TSC 2019-02-21

Owned by cl664y@att.com
Last updated: May 23, 2019 by Kenny Paul
13 min read

2019 TSC Recordings

Zoom Chat Log

Zoom Attendance Log

2019 TSC Decisions

Duration 90 minutes - https://zoom.us/j/661303200

Agenda ItemsPresented ByTimeNotes/LinksJIRA Tasks

Dublin Release

  • Review of the current Risks
  • M2 Recommendations

Former user (Deleted)

45 mins


Casablanca Maintenance Release

Procedures

Michael O'Brien

Mike Elliott

Prudence Au

5 mins

Discuss docker-manifest.csv and oom values.yaml sync procedures

1) shared docker images - conflict/ambiguity - is a 1:m relationship not a 1:1

example: onap/data-router,1.3.3

https://git.onap.org/integration/tree/version-manifest/src/main/resources/docker-manifest.csv?h=casablanca#n39

There may be a case like there was for the 3.0.0-ONAP tag where AAI and POMBA vary - AAI took 1.3.2, pomba stayed with 1.3.1 because of issues deploying 1.3.3

The current manifest does not always account for 2 projects using different versions of common images

Result:

integration is running with 1.3.3 across both projects before both projects themselves have upgraded.

If you apply the manifest - it will overwrite both of these versions - but we may want a variance.

we get

aai:
  image: onap/data-router:1.3.3
pomba: 
  image: onap/data-router:1.3.3

we may want

aai:
  image: onap/data-router:1.3.3
pomba: 
  image: onap/data-router:1.3.2


2) docker version responsibility

PTLs should be responsible for their docker image versions in OOM - however since the manifest drives the version truth some images are updated at the last minute during the manifest/oom sync - these should be better coordinated/tested with the team

Yesterday there was a last minute change to sync POMBA with AAI because the manifest lists the common data-router version as 1.3.3. Regression testing may have been done for POMBA under 1.3.3 but the POMBA team was not aware of the new version - Ideally the project team themselves test new docker versions to be sure it works. Changing the image tag at the last minute before 3.0.1-ONAP is tagged is problematic - as I am kind of doing this blind without a fully vFW post audit (HC and CD deploy were ok) - this has happened twice so far.

3.0.0 = 1.3.1 reverted from 1.3.2 auto-up-rev for LOG-932

LOG-932 - Getting issue details... STATUS

https://git.onap.org/oom/tree/kubernetes/pomba/charts/pomba-data-router/values.yaml?h=3.0.0-ONAP#n30

3.0.1 = 1.3.3

dup

INT-901 - Getting issue details... STATUS

submitted 20190220:2000EST for CMR

LOG-982 - Getting issue details... STATUS

https://git.onap.org/oom/tree/kubernetes/pomba/charts/pomba-data-router/values.yaml?h=casablanca#n30

example

I recommend we work out the details of MRs before we do the DMR.

Fix #2

Another option would be to duplicate/label common images so they can vary independently - but this would defeat the offline installer and the CIA initiative - but would follow what dmaap does for the DR


Any Infrastructure Improvement/PlanLinux Foundation5 mins

Any LF showstopper

  • #66785: add SO weekly meeting to the wiki calendar
  • #67727: AAI ONAP Meeting Request -  "Monitoring / health checks on long running ONAP deployments" - Tuesday Feb 19 @ 0900 Eastern, 1400 UTC
  • #67450: Jira board for Vulnerability Management
  • Committer changes blocked on INFO.yaml
  • #68804: [Onap-seccom] Known vulnerability analysis of APPC in Casablanca maintenance release

Help-desk Feedback provided

  • #66623 - RTD Project onap ... Webhook API Deprecated
  • #67224: ONAP Docker registry doesn't support manifest lists (Image Manifest V2) - related to work already planned as part of the CIA Dublin Release Planning
  • #68474: 1/31/2019 Gerrit Upgrade did not preserve allow Superproject subscription permission on all release branches

