2018-03-16 AAI Weekly Meeting Notes

Special one-time session, Friday March 16, 13:00 UTC, 09:00 ET.  https://zoom.us/j/704190760

Attendees 

  • @James Forsyth

  • @Venkata Harish Kajur

  • @Steve Blimkie

  • @Adrian Slavkovsky

  • @Zi Li

  • @CT Paterson

  • Jack Pugaczewski

  • Asma Shaik

  • Prakash Huawei

  • @Colin Burns

  • @Francis Paquette

  • Andrew Mulle

  • @Arul Nambi

  • @Former user (Deleted)

  • @Giulio Graziani

  • @Manisha Aggarwal

  • @Olaf Burdziakowski

  • @William LaMont

  • Rulei Ting

  • Steve B

  • @Vishnu Ram OV

  • @Shirley Morgan

Goals

  • Poll for new community meeting time

  • Discuss outstanding scan/dependency issues

  • Status on Cassandra clustering

  • AAI Administrivia

Discussion items



Beijing Demo Hostnames



How should AAI hostnames/ports being configured in AAI clients? Are we still using aai.api.simpledemo.onap.org? How do we configure the toy certificates? Will there be a new hostname for clients who connect via MSB? Perhaps @Former user (Deleted) can comment how other systems are handling these issues. If there will be multiple hostnames that clients can use to connect to AAI, should we configure SAN certificates for the demo (example: aai.api.simpledemo.onap.org:8443 and aai.msb.api.simpledemo.onap.org:10081). It is still unclear which system will serve as the demo CA to issue our server certs.

Update 16 March:

MSB will listen on port 443 - our clients will need to configure a new hostname for the MSB endpoint - https://msb-iag.onap:443 in k8

hostname:port need to be runtime configurable variables

Will there be a CA for .onap hostnames?

PATH1: Client → AAI aai.api.simpledemo.onap.org:8443 (HAPROXY) → AAI resources port 8447, AAI traversal 8446 (cert with subject aai.api.simpledemo.onap.org) - client needs to trust the signer of the onap.org CERT which currently is the openecomp.org CA

PATH2: Client → msb-iag.onap:443 MSB → aai-ms.onap which is the same service, AAI resources port 8447j, AAI traversal 8446 (will be default, probably only path after Beijing)

SAN (Subject Alternate Name) cert that allows both aai.api.simpledemo.onap.org and aai-resources.onap

Tell clients to disable hostname verfication?



M3



AAI passed M3: AAI R2 M3 Deliverables for API Freeze Milestone Checklist. Next milestone is Code Freeze, 29 March, which is during ONS conference in Los Angeles.

Update 9 March: M3 milestone was yesterday 8 March;  Plan for dev to meet the M4 deadline; submission by @Olaf Burdziakowski on pnf changes to OXM – awaiting review; @Venkata Harish Kajur merged app change from @Christina Monteleone, plan to merge second change after @Yugandhar Guntaka response.

Update 14 March: We accepted the HPA schema changes but did not accept the PNF object update.

Update 16 March: All changes are in for Beijing; Casblanca will need further discussions.



AAI Meeting Time



Some ONAP participating organizations cannot attend the AAI weekly calls because they are off Fridays, and Friday at 9PM is just cruel for our friends in China . AAI needs to move the weekly call, Tuesday or Wednesday mornings will be best options to fit the TZ requirements of the community and not conflict with the weekly TSC and other calls that @James Forsyth has to attend.

I set up a poll: https://doodle.com/poll/hhbg4sbqdgg65z44

PLEASE VOTE for your preferred time slot! This will be our new weekly community meeting time, not just for next week. An added benefit of choosing one of these three times is that when daylight savings ends in fall 2018 we won't have to move it again like we did last fall.

Update 9 March: Poll is ready for all to response on date/time.  More than one choice will be accepted.

Update 14 March: Users voted for Wednesdays at 9AM EDT, 1300 UTC



Update dmaap dependencies



In the various repos that still use com.att.nsa, it should be:

<groupId>org.onap.dmaap.messagerouter.dmaapclient</groupId>

<artifactId>dmaapClient</artifactId>

<version>1.1.3</version>

AAI-841 - Replace dmaapclient dependency Open

Update 9 March: Event-client recently added to ONAP (found in pom.xml); @Tian Lee to update to use the latest version (1.1.3) in pom.xml.  Recommendation is to use the aai.aai.event.client instead of dmaap client.  Please update each of your own micro services.

Update 16 March: @Venkata Harish Kajur to complete resources, traversal.



Babel

Damian Nowak

@Tian Lee provided an overview of Babel. Damian requested documentation, @Tian Lee and @CT Paterson suggested some docs that can be provided.

Models come into AAI thru babel, so changes to the models must be made in SDC.

Nokia is interested in model changes for 5G PNF support.

