2020-04-29 DCAE Meeting Notes

Owned by Vijay Kumar
Last updated: Apr 30, 2020 by Kornel Janiak
3 min read

Bridge

[dcaegen2] Team ONAP11, Wed UTC 14:30

https://zoom.us/j/824147956

Or Telephone:
Dial: +1 408 638 0968 (US Toll) or +1 646 558 8656 (US Toll)
+1 855 880 1246 (US Toll Free)
+1 877 369 0926 (US Toll Free)
Meeting ID: 824 147 956
International numbers available: https://zoom.us/zoomconference?m=HN2MIJkxqxYgu8EjDmekdG0WHlAnv3Zp

Recording:

DCAE_Weekly_04292020.mp4

Attendees:

Host: @Vijay Kumar



Discussion Topics:





 Time (est)

 Topics

 Requester/Assignee

 Notes/Links









START RECORDING

PARTICIPANT LIST

1



Project Status

@Vijay Kumar

Release Status  

Frankfurt Milestone Status#RC1







DCAE Blockers/High priority

type key summary assignee reporter priority status resolution created updated due
Refresh









DCAE Outstanding Jira & MED priority bugs 

DCAEGEN2-2219 - DFC's SFTP client doesn't protect from MITM attacks 



Open items from last meeting

  • DCAEGEN2-2194  runtTime 1.0.2 exception and import error

  • DCAEGEN2-2191 PH subscription error from Dmaap

  • DCAEGEN2-2193  During Deployment of Pm Mapper and Data File Collector fails in R6 release

  • DCAEGEN2-2170  Switch DCAE MOD components to non-root user (related to DCAEGEN2-2121) 

  • DCAEGEN2-2171 DL containers running as root(related to DCAEGEN2-2121)  - 4/1 - WIP

  • DCAEGEN2-2173,DCAEGEN2-2181, DCAEGEN2-2175 (PMSH) - @Fiachra Corcoran will priortize and send email

  • DCAEGEN2-2067 VESCollector API/spec updates under documentation.

  • DCAEGEN2-2141 - Documentation warning  

  • AAF-1081 : Env issue; blocks DCAEGEN2-2042 Update DCAE certificates (Dashboard, PMSH SAN).

    • 4/1 - PMSH documentation to include workaround steps. 

  • CLAMP-650 - CLAMP not supporting blueprints (PMSH) with postgres plugin (workaround will be to onboard policy separate and use dashboard/consul)

    • Workaround will not involve CLAMP; so this defect/fix to be checked and moved to Guilin if still issue - @David Farrelly  

    • 4/29 - Fix validated 

2



DCAE bootstrap updates

@Vijay Kumar

Further blueprint updates will be assessed case by case if bootstrap version release is required

  • SON_handler - 2.0.2 (release pending)

  • DataFileCollector - TBA

4/7 - onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5  released.

  • Datalake Handler (1.0.2)

  • PMSH 1.0.3

4/1 - Frankfurt 1.12.4 Bootstrap released 

  • PMSH 1.0.2 

  • VES HTTP disabled

3/25 1.12.3 Merged - delivered to oom

  • PMSH  - Merged  (1.12.2)

  • SON_handler - Merged

  • RESTConf - Merged (EL-Alto version) (1.12.3 - Release pending)

  • DL-Handler  - Merged (1.12.3)

  • Heartbeat - Merged (EL-Alto version)  (1.12.3 - Release pending)

  • VES Mapper - Merged (EL-Alto version)  (1.12.3 - Release pending)

  • BBS_Eventprocessor - Merged  (1.12.2)

  • DFC - Merged

  • VES 1.5.4 (1.12.3)

  • TCAGen2 1.0.1 (1.12.3) 

Reference : https://lists.onap.org/g/onap-discuss/message/20046  Blueprint management for Frankfurt - DCAEGEN2-2041

3



HV_VES Performance test 

@Kornel Janiak

Review tools/setup introduced under https://gerrit.onap.org/r/c/dcaegen2/collectors/hv-ves/+/106356 

  • Complete performance test/report to be available end of May

  • Test report to include below

    • Test-setup/infrastructure

    • Peak load metrics

  • Documentation on generic tools/test container setup

4



CBS TLS in SDK

@Piotr Wielebski

Review recent discussion on : https://gerrit.onap.org/r/#/c/dcaegen2/services/sdk/+/94266/ and identify next step