Completed

  • #66028: [linuxfoundation.org #66484] RE: ONAP Meeting Request
  • #68174: Inactive Contributes and Committers - DmaaP
  • #68232: New DMaaP Committers - Bhanu Ramesh and Mandar Sawant
  • #68267: https://jenkins.onap.org/job/portal-docker-master-two-scm-verify-script/301/ : FAILURE
  • #68417: Re: [Onap-release] URGENT - Casablanca Maintenance - Formally release the artifacts
  • #68735: All docker builds stuck
  • #68787: Login not working on ONAP toolkit
  • #68788: AutoReply: Gerrit Login does not work

Other

git is not showing all the tags

for example 3.0.0-ONAP exists via the URL - but you can't select it from the drop down - it shows 2.0.0-ONAP - minor

https://git.onap.org/oom/tree/kubernetes/pomba/charts/pomba-data-router/values.yaml?h=3.0.0-ONAP#n30


PTL Update

Yang Xu



Hui Deng

15 mins

- Integration - Committer Promotion's request:

  • Brian Freeman - GO
  • Mariusz Wagner - only 1 contribution to the Integration project over the last 90 days; 9 over the last 6 months - approved post TSC Call

- Modeling project - Zero commit removal Request and Separate the committer for parsers repo - GO


Subcommittee - Modeling

cl664y@att.com

15 mins

Modeling Checklist - what's the path to move forward?

TSC did not approve M2/M3 Modeling Checklist add-ons for the Dublin Release. Follow-up discussions with PTLs are required to consider them as part of El-alto release. Suggestion is to prototype these checklists with few projects.


TSC Activities and Deadlines

cl664y@att.com


Feedback about TSC Seat election:
  • TSC vacant Seat (Election will end @4pm Pacific on Feb 22nd, 2019): Ramki Krishnan and Timo Perala

Incoming ONAP Events

cl664y@att.com

Kenny Paul

5 mins

San Jose - April 1st & 2nd 2019 ONAP Joint Subcommittees Silicon Valley - PLEASE REGISTER ASAP - Thank you

San Jose - April 3rd to 5th - https://events.linuxfoundation.org/events/open-networking-summit-north-america-2019/


Vulnerability Management Procedure UpdateKrzysztof Opasiak5 mins

Vulnerability Management Procedure Update Proposal is on wiki. Waiting for feedback.

