Recording:
Attendees:
Discussion items:
START RECORDING
...
Update 6 June: Andy Baxter provided presentation
Update 13 June: Is it necessary to encrypt services behind the reverse proxy (msb/haproxy/kubernetes ingress controller)?
Update 11 July: Yes, it is. AAF is providing a new simplified client and new instructions for setting up AAF in the labs by the end of the week
Currently AAI is using HTTPs w/ Basic Auth. SECCOM is recommending 2-way TLS with CADI. Jonathan Gathman will issue certificates - unsure if all devs can/should request a cert from AAF for dev/test. AAI will evaluate if the new client and documentation is adequate to build a service with AAF + 2way TLS in time to socialize it to clients - if we can't deliver a working system w/ 2 -way TLS by M3 (API Freeze) we'll continue to use Basic Auth and load the existing credentials into AAF.
With HAPROXY, the client cert subject and issuer are placed in HTTP headers and passed along to the service. The service can send the DNs of the subject + issuer to AAF, and AAF will determine if the client is allowed to access the resource.
Update 18 July: Documentation expected to be available next week, awaiting additional information from AAF.
Update 25 July: Former user (Deleted)will look At HAProxy with AAF; Venkata Harish Kajur will send demo link to Former user (Deleted).
Update for 15 Aug: Blocked by AAF-427 - Unable to create a user with password Open . Sparky-fe might be impacted by changes in the way AAF is used by the portal app. Members of the AAI team who work on the UI will attend the portal calls (Wednesdays @ 1500 UTC) to see if there is code impact due to the portal AAF updates.
Update for 5 Sep:
...
cadi_truststore_password
...
cadi_latitude cadi_longitude
...
...
Why don’t we use DMAAP to communicate with other systems (inbound and outbound) but we do it through a REST API? If we use DMAAP, we wouldn’t need a proxy, it would be easier to scale services and we would have a looser coupling between
Update 24 Aug
Proposal reviewed by: James Forsyth, Venkata Harish Kajur, Robby Maharajh, Former user (Deleted)
Conclusion: It is better to use REST as opposed to DMAAP in A&AI.
Reasons:
- The DMAAPs messaging system is unstable (message loss and duplication observed in the past)
- DMAAP is much more complicated compared to REST
- It is too costly to change A&AI clients from REST to DMAAP
...
...
Checking license headers in java files is wrong. I get the following message
Failed to execute goal com.mycila:license-maven-plugin:3.0:check (default) on project aai-resources: Some files do not have the expected license header ....
When I change
* Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
to
* Copyright © 2018 Orange Intellectual Property. All rights reserved.
Is only AT&T header allowed or the script that checks it is misconfigured?
...
...
...
The AAI team needs a strategy for integrating with AAF and AAF certificate manager, including potentially using 2-way TLS in R3.
AAI-32 - Integrate with AAF Open
- Venkata Harish Kajur
- William LaMont
- Giulio Graziani
- CT Paterson
- Tian Lee
- William Reehil
- Manisha Aggarwal
- Liwa Layouni
- Shirley Morgan
Discussion items:
START RECORDING
AAF and TLS in Casablanca | The AAI team needs a strategy for integrating with AAF and AAF certificate manager, including potentially using 2-way TLS in R3. AAI-32 - Integrate with AAF Open Update 6 June: Andy Baxter provided presentation Update 13 June: Is it necessary to encrypt services behind the reverse proxy (msb/haproxy/kubernetes ingress controller)? Update 11 July: Yes, it is. AAF is providing a new simplified client and new instructions for setting up AAF in the labs by the end of the week Currently AAI is using HTTPs w/ Basic Auth. SECCOM is recommending 2-way TLS with CADI. Jonathan Gathman will issue certificates - unsure if all devs can/should request a cert from AAF for dev/test. AAI will evaluate if the new client and documentation is adequate to build a service with AAF + 2way TLS in time to socialize it to clients - if we can't deliver a working system w/ 2 -way TLS by M3 (API Freeze) we'll continue to use Basic Auth and load the existing credentials into AAF. With HAPROXY, the client cert subject and issuer are placed in HTTP headers and passed along to the service. The service can send the DNs of the subject + issuer to AAF, and AAF will determine if the client is allowed to access the resource. Update 18 July: Documentation expected to be available next week, awaiting additional information from AAF. Update 25 July: Former user (Deleted)will look At HAProxy with AAF; Venkata Harish Kajur will send demo link to Former user (Deleted). Update for 15 Aug: Blocked by AAF-427 - Unable to create a user with password Open . Sparky-fe might be impacted by changes in the way AAF is used by the portal app. Members of the AAI team who work on the UI will attend the portal calls (Wednesdays @ 1500 UTC) to see if there is code impact due to the portal AAF updates. Update for 5 Sep:
