Agenda

• log4shell:

  • recommended version for log4j2 is 2.16 and / or add a flag as a quickfixes (https://www.zdnet.com/article/second-log4j-vulnerability-found-apache-log4j-2-16-0-released/)

  • [DCAE] Log4j vulnerability fix | https://gerrit.onap.org/r/c/oom/+/126236

  • [SDNC] Mediate log4shell vulnerability | https://gerrit.onap.org/r/c/oom/+/126226

  • [CDS] Remediate log4shell vulnerability | https://gerrit.onap.org/r/c/oom/+/126232

  • OOM Cert Service is also impacted. Needs to see how to fix if needed

• OOM committers:

  • @Krzysztof Opasiak will step down start of January

  • @Mike Elliott and @Borislav Glozman are not really present

  • Asked @Gareth Roper if he wants to be a committer

• DCAE: only log4shell

• POLICY:

  • first "automated" review from @Liam Fallon 
    
    

    • [POLICY] Update docker images to latest versions | https://gerrit.onap.org/r/c/oom/+/126213

• Service Mesh:

  • SDC: @Othman Touijer and @Gareth Roper 

    • we have a SDC working on Service Mesh

    • need to have a clean gate before merge

      • able to launch basic_onboard

  • CDS: @Othman Touijer 

    • we have an almost working version with sdc communication !

    • should be merged / or at least ready this week

  • SO: next on the pipe

  • SDNC: needed for vm  onboarding → stretch goal for DDF for a demo

• Database consolidation:

  • polishing part of the code:

  • postgres:  @A. Seaudi 

    • [DCAE] Use common postgres for DCAE | https://gerrit.onap.org/r/c/oom/+/124776

    • [DMAAP] Use common postgress for dmaap bc | https://gerrit.onap.org/r/c/oom/+/124773

    • [VNFSDK] Use common postgres for vnfsdk | https://gerrit.onap.org/r/c/oom/+/125081

  • mariadb: @Mahmoud Abdelhamid 

    • [POLICY] Use common mariadb instance | https://gerrit.onap.org/r/c/oom/+/123718

    • [CDS] Update chart to use common mariadb-galera | https://gerrit.onap.org/r/c/oom/+/121936

  • cassandra: @A. Seaudi 

    • [PORTAL] Migrate Portal to shared cassandra | https://gerrit.onap.org/r/c/oom/+/124345

• move to gitlab: @Sylvain Desbureaux 

  • https://gitlab.com/onap/oom/oom/

  • [GLOBAL] Move to Gitlab | https://gerrit.onap.org/r/c/oom/+/126150

    • an issue has been found

    • waiting for krzysztof +2

    • proposition: move to gitlab beginning of 2022

• Jakarta:

  • Move to k8s 1.22 on Azure: planned beginning of 2022

  • needed to be merged:
    
    

    • [AAI] Use a recent HAProxy | https://gerrit.onap.org/r/c/oom/+/124180

    • [GLOBAL] Bump Nginx image | https://gerrit.onap.org/r/c/oom/+/126191

    • [GLOBAL] Bump Kubectl image | https://gerrit.onap.org/r/c/oom/+/126190

    • [GLOBAL] Bump Java JRE image | https://gerrit.onap.org/r/c/oom/+/126189

    • [GLOBAL] Bump curl image | https://gerrit.onap.org/r/c/oom/+/126188

    • [GLOBAL] Bump busybox image | https://gerrit.onap.org/r/c/oom/+/126187

  • already merged:

    • [COMMON][MARIADB] Bump version to 10.6.5 | https://gerrit.onap.org/r/c/oom/+/126101

    • [COMMON][MONGO] Bump Mongo to latest 4.x version | https://gerrit.onap.org/r/c/oom/+/126103

  • needs to see how to bump:

    • cassandra (4 or 3?)

    • postgresql (stick to cruynchy or not)

    • etcd (current image is not supported anymore)

  • questions: @seccom (@Paweł Pawlak @Amy Zwarico )

    • consul?

    • redis?

    • still have some containers with several process (UUI, VFC, ...) → what do we do?