Agenda

Video:

Today's topic:

Patches:
- Mongo resources correction: https://gerrit.onap.org/r/c/oom/+/137526
- MR indepenency:
  - SO
    - Patch for SO-bpmn-infra (https://gerrit.onap.org/r/c/oom/+/137159?usp=search)
  - Policy
    - Patch for Policy (https://gerrit.onap.org/r/c/oom/+/137529?usp=search) → ongoing
  - NBI
    - Patch for NBI only in DT internal fork, as NBI in Archived mode)
    - TSC Decision request for "NewDelhi"
      - → if we disable MR, should we disable NBI ?
  - HOLMES
    - No patch available, as not active
    - TSC Decision request for "NewDelhi"
      - → if we disable MR, should we disable Holmes ?
  - SDNC
    - SDNC-DMAAP-Listener (to be checked)
      - Is the Listener required ?
      - currently listening on, but none topic exists:
        DEBUG 2024-03-25 17:45:31.268 +0000 DmaapListener - Initializing consumer org.onap.ccsdk.sli.northbound.dmaapclient.OofPciPocDmaapConsumers(/opt/onap/sdnc/data/properties/dmaap-consumer-oofpcipoc.properties) DEBUG 2024-03-25 17:45:31.275 +0000 DmaapListener - Initializing consumer org.onap.ccsdk.sli.northbound.dmaapclient.A1AdapterPolicyDmaapConsumer(/opt/onap/sdnc/data/properties/dmaap-consumer-a1Adapter-policy.properties) DEBUG 2024-03-25 17:45:31.282 +0000 DmaapListener - Initializing consumer org.onap.ccsdk.sli.northbound.dmaapclient.CMNotifyDmaapConsumer(/opt/onap/sdnc/data/properties/dmaap-consumer-CMNotify.properties) DEBUG 2024-03-25 17:45:31.288 +0000 DmaapListener - Initializing consumer org.onap.ccsdk.sli.northbound.dmaapclient.SdncRANSliceDmaapConsumer(/opt/onap/sdnc/data/properties/dmaap-consumer-RANSlice.properties) ...INFO 2024-03-25 17:46:07.549 +0000 SdncDmaapConsumer - A1AdapterPolicyDmaapConsumer received ResponseMessage: No such topic exists.-[A1-P] INFO 2024-03-25 17:46:07.548 +0000 SdncDmaapConsumer - CMNotifyDmaapConsumer received ResponseMessage: No such topic exists.-[CM-NOTIFICATION] INFO 2024-03-25 17:46:07.551 +0000 SdncDmaapConsumer - SdncDhcpEventConsumer received ResponseMessage: No such topic exists.-[VCPE-DHCP-EVENT] INFO 2024-03-25 17:46:02.473 +0000 SdncDmaapConsumer - SdncLcmDmaapConsumer received ResponseMessage: No such topic exists.-[SDNC-LCM-READ] INFO 2024-03-25 17:46:02.472 +0000 SdncDmaapConsumer - OofPciPocDmaapConsumers received ResponseMessage: No such topic exists.-[SDNR-CL] INFO 2024-03-25 17:46:02.448 +0000 SdncDmaapConsumer - SdncRANSliceDmaapConsumer received ResponseMessage: No such topic exists.-[RAN-Slice-Mgmt]
    - TSC Decision request for "NewDelhi"
      - → if we disable MR, should we disable SDNC DmaaP Listener ?
  - DCAEGEN2-Services MSs
    - dcae-ves-collector →
      - OOM https://gerrit.onap.org/r/c/oom/+/137002?usp=search
      - code: https://git.onap.org/dcaegen2/collectors/ves/commit/?id=47195e4ac559963cd33dc155f219bd2b127ef025
    - dcae-prh → , https://gerrit.onap.org/r/c/oom/+/137153
    - dcae-pmsh
    - dcae-tcagen2
    - dcae-son-handler
    - dcae-slice-analysis-ms
    - dcae-heartbeat
    - dcae-kpi-ms
    - dcae-datafile-collector
    - dcae-snmptrap-collector
    - (UPDATE info by DT) So there is a DCAE SDK for interaction with DMaaP.
      We have changed the implementation of that SDK to talk to Kafka directly.
      This new SDK is now used in VES collector and PRH services.
      If other services are using the SDK to talk to DMaaP, they can use this new version now.
      We have updated documentation of this SDK as well.https://docs.onap.org/projects/onap-dcaegen2/en/latest/sections/sdk/apis.html
    - TSC Decision request for "NewDelhi"
      - → if we disable MR, should we disable all DCAE MS, which are not migrated to native Kafka ?
- Patch for imagePullSecet: https://gerrit.onap.org/r/c/oom/+/137537
DB Operators:
- Postgres-operator → https://gerrit.onap.org/r/c/oom/+/136179?usp=search
  - needed patches for CPS, Multicloud, UUI
- MariaDB Operator needs to be updated to 0.27.0