Clarified difference between service/resource models and schema.

@Tian Lee working with Damian - adding model to OXM, liasing with SDNC for models containing pnfs - will run thru Babel to see if additional work is needed;

@Olaf Burdziakowski working with Damian Nowak regarding pnfs needed

3/02: Schema changes and defined APIs needed by next Thu (8 March). 

Update 8 March: Gerrit review https://gerrit.onap.org/r/#/c/34489/ is awaiting feedback from @Olaf Burdziakowski

Update 9 March: @Olaf Burdziakowski updated OXM; Successfully tested the OXM updates in lab: set up aai instance, called API.

Any issues reach out to @Venkata Harish Kajur or @James Forsyth.  Leave this item for future meetings.



Licensing

@James Forsyth

Modified files should be tagged with a new date of 2017-2018.

Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.

AAI-747 - Change copyright year in license header on modified files to 2017-2018 Open

@James Forsyth will get clarification on what's needed for the various repos to satisfy the various orgs.

23 Feb: Jimmy has not found good solution yet.

2 March: Meeting to be scheduled between AT&T and AMDOCs regarding using license plugin and it's impact to other contributors - @James Forsyth

Update 8 March: Meeting scheduled for 12 March

Update 14 March: ATT Legal approved removing the ECOMP trademark from all ONAP files. Since all files needed to be updated, the year will be updated as well to 2017-2018.

JIRA ticket is here: AAI-855: Remove ECOMP trademark from LICENSE.TXT files in impacted reposClosed



Nexus IQ

@James Forsyth

Anything Red for Security Issues and License Analysis need to be fixed in order to pass M4 (29 March).

Vulnerabilities due to AJSC need to have a plan on how to mitigate.

@James Forsyth has created parent story in JIRA for each repo; need each repo owner to bring us in to full compliance.  JIRA labels added: Security, AJSCDependency

By M3 (9 March) need to have plan on how to mitigate.

Nexus IQ higher priority than CII Badging.

@Venkata Harish Kajur to provide @Richard Epp with guidance on Spring Boot templates.

3/02: @Richard Epp uploaded spreadsheet containing next candidates if vulnerabilities still exist.

Update 9 March: GREAT progress on this item - we replaced the AJSC dependencies with Springboot 1.5.1 and have cleared all critical issues from resources, down to only 2 in

Update 9 March: Main work needed for M4. @Venkata Harish Kajur working on aai.com; majority are related to AJSC, which has been dropped and replaced with spring boot 1.5.10.  @Venkata Harish Kajur has few changes still needed in pom.xml of change of parent pom (AJSC to spring boot) and AJSC dependencies to spring boot.

Aai.service – possibly remove as no longer used; @Venkata Harish Kajur to email Jimmy on removal.

Please review your responsible app and any questions send to @James Forsyth.

Update 14 March: Deadline for this for all repos is 24 March. This means all dependencies that can be upgraded will have been merged by 24 March. Any policy violations that cannot be cleare will be tracked here: AAI R2 Security/Vulnerability Threat Analysis

@Colin Burns will provide a mitigation strategy by 21 March



CII Badging

@James Forsyth

@Arul Nambi

Wiki page with instructions on the process: CII Badging Program

We have two CII Badging submissions currently active on CII Best Practice Badge Program: 1) AAI and 2) Sparky-fe

The team needs to decide how to split up the project - AAI is too big to fit under a single project.  @James Forsyth proposes the following breakdown for CII badging:

1) AAI core (REST providers and common code): @James Forsyth - Project created, ongoing progress.

  • aai-common

  • aai-resources

  • aai-traversal

  • gizmo

  • champ

  • graphadmin

  • event-client

2) GUI - @Arul Nambi - Need to include more repos to the current "front-end" project

  • sparky-fe

  • sparky-be

  • data-router

  • search-data-service

  • router-core

3) Model loader - @Tian Lee - Need to create projects

  • model-loader

  • babel


  • 4) Graph utils / eventing / logging - @Steve Blimkie - Need to create projects

  • spike

  • gap - @Tian Lee

  • graphgraph - Stretch for Beijing

  • event-client - @Tian Lee

  • rest-client

4) ESR - @Zi Li - Project is created, still ongoing process to meet all the requirements

  • esr-gui

  • esr-server



The idea is that we assign one key person who will be responsible for getting the badge on their set of repos.  This is just a suggestion, and I invite discussion, re-categorization, and complete rewrites. Owners of the sets can decide whether it makes sense to group sets into one CII badging request, or split. Every repo above must be included in 1 CII submission.

23 Feb:

Need readout next week per repo as to where we stand and how we can close before M4 (3/29).

@Zi Li and @Arul Nambi will work together to see if same kind of scan will work for both components

2 March: SONAR will not report on java script based so those need to be run manually via another tool locally.

Update 3/8: Urgent - need to document our plan and have a commitment to get to 50% coverage by m4. Preferably sooner to prevent giving your PTL a heart attack.

