This centralized page, for all Frankfurt projects, is aimed at identifying the risks as they are foreseen within the release life cycle.
A Risk that materialized becomes an Issue.
Status:
- Identified: a risk that has been identified, but has not yet been analyzed / assessed yet
- Assessed: an identified risk which currently has no risk response plan
- Planned: an identified risk with a risk response plan
- In-Process: a risk where the risk response is being executed
- Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided
- Not occurred: a risk that was identified but that did not occur
- Rejected: created and kept for tracking purposes but considered not to be used yet
Risk ID | Project Team or person identifying the risk | Identification Date | Risk (Description and potential impact) | Team or component impacted by the risk | Mitigation Plan (Action to prevent the risk to materialize) | Contingency Plan - Response Plan (Action in case of the risk materialized) | Probability of occurrence (probability of the risk materialized) High/Medium/Low | Impact High/Medium/Low | Status |
---|---|---|---|---|---|---|---|---|---|
#1 | AAF | 11/6/2019 | AAF continues to have Resource issues for regular AAF work. | No specific Team or component is impacted. | If required, we will request a waiver for JUnit requirements. | Medium | Medium | Unknown | |
#2 | 11/6/2019 | Description: Projects dependent on oparent are blocked from migrating to Java 11 until oparent v3 is released. Risk: oparent v3 release may happen too late in the Frankfurt release cycle to enable projects to migrate to Java 11 on schedule. | All projects dependent on oparent. | Release oparent v3 ASAP to give projects enough time to complete Java 11 migration within the Frankfurt schedule. | Complete migration in the Guilin release (1H20) | Medium | Low | V3 in process and expected to be released by the end of Nov '19. | |
#3 | Vijay Kumar (DCAE) | 12/19/2020 | DCAE - MOD delivery (Self Serve Control Loop) Recent resource change impacts delivery of MOD scope planned under REQ-9 | CLAMP | Prioritizing MOD functional delivery for Frankfurt. CLAMP integration and other non-functional requirement ( | Complete MOD delivery for Guilin release and continue SDC-DS for Frankfurt | High | Low | 3/2 - In-Process (mitigation plan identified is being worked) 1/9 - Assessed. CLAMP support through manual workaround for Frankfurt 12/19 - Will be reviewed early Jan and feasibility assessed |
#4 | AAI | 1/9/2020 | Description: AAI UI update to portal 2.6 Risk: Resource contention on AAI means that we might not make the backend software change by M2/M3 | AAI | Asked for resources, Amdocs has committed to provide a resource to look at it over next several weeks but M2/M3 is unlikely | Portal team might have suggestion | High | Low, UI is not heavily used | |
#5 | AAI | 1/9/2020 | Description: Securing Elasticsearch with FOSS Risk: The AAI team does not have a path forward to enable encryption with a component with an acceptable license. Reached out to Steve Winslow for guidance and his response was that the approaches we had considered are unacceptable. | AAI | Solicit suggestions for alternatives that can be used without license issues | Continue with unencrypted use of Elasticsearch | High | Low | 24 Feb 2020: AAI will continue to use unencrypted communication with elastic |
#6 | SDC | 1/13/2020 | The OVP Testing and Certification Support Within SDC (Frankfurt) feature might not be delivered in R6 | SDC | Asking community for resources | The feature won't be delivered | High | Medium | Planned |
#7 | SDC | 1/13/2020 | Secured connection to Cassandra might not be fully delivered in R6 | SDc | Asking community for resources | Secured connection will be developed in certain areas, while other areas will be left unsecured. Work will be completed in R7 | High | Medium | Planned |
#8 | MUSIC | 1/14/2020 | MUSIC https support maybe not be fully delivered by Frankfurt release | OOF | Asking community for resources | This will not affect functionality and work will be completed in the next release if we get community resources | High | Medium | Work in Progress with IBM helping |
#9 | INTEGRATION | 21/12/2019 | Description: WIndriver lab availability after lab move Risk: no resources for developers | Integration | create ONAP stack on Azure | find the budget to deploy new stacks | low | high | De-scoped (move went well) |
#10 | CLAMP | 19/12/2019 | DCAE-MOD CLAMP interaction | CLAMP | prioritizing other functionalities above this one and relying on manual operation to go around DCAE-MOD in case the CLAMP code is ready(depending on priority/resources). | Work will be complete in Giulin release depending on DCAE-MOD and available resources/priorities. | High | Low | Planned |
#11 | SO | 06/01/2020 | AAF integration is blocking the OJSI issues | SO | AAF related changes are not yet merged that is blocking the OJSI issues. | In discussion with security subcomitee. | Med | Med | Working with eth security subcomiittee. |