| ||
PNF PnP Use Case | |||
CCVPN Use Case | |||
Springboot | Casablanca using 1.5.15 | ||
NexusIQ | Issues need to be remediated or have a plan before M4. | ||
Node Port Exhaustion in OOM | https://lf-onap.atlassian.net/wiki/display/DW/OOM+NodePort+List | ||
HPA Telemetry | Dileep Ranganathan | Christina Monteleone suggested the compute node data could be stored in the pserver type instead of creating a new type. Open question about who creates the pserver in ONAP, James Forsyth needs to track down the component that is responsible. Need to add a relationship between flavor and pserver. Add new HPA Telemetry types to the schema and create edges between them and the pserver. Limit on attributes of vertices might be around 2k, Venkata Harish Kajur will check into it. James Forsyth will follow up on https://gerrit.onap.org/r/#/c/58175 with Christina Monteleone | |
A&AI REST services | Why don’t we use DMAAP to communicate with other systems (inbound and outbound) but we do it through a REST API? If we use DMAAP, we wouldn’t need a proxy, it would be easier to scale services and we would have a looser coupling between Update 24 Aug Proposal reviewed by: James Forsyth, Venkata Harish Kajur, Robby Maharajh, Former user (Deleted) Conclusion: It is better to use REST as opposed to DMAAP in A&AI. Reasons:
| ||
Checking license headers in automatic build is wrong | Checking license headers in java files is wrong. I get the following message Failed to execute goal com.mycila:license-maven-plugin:3.0:check (default) on project aai-resources: Some files do not have the expected license header .... When I change * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. to * Copyright © 2018 Orange Intellectual Property. All rights reserved. Is only AT&T header allowed or the script that checks it is misconfigured? | ||
HEAT deployment issues | We think we have all the mS building; once we've proved that a HEAT based deployment works in our local test env, we'll push updates to the test-config for the new versions of the mS | ||
SONAR coverage on new repos | Line coverage on graphAdmin is currently at 28%. In the next sprint, the plan is to move the coverage up considerably; goal for Casablanca is 50%. | ||
5G PNF Software upgrade | We have a 5G related functionality in Change management, 5G PNF Software upgrade. https://wiki.onap.org/display/DW/5G+-+PNF+Software+Upgrade. Right now, PNF software version is modeled and accepted in SDC, and also approved in Modeling subcommittee and TSC.https://wiki.onap.org/display/DW/TSC+2018-07-26+Meeting+Agenda. (Modeling report) We are not familiar with A&AI. The target of this functionality is to update PNF Sw version when upgrade completion with specified pnfid. Could you and your team give us some help on this? 1) Is there any available APIs provided by AAI for this? 2) If yes, can you give me some details on it. If not, could you and AAI team provide support in Casablanca? We would like to provide contributions if needed. wangyaoguang to follow-up with SDC team and send conclusion results to James Forsyth | ||
GraphGraph | GraphGraph is an aai schema/model visualization system for which an early prototype has been built as part of ECOMP. | ||
R3 Casablanca Commitments | Update 18 July: wiki page to reflect Casablanca deliverables. AAI R3 M2 Deliverables for Functionality Freeze Milestone Checklist Venkata Harish Kajur working to complete the M2 milestone template | ||
Platform Maturity Requirements for Casablanca | Reviewed recommendations from the ONAP F2F meeting - Jason Hunt's slides are here: Casablanca Release Developers Forum Session Proposals | ||
API Versioning | AAI is considering the ONAP API Common Versioning Strategy (CVS) Proposal in Dublin AAI-1185 - Versioning for ONAP Components with Backward Compatibility Open Christina Monteleone invited to next week's meeting to discuss the restructuring. Update 6 June: API Versioning has been moved to 1902 release. Update 18 July: Moved to Dublin release | ||
Datagrooming | Andrew Muller and Former user (Deleted) | Champ is coming in Casablanca and will serve as the graph abstraction layer used by resources. Duplicates and other badness happens when multiple nodes are operating on the same objects concurrently. We need to investigate how to use potential locking features or other mechanism to prevent duplicates. Steve Blimkie will look for volunteer inside Amdocs to look for an owner of an Epic that James Forsyth will open in JIRA for Casablanca. The Datagrooming tool recognizes bad data like duplicates and "phantom nodes" Venkata Harish Kajur to create a US to document the datagrooming steps/parameters for Beijing. | |