ONAP Vulnerability Management



Zoom Chat Log 

05:50:36 From Kenny Paul (LFN) : #topic rollcall
05:56:47 From Chaker Al-Hakim : #info Chaker Al-Hakim, Huawei
05:58:38 From Andreas Geissler (Deutsche Telekom) : #info Andreas Geissler, DT
05:58:38 From Stephen Terrill : #info, Stephen Terrill Ericsson
05:58:49 From bin.yang@windriver.com : #info, Bin Yang, Wind River
05:59:01 From ALLAGO : #info Alla Goldner, Amdocs
05:59:21 From NingSo : #info Ning So, Reliance Jio
06:00:04 From Viswa : #info Viswa, Verizon
06:00:32 From Eric Debeau : #info Eric Debeau, Orange
06:00:38 From Jason Hunt : #info Jason Hunt, IBM
06:00:46 From Srini Addepalli (Intel) : #info Srinivasa Addepalli, Intel
06:01:19 From Catherine Lefevre : #info, Catherine Lefevre, AT&T
06:02:20 From Alexis de Talhouët : #info, Alexis de Talhouët, Bell Canada
06:02:45 From Kenny Paul (LFN) : @alexis thanks
06:03:53 From Yan : #info, Yan Yang proxy Lingli , China mobile
06:05:14 From Kenny Paul (LFN) : @yan yang thanks
06:06:41 From Kenny Paul (LFN) : #topic M2 Review
06:07:03 From Anatoly (Nokia) : #info, Anatoly Andrianov, Nokia (proxy for Timo Perala)
06:07:31 From Kenny Paul (LFN) : @anatoly thanks
06:07:48 From Milind Jalwadi : #info Milind Jalwadi, TechMahindra
06:08:01 From Kenny Paul (LFN) : @minind thanks
06:08:29 From Kenny Paul (LFN) : red docs checklist
06:08:45 From Kenny Paul (LFN) : yellow 11 of 30 checklist issues
06:08:56 From Kenny Paul (LFN) : green 18 of 30
06:09:34 From Susana (VF) : #info Susana Sabater, Vodafone
06:09:45 From Kenny Paul (LFN) : @susana thanks
06:10:58 From Kenny Paul (LFN) : 17 risks
06:11:10 From Michael O'Brien(LOG, Amdocs) : for https://jira.onap.org/browse/SO-1515
06:11:25 From Michael O'Brien(LOG, Amdocs) : I updated the jira that it is intermittent - I was fine a couple days ago with SO
06:12:15 From Kenny Paul (LFN) : Risks will be discussed @ the PTL meeting
06:12:54 From Kenny Paul (LFN) : #topic vulnerability assessment
06:13:05 From Michael O'Brien(LOG, Amdocs) : for SDNC-649 also timing related/resource related - I was fine on vmware and azure except for the ansible pod - not the other 2 -
06:13:06 From Michael O'Brien(LOG, Amdocs) : dev-sdnc-sdnc-ansible-server-7c585b9d99-rq9vh 0/1 Init:0/1 43 7h
06:14:04 From Dan Timoney : I submitted fix for ansible-server yesterday (https://gerrit.onap.org/r/#/c/78865/)
06:14:19 From Michael O'Brien(LOG, Amdocs) : nice - will resync
06:14:28 From Kenny Paul (LFN) : most issues are well document. Important for projects to open ticlets in jira.
06:14:54 From Kenny Paul (LFN) : missing 2 projects
06:16:14 From Bharath Balasubramanian : https://lf-onap.atlassian.net/wiki/pages/viewpage.action?pageId=16344827
06:16:17 From Michael O'Brien(LOG, Amdocs) : Logging/POMBA - I was not part of the discussion I don't think - for V assessment
06:18:03 From Kenny Paul (LFN) : need feedback from music, oof,
06:18:49 From Bharath Balasubramanian : Kenny, maybe we are maintaining at the wrong place but we have a vulnerability assessment here: https://lf-onap.atlassian.net/wiki/pages/viewpage.action?pageId=16344827
06:18:50 From Kenny Paul (LFN) : please add raw reports to https://lf-onap.atlassian.net/wiki/display/SV/Dublin+Release. Amy will sanatize at release time
06:18:52 From Catherine Lefevre : @Amy, can you also send a note to onap-release to share the information - thank you
06:19:11 From Michael O'Brien(LOG, Amdocs) : common issues like spring-boot Vulnerabilities will help N projects
06:22:27 From Pamela Dragosh : Emails to the PTL’s are cc’d to the seccom mailing list. So not really that private.
06:22:44 From Taka Cho : @Amy, @Pawel, I heard APPC has some concerns from your view, pls send email to me regarding your concerns thanks
06:24:35 From Catherine Lefevre : @Pawel - if you recap the process i.e; PTL to check NexusIQ on a weekly basis, etc
06:25:09 From Michael O'Brien(LOG, Amdocs) : I do it monthly or every 6 weeks
06:25:14 From Jimmy Forsythg : The requirement was to have it documented within 60 days, right?