Confluence: TLS support for CBS - Migration Plan

Current implementation relies on trust.jks being available. Following options to be explored

  • Option 1: Work/address issue around using cacert.pem for CBS connection (original proposal)

  • Option 2: Enabled use_tls: true for all DCAE MS deployment (in blueprint) to ensure all AAF cert/trust and distributed (regardless of the MS/component being setup as server or not)

  • Option 3: Modify K8s plugin to include trust.jks distribution by default along with cacert.pem

Note: Current SDK change https://gerrit.onap.org/r/#/c/dcaegen2/services/sdk/+/94266/ relies on Option#2

3/11 - New k8plugin released (2.0.0) and corresponding CM container released. Platform updates completed. Need test of HV_VES with new plugin - @Piotr Wielebski

4/29, 4/1 - tested on HV-VES 1.4.0 - not workingException in thread "main" org.onap.dcaegen2.services.sdk.security.ssl.exceptions.ReadingPasswordFromFileException: Could not read password from /etc/ves-hv/ssl/jks.pass   

    - jks.pass is distributed only when use_tls is set to true; need to be checked if app expects cert as server?  @Piotr Wielebski  

5



Repo Branching 



Branching/tagging completed for all DCAE repo except  dcaegen2 (documentation)

Documentation repo branching targetted for May 4, 2020 

Committer must ensure new submissions are cherrypicked into Frankfurt branch

  • dcaegen2/analytics/tca

  • dcaegen2/analytics/tca-gen2

  • dcaegen2/collectors/datafile

  • dcaegen2/collectors/hv-ves

  • dcaegen2/collectors/restconf

  • dcaegen2/collectors/snmptrap

  • dcaegen2/collectors/ves

  • dcaegen2/deployments

  • dcaegen2/platform

  • dcaegen2/platform/blueprints

  • dcaegen2/platform/configbinding

  • dcaegen2/platform/deployment-handler

  • dcaegen2/platform/inventory-api

  • dcaegen2/platform/plugins

  • dcaegen2/platform/policy-handler

  • dcaegen2/platform/servicechange-handler

  • dcaegen2/services

  • dcaegen2/services/heartbeat

  • dcaegen2/services/mapper

  • dcaegen2/services/pm-mapper

  • dcaegen2/services/prh

  • dcaegen2/services/sdk

  • dcaegen2/services/son-handler

  • dcaegen2/utils











6



Guilin Items

@Vijay Kumar

DCAE Guilin Priorities

7



AAF change impact

@Fiachra Corcoran @Jack Lucas

aaf_agent (2.1.20) changed in Frankfurt generates cert as non-root; need to assess impact to dcae TLS init (currently uses 2.1.15)

  • one option is for separate truststore for external (discussed under CMPv2)

  • resolve the ownership for current cert/truststore to non-root user (common onap usergroup + and add into separate container)

    • change aaf_agent to default to non-root

DCAE change to be assessed based on CMPv2 proposal; generic onap/usergroup to be discsussed with AAF team - @Vijay Kumar





Certificate for components/instance (wild card support)

>Frankfurt

PMSH may need to support multiple instance per different usecase. The certificate generation should be supported at instance level (possible AAF dependency

4/29 - Policy may be using wildcard - *.pdp, *.pdp.onap.svc.cluster.local ; to be confirmed if supported from AAF currently - @Vijay Kumar

2/20  - DCAEGEN2-2084: support certificate generation at instance level for DCAE servicesClosed to track this request for DCAE; AAF dependency will be discussed post Frankfurt and corresponding AAF Jira to be created











Frankfurt Artifacts Release versions

Check "Artifacts released" section under RTD - https://docs.onap.org/en/latest/submodules/dcaegen2.git/docs/sections/release-notes.html

Open Action Items



New Action items



Seeking Community support

Topic/JIRA

Current Status

 Planned Work

Topic/JIRA

Current Status

 Planned Work

Docker build consistentency ( DCAEGEN2-1579)

JIRA cover broad aspect of standardizing DCAE component build process and docker tagging.

  1. Nokia team proposal identifies best practice for docker tagging optimized-dockers-jvm.pdf. 

    1. Following components migrated to new docker tagging best-practice

      1. PRH

      2. PM-Mapper

Need volunteer from community to support

  • Standardize pom/jjb template for all dcae component (java and python)

    • Plugin list alignment with oparent

    • Python build dependency on script to be reduced;