Casablanca | We'll discuss upcoming Casablanca requirements, get a brief status on the Historical Data Tracking feature. Update 13 June: Face-2-Face Beijing conference next week; Functional use cases (Schema enhancements), new node types, non-functional requirements and code coverage (70% - 80%) will be output from conference; Evaluate the Kubernetes Ingress Controller as replacement for HAProxy; integrating the services with AAF using Cady. Update 18 June: Evaluation of Ingress Controller | ||
PNF Plug and Play w/ A&AI in Casablanca | PLUG AND PLAY USE CASE WIKI: 5G - PNF Plug and Play A&AI ENTRY FOR PNF PnP: 5G - PNF Plug and Play#5G-PNFPlugandPlay-STAGE2-PNFA&AIENTRYUSEDBYPNP There are a number of A&AI topics:
|
Versioning | Former user (Deleted) made a cool script to compare what's in nexus vs. what's in git - it's very cool, thanks, Pavel! |
Code Coverage Policy Enforcement | For aai-common, resources, and traversal we've enabled jacoco threshold to make sure that code coverage doesn't fall on a commit. This will prevent users from contributing code that would negatively impact the overall code coverage on a repo. Let's discuss enabling this across the board on all AAI repos. Update 11 April: James Forsyth and Venkata Harish Kajur - Look at automated PoC polling script, add test coverage. Update 13 June: Code coverage for Casablanca expected to be 70 - 80% level. Update 26 June: Code coverage is set to 50% for Casablanca. Need js coverage Update 18 July: aai-sparky-be showing as 49.3, team aware and working on it. Update 01 Aug: 50% line coverage requirement before M4; Spike needs to be renamed (needs aai in front). Michael Arrastia to follow-up. | ||
CII Badging | Wiki page with instructions on the process: CII Badging Program We have two CII Badging submissions currently active on CII Best Practice Badge Program: 1) AAI and 2) Sparky-fe The team needs to decide how to split up the project - AAI is too big to fit under a single project. James Forsyth proposes the following breakdown for CII badging: 1) AAI core (REST providers and common code): James Forsyth - Project created, ongoing progress.
2) GUI - Arul Nambi - Need to include more repos to the current "front-end" project
3) Model loader - Tian Lee / Mark Tooski- Need to create projects
4) ESR - Zi Li - Project is created, still ongoing process to meet all the requirements
The idea is that we assign one key person who will be responsible for getting the badge on their set of repos. This is just a suggestion, and I invite discussion, re-categorization, and complete rewrites. Owners of the sets can decide whether it makes sense to group sets into one CII badging request, or split. Every repo above must be included in 1 CII submission. 23 Feb: Need readout next week per repo as to where we stand and how we can close before M4 (3/29). Zi Li and Arul Nambi will work together to see if same kind of scan will work for both components 2 March: SONAR will not report on java script based so those need to be run manually via another tool locally. Update 3/8: Urgent - need to document our plan and have a commitment to get to 50% coverage by m4. Preferably sooner to prevent giving your PTL a heart attack. Offending repos:
ALSO: if your repo is part of Beijing but is NOT part of the SONAR scan, (Venkata Harish Kajur, graphadmin leaps to mind) please fix that ASAP Update 9 March: Steve Blimkie needs James Forsyth’s signoff on moving small libraries within event and rest clients to aai.core; Spike and Gap not used in Beijing; Tian Lee to create project for Model loader; may need secondary URL describing model-loader but point to aai.core. Gizmo – Giulio Graziani requesting adding it to his team's work list. Common – Venkata Harish Kajur working on Router-core – AMDOCs to work Update 16 March: James Forsyth to verify on PTL call if all vulnerabilities 4 or above need to be cleared in order to pass. Update 21 March: Title of project must have ONAP as the first word; Mark Tooski to pickup Tian Lee's action items while he is out. Update 4 April: We are at 97% Update 13 June: CII Badging level for Casablanca to move from Passing to Silver Update 27 June: Team would like to adopt name of repo included in the label Update 18 July: Activity will continue in Casablanca, same people will continue to report. Update 01 Aug: James Forsyth to send Steve Blimkie and Tian Lee listing of new repos added for Casablanca. |
...
- Venkata Harish Kajur -create a bug in beijing release for dmaap messages are not correct. It looks like the version is being set as v11 even though the api is v13.
- James Forsyth to follow-up on NexusIQ
- James Forsyth to follow-up with @Arul on Sparkey-be java code coverage
- wangyaoguang to follow-up with SDC team and send conclusion results to James Forsyth
- James Forsyth to send Steve Blimkie and Tian Lee listing of new repos added for Casablanca.
- James Forsyth will check with Michael Lando about TOSCA inventory types in ONAP
- James Forsyth - follow-up with Arul Nambi on sparky-fe code coverage