes;

  Marek: Verifying of fixing; will follow up when Thomas Kulik  and Fiete Ostkamp back - next week report; related to RTD pipeline?  need further testing

  Ticket opened by Tony: IT-26848 - Tony is checking on it, still has issues; Kevin will work on it; Let us know.

• • Kevin Sandi , working on it; removing gerrit plugins as a possible solution; update the ticket with findings and will check them with Tony

Byung-Woo Jun Paweł Pawlak 

CISA report on memory safe code: 

• joint-guidance-exploring-memory-safety-in-critical-open-source-projects-508c.pdf, 
• The-Case-for-Memory-Safe-Roadmaps-508c.pdf
  

  
  

• Maggie (NSA; SECCOM) forwarded the NIST special publication on Service Mesh Proxy Models for Cloud-Native Applications. It is pretty good documentation on Service Mesh, Threat analysis and recommendations, https://csrc.nist.gov/pubs/sp/800/233/ipd , https://doi.org/10.6028/NIST.SP.800-233.ipd

• 2 actions:

  1. OpenSSF- add/update their guidelines; Tony - Tony will check with OpenSSF 
  2. Locally for ONAP: impact assessment and reviewing if there are opportunities to remove those languages.

• Added memory safe code guidance to the architecture security review template, ONAP Component Architecture Review Template. PTL, please take a look at it.

Other Improvement suggestion

Andreas Geißler  Dan Timoney 

1. Complete the upgrade to Potassium originally planned for New Delhi. This work is almost complete – I expect to finish within the next week or so.
2. Complete the work needed to migrate our internal interfaces from the Bierman format to RFC 8040.
3. If time permits,  upgrade to OpenDaylight Calcium release. 

We have been advised that the OpenDaylight Calcium release is a major upgrade, with a significant amount of breaking changes.  So, I would say there is significant risk that the Calcium upgrade might not complete in time for Oslo.  My plan would be that we would release an initial Oslo version of CCSDK and SDNC that is based on OpenDaylight Potassium release to OOM as soon as it is a available so that we avoid a last minute impact.  Once that is complete, I’ll create our oslo branches and use our master branch to begin work on the Calcium port. If that port is completed in time to make Oslo, great – we’ll cherry pick it to the oslo branch and include it.  If not, then our Oslo code base remains stable on Potassium and the Calcium port will complete in the Paris release.

One more word on releases: my plan going forward is that the New Delhi release will be considered a “long term support” (LTS) release for CCSDK and SDNC.  That is to say, we’ll provide security updates and other critical fixes as needed for that release so that any clients that find themselves unable to migrate to RFC 8040 for whatever reason will still have support, with the understanding that they will remain on the OpenDaylight Argon release.

Dan Timoney , is working on this to remove Biermann API; he will update its status. Once it is done, please let the SO team (Sankar) know. Thanks.

Paweł Pawlak 

Amy Zwarico 

1. Recommended packages upgrades are available on the restricted Wiki. Jiras to be created per project. 

   •  Oslo/wiki/spaces/SV/pages/16094458

   Need to check NG Portal status CLM jobs. Any update?

 - no solution for now:

• • 6/24/2021: PortalNG reports in spreadsheet on protected wiki page - New Delhi Package Updates - Security Vulnerabilities - Confluence (onap.org)

Ticket opened by Fiete: https://jira.linuxfoundation.org/plugins/servlet/desk/portal/2/IT-26527 (ticket is closed)

•  ongoing; Jessica and Fiete are discussing this.

We are missing NG Portal UI CLM job.

List of the ONAP components to be disabled prepared by Andreas: 

OOM New Delhi Release

On April 18th, TSC approved the list.

Ticket opened by Fiete for UI CLM scan: https://jira.linuxfoundation.org/plugins/servlet/desk/portal/2/IT-26882 - not a maven based project - an issue? To be further eleborated with Jess.

Fiete Ostkamp ,

Matt Watkins , will follow up. Please let us know the outcome. 

Chef dependency in SDC related to Ruby conflict (2.0 is pretty old)  

Paweł Pawlak 

Byung-Woo Jun 

Reference: https://www.checkov.io/1.Welcome/What%20is%20Checkov.html

• Open Source Summit Europe, 16-18 September, Vienna, Austria,  https://events.linuxfoundation.org/open-source-summit-europe/program/schedule/?utm_campaign=Open%20Source%20Summit%20Europe%202024&utm_medium=email&_hsenc=p2ANqtz--PLfjC2kdB72Wx4XhOtjd6bwBvLLrdHV1DgPkYzqDK9cRnhL3sp2wYC4MtZWhqGGElYxHdkvMaIgDLVAx0ZQS2YsStnQ&_hsmi=311371508&utm_content=311371508&utm_source=hs_automation 
• Kubecon and CloudNativeCon North America 2024 (November 12-15), https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/?utm_source=google&utm_medium=paid-search&utm_campaign=kubecon-na-2024&utm_term=events-kubecon-na-2024-cncf&utm_content=kubecon-na_rsa&campaignid=21541954784&adgroupid=166431838780&creative=708046449585&matchtype=e&network=g&device=c&keyword=kubecon%202024&utm_term=kubecon%202024&utm_campaign=Events+-+KubeCon+NA+2024+-+CNCF&utm_source=google&utm_medium=ppc&hsa_acc=8666746580&hsa_cam=21541954784&hsa_grp=166431838780&hsa_ad=708046449585&hsa_src=g&hsa_tgt=aud-2235032889006:kwd-2276042045987&hsa_kw=kubecon%202024&hsa_mt=e&hsa_net=adwords&hsa_ver=3&gad_source=1&gclid=Cj0KCQjww5u2BhDeARIsALBuLnO86USewI8c0_a4uKus91l491oBwGC-cQoGruwKx3Sz5WUeGTuCFa0aAj_3EALw_wcB