06:25:41 From Pamela Dragosh : Its very time consuming to go through the reports weekly. Some vulnerabilities disappear and then reappear.
06:26:53 From Michael O'Brien(LOG, Amdocs) : It is a triage/priority - as higher things come in like merges they bump things
06:27:04 From Dan Timoney : Is there any way we could get away from this duplication (copying nexus IQ results to wiki) and instead provide SECCOM direct access to Nexus IQ server, and then having the PTLs add comments on status of each vulnerability directly in nexus iq?
06:27:34 From Jimmy Forsyth (AT&T) : +1 to Dan’s comment
06:27:42 From Kenny Paul (LFN) : @Dan WIP
06:27:52 From Dan Timoney : Thanks, Kenny!
06:28:00 From Pamela Dragosh : +1 Dan - and the JIRa’s should be enough public notification. Don’t need a wiki.
06:28:08 From Taka Cho : +1
06:28:10 From Michael O'Brien(LOG, Amdocs) : +1 dan - it is partially a copy/paste exercise - direct links are better
06:30:41 From Catherine Lefevre : #info - 2 blockers should be solved asap
06:31:52 From Shankar Narayanan P N (AT&T) : @Amy @Pawel R4 OOF vulnerability list is already present, I just double checked. Would be grateful if you could check again.
06:31:57 From Taka Cho : @Pawel, just sent email back to you for APPC.
06:33:03 From Brian : https://gerrit.onap.org/r/#/c/78718/
06:33:54 From Catherine Lefevre : @Integration, SO, OOM and others - would you like to say on this bridge after the TSC call ?
06:34:17 From Catherine Lefevre : so we can look at the blockers or will you prefer to interact on Rocket.chat
06:34:30 From Michael O'Brien(LOG, Amdocs) : I have an internal scrum at 1030 - will need to drop
06:35:38 From Mike Elliott : @Catherine, yes OOM can stay on
06:35:42 From Catherine Lefevre : ok
06:35:53 From Sai Seshu : @Catherine Ramesh is still working on the issue
06:37:08 From Michael O'Brien(LOG, Amdocs) : right for Mike - as Logging also has 1 risk on the page - so I would also be yellow
06:37:11 From Catherine Lefevre : ok Sai - is it better to wait for this and then recovene?
06:38:03 From Kenny Paul (LFN) : Jim B recommends an all or nothing gate approval model versus partial approvals.
06:38:53 From Catherine Lefevre : /13 TSC approves Mx Security Checklist add-ons v13- Proposed Updates to Release Templates (Dublin) - Security Questions https://lists.onap.org/g/onap-tsc-vote/message/772 on 2/13
06:38:59 From Kenny Paul (LFN) : Recommendation that M2 not be approved and allow one more week.
06:41:04 From Kenny Paul (LFN) : unit test coverage not meeting 55% goal
06:41:13 From Kenny Paul (LFN) : inclmplerte checklists
06:41:27 From Kenny Paul (LFN) : non-root user plans unclear
06:41:56 From Kenny Paul (LFN) : need to have a plan for unit test coverage
06:43:30 From Kenny Paul (LFN) : #agreed delay M2 vote until next week
06:43:34 From Brian : is yellow green like blue ? or is that yellow blue make green ?
06:43:51 From Amy Zwarico : chartreuse
06:44:04 From Sai Seshu : :) looks like it's teal now
06:44:22 From Kenny Paul (LFN) : #topic casablanca maint release
06:45:37 From Kenny Paul (LFN) : Michael O'Brien reviewed issue with data-router
06:46:49 From Kenny Paul (LFN) : need to fix script to be modified
06:47:43 From Catherine Lefevre : #Mike E, Michael and Brian - I believe it should be part of the procedure - action we have from PTL call?
06:48:08 From Kenny Paul (LFN) : Mike Elliott recommends moving to common
06:49:18 From Kenny Paul (LFN) : #action Mike E open a jira to move content to common for dublin release
06:50:31 From Kenny Paul (LFN) : #topic LFIT
06:51:49 From Kenny Paul (LFN) : #topic PTL promotions
06:52:15 From Michael O'Brien(LOG, Amdocs) : +1 Brian Freeman - should have been a committer over the last 12-18+ months
06:53:55 From Michael O'Brien(LOG, Amdocs) : 24 looks good to me - what is the number for 6 months - (3 months is too short) - also other criteria besides commits