  - Means also update of CRD !!
  - Update of documentation and template (TBD)
- MongoDB
  - Internal DB (Bitnami) update → https://gerrit.onap.org/r/c/oom/+/137439?usp=search
  - Operator (Percona) → (TBD) https://gerrit.onap.org/r/c/oom/+/136873?usp=search
    - Problem: does not support "unauthenticated" access as needed by NBI and MultiCloud
  - Add mongodb-init chart to be added (TBD)
Readiness patches for MariaDB-operator based components
- https://gerrit.onap.org/r/c/oom/+/137498 flexible check target
- better: more flexible ReadinessCheck to e.g. to wait for CR readiness (https://git.onap.org/oom/readiness/)
  - Implementation done in Version 16.0.2 (https://gerrit.onap.org/r/q/project:oom%252Freadiness)
  - Use new ReadinessCheck in OOM (https://gerrit.onap.org/r/c/oom/+/137573?usp=search)
SDNC API update
- Sanket found the issues and we clarified with the CCSDK team, that the SO will be changed to be compatible with the RFC API
- see: https://onapproject.slack.com/archives/C01CXF3JH2L/p1709822174923959
- Sucessfully tested in oom-daily-master-sm
- New patch planned for SO-bpmn
SDNC Bug:
- DGBuilder not working → https://lf-onap.atlassian.net/browse/SDNC-1836 created
- no further news..
Charts have host paths mounted (etc. /etc/localtime), which conflicts with common policies (at least in DT)
- we need to check the OOM charts and remove these paths, if possible
- e.g. https://gerrit.onap.org/r/c/oom/+/137479?usp=search (AAI)
- Question: is the /etc/localtime required by components to set the timezone ?
Hardening Istio with SPIRE/SPIFFE (https://blog.spiffe.io/hardening-istio-security-with-spire-d2f4f98f7a63) → need to check within DT
Used in Nephio
- see https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_31
- FYI, Service Mesh + SPIFFE infrastructure ongoing study in Nephio, Study: Nephio security collaboration study
- There is a separate study in Nephio for workload registration and workload/node attestation, https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2c18d699447_0_40
- https://docs.google.com/document/d/1IwWVGASgdOuLHCHYg82WaZaHdOEXyOM1/edit?pli=1#heading=h.nzahaii2p80p
- https://docs.google.com/presentation/d/1L79WrZ64Uar3IrH-jL_IeQTlPoLtXGZKHIIfVCXLoco/edit#slide=id.g2bd96dea01c_0_1
System Platform Updates:
- Update Kubernetes Version 1.28.6 → 1.29.x (?)
- Istio Version 1.19.3 → 1.21.x (Would require configuration changes)
- Operator Updates:
  - mariadb-operator (0.27.x)→ require patch to onap-common charts
  - strimzi-kafka (https://gerrit.onap.org/r/c/oom/+/137184?usp=search)
Keycloak/Oauth2Proxy/Realm
- Update of Keycloak version https://lf-onap.atlassian.net/browse/OOM-3267
- Update of Oauth2Proxy version (7.5.1) and update of configuration (check with @Mateusz Pilat ): https://lf-onap.atlassian.net/browse/OOM-3268
  - Received charts for "authentication" creating:
    - Keycloak deployment
    - Realm creation for keycloak
    - Oauth2 setup and configuration incl. Redis setup
  - Created a page to sum up the proposal (Improvement for NewDelhi Release)
    - Questions:
      - MeshConfig (see https://docs.onap.org/projects/onap-oom/en/latest/sections/guides/infra_guides/oom_infra_base_config_setup.html#istio-service-mesh=
        vs. RequestAuthentication
      - Oauth2-proxy config
Strimzi/Kafka Update
- Currently testing strimzi-operator update and Kafka update 3.4.0→3.6.x
- Possibly the MR is not compatible with a new Kafka version
  - I checked with @Fiachra Corcoran , he thinks Lifeness/Readiness probes
Tata (@ematpil ) install ONAP Montreal/London and made improvements
- will show improvements Tata did and might contribute to OOM
- Presentation shown: (Platform Customization-oom v2.pptx) .
- → Enhancements proposed:
  - Security enhancements (e.g. Keycloak/OAuthProxy, AuthorizationPolicy,...) eg: authentication.tar, oauth2 +KC research: rbac_research_wrap.pdf
  - Logging enhancements,...

Others:

Change "bash" to "sh"
- https://gerrit.onap.org/r/q/topic:bashisms
- Started by Orange, but not finished
Describe ONAP component deployment via ArgoCD
- create "Application" config dir in oom repo ?

Open Jira issues:

T	Key	Summary	Assignee	Reporter	P	Status	Resolution	Created	Updated	Due

Key	Summary	Assignee	Reporter	Status	Resolution	Created	Updated	Due
OOM-3172	[Common] rendering issue of template "common.nginxIngress"	Alexander Dehn	Alexander Dehn	In Progress	Unresolved	Apr 27, 2023	Apr 27, 2023
OOM-3171	service-mesh-wait-for-job-container fails, when no sidecar exists	Andreas Geissler	Andreas Geissler	Open	Unresolved	Apr 27, 2023	Apr 27, 2023
OOM-3170	[SDNC] Support kafka native interface	Alexander Dehn	Alexander Dehn	In Progress	Unresolved	Apr 25, 2023	Apr 26, 2023
OOM-3169	For SDNC setup consider new Websocketport	Alexander Dehn	Herbert Eiselt	In Progress	Unresolved	Apr 24, 2023	Apr 27, 2023
OOM-3168	Introduce cassandra-operator to OOM	Andreas Geissler	Andreas Geissler	Open	Unresolved	Apr 24, 2023	Apr 24, 2023
OOM-3167	DOC: change the plugin installation instructions	Marek Szwałkiewicz	Marek Szwałkiewicz	Open	Unresolved	Apr 24, 2023	Apr 24, 2023
OOM-3166	Kiali Validation - KIA0601 - Port name must follow [-suffix] form	Fiete Ostkamp	Fiete Ostkamp	In Progress	Unresolved	Apr 19, 2023	Apr 19, 2023
OOM-3165	Policy-gui Ingress target is wrong	Andreas Geissler	Andreas Geissler	Open	Unresolved	Apr 19, 2023	Apr 19, 2023
OOM-3162	Update Strimzi Operator to 0.34.0 and Kafka to 3.4.3	Fiachra Corcoran	Andreas Geissler	Open	Unresolved	Apr 13, 2023	Apr 13, 2023
OOM-3161	[COMMON] Add monitoring to postgres	Miroslav Masaryk	Miroslav Masaryk	Open	Unresolved	Apr 12, 2023	Apr 13, 2023
OOM-3159	Update OOM documentation	Andreas Geissler	Andreas Geissler	Open	Unresolved	Mar 31, 2023	Apr 13, 2023
OOM-3155	Review license scan issues	Andreas Geissler	David McBride	In Progress	Unresolved	Mar 30, 2023	Apr 26, 2023
OOM-3153	Feature Freeze	Andreas Geissler	David McBride	Open	Unresolved	Mar 30, 2023	Mar 30, 2023	Mar 23, 2023
OOM-3151	Improve stability in Daily Master Deployments	Andreas Geissler	Andreas Geissler	Open	Unresolved	Mar 21, 2023	Mar 21, 2023

OOM Meeting Notes - 2024-03-27

Agenda