Honolulu Risks
- David McBride
- Seshu Kumar Mudiganti
- krishna moorthy
This centralized page, for all Honolulu projects, is aimed at identifying the risks as they are foreseen within the release life cycle.
A Risk that materialized becomes an Issue.
Status:
Identified: a risk that has been identified, but has not yet been analyzed / assessed yet
Assessed: an identified risk which currently has no risk response plan
Planned: an identified risk with a risk response plan
In-Process: a risk where the risk response is being executed
Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided
Not occurred: a risk that was identified but that did not occur
Rejected: created and kept for tracking purposes but considered not to be used yet
Risk ID | Project Team or person identifying the risk | Identification Date | Risk (Description and potential impact) | Team or component impacted by the risk | Mitigation Plan (Action to prevent the risk to materialize) | Contingency Plan - Response Plan (Action in case of the risk materialized) | Probability of occurrence (probability of the risk materialized) High/Medium/Low | Impact High/Medium/Low | Status |
|---|---|---|---|---|---|---|---|---|---|
1 | OOF | Jan 18, 2021 | Meeting the following requirement for CMSO - Upgrade vulnerable packages | OOF - CMSO | Will be taken up along with the feature implementation if it is required by the use cases | Project team will try to take up activity if no new feature is planned | Low | Low | Identified |
2 | UUI | Jan 19, 2021 | usecase UI dockers contain GPLv3 | UUI | Will take active action to contact Jira owner and find out witch package contains GPLv3 | Make the current dependencies work well and keep this problem to next release | High | Low | Identified |
3 | Policy | Jan 19, 2021 | Some package upgrades (e.g., CDS) may require significant rework REQ-439: CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIESIn Progress | Policy | Will continue to work on upgrades | Obtain a waiver for the problem packages | Medium | Medium | Identified |
4 | SDC | Jan 20, 2021 | Some package upgrades may require significant rework REQ-439: CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIESIn Progress | SDC | Will continue to work on upgrades | Obtain a waiver for the problem packages | Medium | Medium | Identified |
5 | AAI | Jan 20, 2021 | Cannot upgrade to Java 11 for modules dependent on Java 8 only supported Janusgraph REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) | AAI | Nothing we can really do given the current constraints unless JanusGraph updates to working with Java 11 | Obtain a waiver for the mS with the core tech of Janusgraph | High | Low | Identified |
6 | DCAE | Jan 20, 2021 | REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) Due to upstream dependency on NIFI project, some of MOD (NiFI) components (designtool/gen-processor/nifi-registry) will remain in java 8 | DCAE | Migrate/replace MOD NiFI components with custom containers for future release | Request waiver (discused with SECCOM and they are okay with filing exception for NiFI components) | High | Low | Closed; exception submitted for NiFi related components |
7 | DCAE | Jan 20, 2021 | REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8 With Cloudify 3.x support releated by Cloudify under 5.1.1, DCAE CM pod upgrade is targetted for H release. This will be major upgrade requiring extensive regression. Marking this risk due to resource/time constraint. | DCAE | Based on severity of issue - we'll assess if new containers can be released for H release or if need to be withheld. | If switching to Guilin version (old CM 4.6 version) - will need waiver for Cloudify container and plugins | Medium | High | Not Occurred |
8 | CPS | Jan 21, 2021 | Upgrade vulnerable packages, which all are Transient dependencies | CPS | Working with SecCom to resolve high level vulnerabilities | Obtain a waiver for the problem packages | Medium | Low | Identified |
9 | DMaaP Message Router | Jan 21, 2021 | REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) Confluent base images used by Message Router kafka/zookeeper are built using Java 8. Move to a newer version is a risk based on resources/time constraints. | DMaaP | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | High | Low | Identified |
10 | AAI | Jan 22, 2021 | Upgrade vulnerable packages, which all are Transient dependencies | AAI | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | Medium | Low | Identified |
11 | VID | Jan 22, 2021 | Upgrade vulnerable packages, which all are Transient dependencies | VID | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | Medium | Low | Identified |
12 | MultiCloud | Jan 24, 2021 | REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8) MultiCloud have updated to v3.7, which is the highest version that onappylog can support | MultiCloud | Remove the dependency of onappylog | Obtain a waiver for the impacted components | Medium | Low | Identified |
13 | Modeling | Jan 25, 2021 | REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8) Modeling/etsicatlog can support V3.7, which is the highest version that onappylog can support | Modeling | Remove the dependency of onappylog | Obtain a waiver for the impacted components | Medium | Low | resolved |
14 | VFC | Jan 25, 2021 | REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8) VFC can support V3.7, which is the highest version that onappylog can support | VFC | Remove the dependency of onappylog | Obtain a waiver for the impacted components | Medium | Low | resolved |
15 | SO | Feb 25, 2021 | Code coverage for the new repos created failed to meet the required goal. | SO | Code coverage goals | Obtain a waiver for the impacted components | High | High | Resolved |
16 | DMaaP kafka | Feb 25, 2021 | Code coverage for the dmaap-kafka project failed to meet the required goal. | DMaaP kafka | Code coverage goals | Obtain a waiver for the impacted components | High | Low | Working with Sonar community to fix this unexpected coverage drop. |
17 | Policy | Mar 9, 2021 | OOM merge for M3 is not yet complete, so RC0 is even more unlikely | Policy | Update OOM review to latest Policy images | Obtain a waiver | High | High | Withdrawn M3 OOM review was merged |
18 | SO | Mar 8, 2021 | Upstream code changes merged for camunda upgrade have induced issue in the camunda database causing issues in the gating | SO OOM Gating | Working on the cleanup with the help of the actual developer | This would be a must fix for the H release for SO component, else will need to revert all the changes pertaining to this upgrade. | High | High | Identfied. |