Offending repos:

  • aai-gizmo: 9.14%

  • aai-common: 41.9% - will have by code freeze, @Venkata Harish Kajur targets 23 March

  • router-core: 37.0% - @Francis Paquette will have by code freeze

ALSO: if your repo is part of Beijing but is NOT part of the SONAR scan, (@Venkata Harish Kajur, graphadmin leaps to mind) please fix that ASAP

Update 9 March: @Steve Blimkie needs @James Forsyth’s signoff on moving small libraries within event and rest clients to aai.core; Spike and Gap not used in Beijing;  @Tian Lee to create project for Model loader; may need secondary URL describing model-loader but point to aai.core.

Gizmo – @Giulio Graziani requesting adding it to his team's work list.

Common – @Venkata Harish Kajur working on

Router-core – AMDOCs to work

Update 16 March: @James Forsyth to verify on PTL call if all vulnerabilities 4 or above need to be cleared in order to pass.



AAI-494 - Improve API Swagger Documentation IN PROGRESS

@Richard Epp

@Former user (Deleted)

Issue 1 - Parsing of YAML file into RST format

@Richard Epp to send yaml file via email to Pavel and attach to wiki so all can see.

YAML file too large and resulting RST file cannot be read by readmedoc causing it to be unusable.

Issues parsing the YAML file into RST format - structure is not correct - structure of YAML file must follow SWAGGER structure.



Issue 2 - Exposing AAI Swagger through MSB

Suggestion of using MSB portal with link of file to readmedoc.

How to display REST APIs via the swagger UI integrated with MSB: https://lf-onap.atlassian.net/wiki/display/DW/Microservice+Bus+API+Documentation#MicroserviceBusAPIDocumentation-APIDefinitionandSwagger-UI

Will need to continue as open item until resolved.

Contact @Zi Li / @Former user (Deleted) for more information about integration. Just require the swagger JSON file for integration - @Richard Epp please provide the JSON to @Zi Li -

https://lf-onap.atlassian.net/wiki/display/DW/2018-02-02+AAI+Weekly+Meeting+notes?preview=%2F25429783%2F25432551%2FNetwork_v13.yaml

@Zi Li - please download the yaml file above and see if you can make use of it in MSB

Note: Alternate Swagger UI service already available.

Huabing - Please refer to the below comments for session sticky and AAF plugin progress

2018-02-16: Generator of the RST can't find the definitions (there is a getDefinitions and patchDefinitions) and parser can't deal with it. Generator only can parse ASCII and there are characters outside the ASCII set. PATCH and GET methods can possibly be split into their own files. @Richard Epp will look into installing swagger UI in Windriver lab; @Venkata Harish Kajur knows how to access, contact @Stephen Gooch for access

23 Feb:

@Richard Epp split up the files; @James Forsyth uploaded network put and get (RST files) which Passed.  Will do REST next.

@Richard Epp to get access to JIRA (LF)

@Venkata Harish Kajur to provide guidance to @Richard Epp on setting up Dev env locally.

2 March: @Richard Epp uploaded all RST files to wiki yesterday; not able to run GET commands, will work on Permissions issue.

Update 8 March: @Richard Epp was OOO this week, need to close on this one soon. Also need to regenerate based on the current v13 schema files (including pending commits that aren't merged yet)

Update 16 March: Follow-up needed with @Richard Epp



Jenkins

@Venkata Harish Kajur

Release jenkins jobs are still failing.  Helpdesk ticket # 52082

Changes to AAI-COMMON not picked up by downstream projects (resources, traversal)

Unable to release aai-common, as cannot release multiple times, without incrementing the version.

Liasing with ONAP helpdesk about whether we can release multiple minor versions of an artifact.

Proposal for Monday PTL meeting to align SNAPSHOT strategy

@Venkata Harish Kajur to include @Steve Blimkie on email exhange with ONAP Help desk.

2018-02-16: @James Forsyth raised on the PTL call on Monday. Decision is to use SNAPSHOT for Beijing development, currently we're setting our snapshot as 1.2.1 Disabled the daily jobs (which fail because the snapshot/staging artifacts don't exist). Removed all amsterdam jjb jobs.

Need a better plan for Casablanca.

23 Feb: @Steve Blimkie will check on dependency and fix.

Update 9 March: @Steve Blimkie provided fix:  Need better plan for Casablanca.



MSB Integration Status

@Former user (Deleted)

The MSB AAF auth plugin
Two-way SSL at MSB API Gateway
Any problems in the integration

AAI-671 - Replace HAPROXY with MSB OPEN Opened questions to be answered

Might need a plugin in MSB to achieve stickiness of requests

Huabing asked Jonathan Gathman about AAF API - further details required.

2018-02-16: @Adrian Slavkovsky  is waiting for MSB fixes - stickyness/ip_hash load balancing doesn't work. kube2msb registrator doesn't register ports correctly. We need to socialize the hostname that clients will use - follow up with @Former user (Deleted) and other teams about how this will work. @James Forsyth will raise the issue on next Monday's PTL call.

23 Feb: @Adrian Slavkovsky to follow-up and provide feedback next meeting.

28 Feb: Huabing update @Adrian Slavkovsky @James Forsyth

  • Stickyness/ip_hash load balancing and kub2msb registration are solved.

  • No Authentication&Authorization REST APIs from AAF can be used for MSB API Gateway auth plugin yet, we need to wait. It seems that AAF currently only support CADI and CADI approach requires every projects to do authentication and authorization seperately.

3 March: @Former user (Deleted) to fix issue with ip_hash.

Update 9 March: @Vijay Kumar scheduled 12 March meeting to go over changes; trying to get MSB into OAM project; security issue getting MSB with AAF.

Update 16 March: @Adrian Slavkovsky merged changes, will do same for heat templates next week.



Cassandra Clustering

@Former user (Deleted)

@Venkata Harish Kajur

Goal - provide HA to AAI

Issue 1 - remote storage

Meetings with @Michael O'Brien - (deprecated as of 20170508) - use obrienlabs

OOM team should check the video recording of the session

@@Michael O'Brien - (deprecated as of 20170508) - use obrienlabs will arrange further meeting on Monday

Issue 2 - simulating outage

Pavel + Harish will try to simulate on Monday

We have a 3 node replicated cluster configured with local storage; need to discuss if this will be adequate to the purpose of Beijing integration testing.

AAI-539 - Set up Cassandra docker images in 3 node cluster OPEN OOM-591 - AAI needs persistent volumes configured, need help with OS in lab REOPENED

@Michael O'Brien from OOM team will assist w/ OOM-591

@Michael O'Brien to respond back to Harish’s email and setup meeting on Monday 10 AM; Will put on OAM discussion page so others interested can attend. 

https://lists.onap.org/pipermail/onap-discuss/2018-February/007954.html

https://lists.onap.org/pipermail/onap-discuss/2018-February/007955.html

ONAP on Kubernetes on Windriver Titanium Cloud - Openlab#Openlab-20180205:AAIandOOMworkingsessiononCINDERKubernetesPV

https://lf-onap.atlassian.net/wiki/download/attachments/16268443/20180205_aai_oom_cinder_kubernetes_pv_work_session_1_of_2_zoom_0.mp4?version=1&modificationDate=1517867225191&api=v2

2016-02-16: Working cluster; titan + thrift allowed us to use Cassandra 3. Janus will not have thrift requirement.

23 Feb: @Venkata Harish Kajur has connection ready; will test after node fails; will work with @Former user (Deleted).

2 March: @Venkata Harish Kajur to test node failure next week and advise findings.

Update 9 March: @Venkata Harish Kajur testing indicates cluster not working properly, will look into Cassandra configuration.

Update 16 March: @Venkata Harish Kajur made significant progress, all working as expected@Adrian Slavkovsky would like use case guidance, @James Forsyth to provide contact 

Action items

@Richard Epp to work with @Zi Li on integration between Swagger and MSB using swagger.json

@Richard Epp will look into installing swagger UI in Windriver lab;

@Richard Epp Will check on non-ASCII characters within generator
@Venkata Harish Kajur to provide @Richard Epp with guidance on Spring Boot templates.
@Tian Lee to update to use the latest version (1.1.3) in pom.xml.
Aai.service – possibly remove as no longer used; @Venkata Harish Kajur to email Jimmy on removal - Question for @Venkata Harish Kajur - this repo is locked.  What else do we do?  Just remove the jjbs?
@Steve Blimkie needs @James Forsyth’s signoff on moving small libraries within event and rest clients to aai.core
@Tian Lee to create project for Model loader
Gizmo – @Giulio Graziani requesting adding it to his team's work list
@Venkata Harish Kajur testing indicates cluster not working properly, will look into Cassandra configuration.
Dmaap dependencies - @Venkata Harish Kajur to complete resources, traversal.
@Colin Burns will provide a mitigation strategy by 21 March
CII Badging: @James Forsyth to verify on PTL call if all vulnerabilities 4 or above need to be cleared in order to pass.
CII Badging: @Venkata Harish Kajur targets 23 March - aai.common
CII Badging: @Francis Paquette will have by code freeze - router.core
Swagger: @Shirley Morgan to follow-up with @Richard Epp
@James Forsyth@James Forsyth@James Forsyth to provide contact for use cases to @Adrian Slavkovsky
@Adrian Slavkovsky merged changes, will do same for heat templates next week