06:54:35 From Michael O'Brien(LOG, Amdocs) : wE also post (reviews) - as this is a lot of the work - not just the actual commit
06:55:07 From Alexis de Talhouët : I would vote 0, not +1 given contribution
06:55:28 From Michael O'Brien(LOG, Amdocs) : contributor can do 95% of what committers do
06:56:04 From Keong Lim k00759777 : if there is a big team at Nokia behind him, then channeling all that work through one person should show more stats for that person
06:56:18 From Michael O'Brien(LOG, Amdocs) : I have contributors that are essential for planning for example, other contributors do a lot of the work for the committers (review, doc, deployment etc)
06:56:18 From Catherine Lefevre : TSC - let's vote ... +1 to approve mariusz, 0 no opnion and -1 to wait and review in 1 month
06:56:41 From Alexis de Talhouët : #vote 0
06:56:46 From Michael O'Brien(LOG, Amdocs) : basically anyone who is that active should be added - come on people - we need advocates
06:56:53 From Pamela Dragosh : Contributor or committer, all their stats will increase the more reviews they do.
06:57:55 From Pamela Dragosh : IMHO - 20 is way too much. The code can get out of hand and messy.
06:59:20 From Stephen Terrill : #vote: 0
06:59:32 From Andreas Geissler (Deutsche Telekom) : #vote: +1
06:59:34 From Susana (VF) : #vote 0
06:59:36 From Michael O'Brien(LOG, Amdocs) : example logging:ptl 24 commits over 3 months to 3 projects - 95 over 6 months, 148 over a year
06:59:43 From Viswa : #vote 0
06:59:44 From Chaker Al-Hakim : +1
06:59:45 From Srini Addepalli (Intel) : #vote +1 (as integration team is recommending)
06:59:47 From Eric Debeau : #vote +1
06:59:55 From bin.yang@windriver.com : #vote 0
07:00:01 From Jason Hunt : #vote 0
07:00:22 From NingSo : #vote 0
07:00:25 From Milind Jalwadi : #vote +1
07:00:25 From Yan Chen : #vote 0
07:01:01 From Yan : #vote 0
07:01:59 From Keong Lim k00759777 : it's also possible to +1 your own work
07:02:25 From Eric Debeau : Let's trust the PTL
07:02:36 From Michael O'Brien(LOG, Amdocs) : contributions: discuss list, jiras raised/worked, wiki, attend meets, commits - detailed reviews/pulling code/testing it, helping with deployments, cross project advocate for project, arch/design ideas reviews
07:02:38 From Catherine Lefevre : #vote -1
07:02:38 From Alexis de Talhouët : Point being raised here is not about that particular individual. It’s a broader discussion across Open Source practices of how to value meritocracy.
07:04:27 From Chaker Al-Hakim : agreed with Alexis
07:04:43 From Kenny Paul (LFN) : @Keong yes, but you cannot mer your own commit
07:05:54 From Michael O'Brien(LOG, Amdocs) : +1 Alexis - on facts around promotion
07:05:57 From Kenny Paul (LFN) : ^merge^
07:06:35 From Catherine Lefevre : #Action - TSC to investigate about any criteria from any LFN or other open source of projecs
07:06:56 From Catherine Lefevre : concerning committer's promotion
07:07:32 From Kenny Paul (LFN) : REVOTE
07:07:58 From Michael O'Brien(LOG, Amdocs) : +1 - alexis 0=remove from majority calculation
07:09:22 From Kenny Paul (LFN) : No revote
07:09:40 From Sai Seshu : +1 on Alexis thought
07:10:02 From Stephen Terrill : Technical and release decisions for a project should be made by consensus of that project’s Committers. If consensus cannot be reached, decisions are taken by majority vote of a project’s Committers. Committers may, by majority vote, delegate (or revoke delegation) of any portion of such decisions to an alternate open, documented, and traceable decision making process.
07:10:20 From Michael O'Brien(LOG, Amdocs) : +1 on Yang raising/aligning vote procedures for the future - thanks
07:10:44 From Stephen Terrill : sorry, that was project operations.
07:11:19 From Kenny Paul (LFN) : #action Kenny to review community document - majority of the TSC have voted 1=5 votes, 0=8 votes, -1=1 vote
07:11:38 From Kenny Paul (LFN) : #topic modeling checklist