#12 | Policy | 1/21/2020 | Multi Arch work and move to docker hub: Policy asked the work to be finished by M2/M3, which was agreed to in December. But in January we heard very little. Emails went unanswered. We asked for help during the JDK 11 migration for docker images, and got no response. | Policy | Policy will remove commitment from being the test project in Frankfurt. | Jobs will not be merged. | High | Low | 3/4 - will attempt to get this work finished for Frankfurt. May delay image delivery as we need help from LF with sandbox testing of the arm images. |
#13 | OOM | 1/21/2020 | Concerns around significant changes required to helm charts has force the decision to delay their transfer to the project teams. During the Frankfurt release helm charts have been in great flux due to new capabilities support being added for Service Mesh, Ingress, Storage Provisioners, k8s 1.16 support and standardized templating. | SO, Portal, SDC, DMaaP, CDS, SDNC, Policy | OOM-1240 will be moved out to next release | Helm chart evolution | High | Low | Planned |
#14 | MultiCloud | 1/21/2020 | MultiCloud Azure plugin is lacking of committed resources, this will result in failing to meet sonar goal as well as potential security vulnerabilities | No specific project or component is impacted by this risk. | Ask for help from community | Asking for waiver to sonar goal as well as security vulnerabilities | High | Low | Requesting waiver or de-scope multicloud-azure module |
#15 | DMaaP | 1/22/2020 | DMaaP components will not be able to remove http ports due to client applications not able to migrate to https in Frankfurt timeframe. | DMaaP, DCAE | http port will be removed in Guilin release once all applications are able to migrate to https | http port will still be exposed | High | Low | Planned |
#16 | PORTAL | 1/22/2020 | Concerns that ONAP components are unable to reach their applications through Portal | Available resources | recommendation to use workaround to use 260 instance | High | High | 1/24 resolution still under review | |
#17 | AAI | 2/13/2020 | AAI will not be able to migrate to Java 11 for Frankfurt | AAI | Stay on Java 8 | Java 8 | High | Low | 24 Feb 2020: AAI will stay on Java 8 in Frankfurt |
#18 | AAI | 2/24/2020 | AAI will probably not meet all security requirements specified in - REQ-215Getting issue details... STATUS Staying on jdk-8 our base alpine image will probably not be secured according to outlined specifications - welcome community suggestions for bringing in a better image. Need resources to do non-root user docker images (beyond the fact that the applications run as non-root) and perform extensive regression testing on those images making sure all logging and functionality works on the new containers. | AAI | Community resources brought to the issue | Stay on existing containers | High | Low | |
#19 | SDC | 2/26/2020 | OOM | Asking community for resources | Partial service mesh PoC | Medium | Medium | A Stretch goal to RC0 | |
#20 | DCAE | 2/28/2020 | HTTPS support for new DCAE components requires AAF/cert updates. Due to lack of expertise/support in AAF this work has been stalled(AAF-1081) | DCAE | AAF Team to release new AAF bootstrap image with updates made on Windriver AAF/test instance | HTTPS will be disabled or work-around provided through documentation for manual AAF updates | High | Medium | Planned |
#21 | Policy | 2/28/2020 | CSIT for legacy Policy/engine failing due to corruption in the CSIT Jenkins Environment. This is blocking the other components from CSIT's running as triggered from Code Review. Lacking SME resources to identify the root cause of the problem which is affecting our ability to deliver other features. Integration team has not been able to provide any help with what the underlying problem is. | Policy | Remove the CSIT for that component to allow other CSIT for components being delivered to Integration to continue use. | Testing will be done in OOM environment for the legacy policy/engine | High | Low | Waiting for Integration to ok removal of CSIT for policy/engine. As the integration team prefers OOM environment to validate testing, the necessity of CSIT for this soon-to-be deprecated component is very small. Resolved - job removed. |
#22 | SECCOM / OOM / Integration | 3/2/2020 | Security tests have been integrated in CI. For frankfurt priorities have been set by SECCOM, OOM and Integration, the progress seem to be very slow | All | decrease security expectations procedures and examples have been provided to fix some critical issues (e.g. run the pod as root) | High | Medium | Amy Zwarico, Sylvain Desbureaux Krzysztof Opasiak are you OK? I wanted to add a risk line regarding the difficulty to fix security issues.#23 | |
#23 | Integration | 3/2/2020 | Windriver Openlab administration | Integration/use cases | Find a resource for lab admin | a priori no risk for Frankfurt (Marco Platania with FREEMAN, BRIAN D support) but such lab admin is very consuming. A solution shall be found for the transition F => G and beyond. In case of troubles, we could even face issue on Frankfurt for the use cases (reinstallation of SB-00 not fully succesful) | medium | High | |
#24 | OOM | 3/15/2020 | hardcoded password removal | a lot (OOM Hardcoded Passwords List) | Helm chart evolution | High | High | Krzysztof Opasiakis doing his best but work is HUGE |