Attendees:
Yan, duanshuaixing, haibin, jinhua, jothish, Mahendra, mingzhang, Pingjing, maopeng, Pramod, Tianxing, GL
Agenda:
- VF-C committer adjustment
- VF-C database migration discussion with OOM team
- VF-C Existing Vulnerability
Meeting Slides:
View file | ||||
---|---|---|---|---|
|
View file | ||||
---|---|---|---|---|
|
Minutes:
- VF-C committer adjustment
Yan announce VF-C committer update, congratulations to LiLai,Bharath and ruoyu - VF-C database migration discussion
Jinhua introduce VF-C DB current implementation
Mahendra introduced the mariadb provided by OOM and also mentioned that in Dublin release, the helm chart ownership will be transferred to each project, but OOM team also provide help and will review all the changes.
Pramod said that how to do this migration need the concrete requirements, Yan said that VF-C db current only a stateless pod, need to be persistent and meet HA requirements.
Because APPC have implemented the DB migration in Casablanca release, Mahendra suggest we can reference APPC implementation and VF-C team can assigns a person to work with them together to do the future work. - VF-C Existing Vulnerability
Yan list VF-C remaining critical security issue from level 7 to level 10 and still have 30 issue need to be solved. mainly for ems-driver, huawei-vnfm-driver, multi-vim proxy , juju-driver and resmangement.
For “jackson” libraries , Security subcommittee suggest to replace “jackson” libraries with GSON. And the reason is that GSON is a comparable package and a replacement strategy for ONAP.[Requirement] All projects MUST migrate from the Jackson Data Processor packages to the GSON packages unless the Jackson dependency is inherited from an outside project such as ODL.
- VF-C requirements collection for Dublin release
Yan has created the Jira ticket for each requirements. SOL003 alignment ticket haven't been created , will create this week.
For ccvpn usecase , Yan said there are two functional requirements for VF-C , one is that ccvpn team would like to use VF-C to deploy vCPE and another requirements is from chinatelecom about SFC, this two discussion will need more discussion with CCVPN team, then we need combine with our resource to see whether this will be merged into VF-C Dublin requirements.
Action:
- Yan will sent email to call for volunteer to work with OOM team to do the database migration
- victor and guirong need focus on the remaining vulnerabilities
- Yan contact ccvpn team to see which vendor's vCPE will need to be supported by VF-C and get the contact person to maopeng
- SOL003 alignment , the high priority alignment interface need to be identified and create the corresponding ticket(Yan)