07:15:15 From Pamela Dragosh : Very important for the projects to be all in synch on the models. But if only one project changes to the new models on a release what is the impact on the other projects that don’t? Can be difficult to support both models.
07:22:50 From Catherine Lefevre : #info Mx Modeling chcklist not considered for Dublin but need to collect feedback from PTLs/ALL so we will have them ready for the next release
07:24:08 From Eric Debeau : #info second raw should be covered by API documentation
07:24:19 From Catherine Lefevre : #action deng/andy -- send a note to ptls to propose another road for this release
07:26:51 From Catherine Lefevre : #action - kick-off process for TCC election i.e. Edge, ML/AI, .... TSC to identify the list first
07:28:13 From Catherine Lefevre : #action - all open for review/feedback --- https://lf-onap.atlassian.net/wiki/display/DW/ONAP+Vulnerability+Management+-+TBA
07:28:49 From Catherine Lefevre : before Feb 27th, 2019
07:30:28 From Pamela Dragosh : Yes - Policy would like to know also. Ubuntu or Alpine. Seems to have gotten dropped.
07:30:54 From Kenny Paul (LFN) : #agreed committer promotion fot brian freeman in intergration approved
07:30:56 From Brian Hedstrom : Who asked the question?
07:31:23 From Kenny Paul (LFN) : #agreed Zero commit removal Request and Separate the committer for parsers repo approved
07:32:05 From Kenny Paul (LFN) : #topic events
07:32:21 From Catherine Lefevre : #TSC decison about Alpine/unbuntu is required
07:32:37 From Brian Hedstrom : Can we discuss this next week? we are over time.
07:32:56 From Kenny Paul (LFN) : Regisdter for subcmommittee F2F https://events.linuxfoundation.org/events/open-networking-summit-north-america-2019/
07:33:15 From Brian Hedstrom : Recall that optimization is Green, not a POC.
07:33:20 From Kenny Paul (LFN) : #topic Vulnerability Management Procedure Update
07:33:26 From Kenny Paul (LFN) : moved to next week
07:34:02 From Kenny Paul (LFN) : #topicAlpine/unbuntu
07:35:13 From Ahmad Khalil (Tata Communications) : @Kenny, is the registration of the subcommittee F2F different from ONS registration?
07:35:20 From Catherine Lefevre : previous discussion based on Integration feedback - “The Integration Team will use any of these containers that include these optimization improvements (if any) and that are available at RC0 (or earlier) for their Integration testing”
07:35:23 From Kenny Paul (LFN) : YES!
07:35:38 From Pamela Dragosh : Nothing prevents a company from taking the Dockerfiles and changing to their own flavor of ubuntu and creating their own images. ONAP can support as best as possible.
07:35:53 From Kenny Paul (LFN) : ONS registration != Subc F2F
07:35:54 From Pamela Dragosh : +1 Brian and Eric
07:36:02 From Kenny Paul (LFN) : two seperate registrations
07:36:02 From Catherine Lefevre : special call will be organised next week - action on me
07:36:14 From Kenny Paul (LFN) : F2F is free.
07:36:14 From Ahmad Khalil (Tata Communications) : @Kenny, in the link you just posted, it takes you to general ONS registration
07:36:23 From Kenny Paul (LFN) : D'oh!
07:36:46 From Brian : btw - I dont like alpine from a support standpoint becuase VI is broken but it is a much lighter weight container which is the real goal
07:36:46 From Catherine Lefevre : https://lists.onap.org/g/onap-tsc/topic/29737916#4606
07:36:58 From Kenny Paul (LFN) : F2F reg http://www.cvent.com/d/66q8kv/4W
07:37:18 From Ahmad Khalil (Tata Communications) : thanks


Zoom Attendance Log  

TSC Members Attendance based on Zoom Chat Log: 94%

AMDOCS1Alla Goldner
AT&T1Catherine Lefevre
Bell Canada1Alexis de Talhouët
China Mobile1

Yan yang, proxy for

Lingli Deng
China Telecom1Yan Chen
DT1Andreas Geissler
Ericsson1Stephen Terrill
Huawei1Chaker Al-Hakim
IBM1

Jason Hunt

Intel1Srini Addepalli 
Nokia1

Anatoly Andrianov [Nokia], proxy for Timo Perala

Orange1Eric Debeau
Reliance Jio1Ning So
Tech Mahindra1Milind Jalwadi 
Turk Telecom
Murat Tupcu
Verizon1Viswa Kumar Skand Priya
Vodafone1Susana Sabater
WindRiver1Bin Yang


TSC Decisions  

2019 TSC Decisions


Action Items: