Page History

...

Run AAI containers as non-root user

https://wiki.onap.org/display/DW/Best+Practices

The Docker and Kubernetes engines may run as root until such time as the products support non-root execution.
Applications may run as root within a container.
The process ID of a container must not run as the root ID with the exception of containers supporting ONAP features that require the container to run as the root ID.
Containers may run with root privileges.
Project containers that run as the root ID must document this in the release notes along with the functionality that requires the container to run as the root ID.

425b2b0a21724true

1

Global JJB

James Forsyth

Sonatype's maven-staging-plugin will be disabled and we need to implement new LF jenkins jobs before mid-July

global-jjb Migration Tracker

Repos and do they use oparent:
./model-loader/pom.xml                        true
./graphgraph/pom.xml                          false
./graphadmin/pom.xml                          true
./esr-server/pom.xml                          true
./sparky-be/pom.xml                           true
./rest-client/pom.xml                         true
./aai-common/pom.xml                          true
./data-router/pom.xml                         false
./chameleon/pom.xml                           false
./sparky-fe/pom.xml                           false
./event-client/pom.xml                        true
./gallifrey/pom.xml                           false
./resources/pom.xml                           true
./router-core/pom.xml                         true
./gizmo/pom.xml                               true
./logging-service/pom.xml                     true
./babel/pom.xml                               true
./champ/pom.xml                               true
./traversal/pom.xml                           true
./spike/pom.xml                               true
./esr-gui/pom.xml                             true
./search-data-service/pom.xml                 false
./cacher/pom.xml                              true
./schema-service/pom.xml                      true
./validation/pom.xml                          true

2

UI Views

William Reehil

Manisha Aggarwal

ATT wants to contribute additional UI views to ONAP, want to discuss path forward

3

Dublin Blockers

James Forsyth

Jira

server	ONAP JIRA
columns	key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId	425b2b0a

Jira

server

ONAP JIRA

serverId

-557c-3c0c-b515-579789cceedb
key	AAI-

2406

Jira

Container Images

James Forsyth

Container Image Minimization Guidelines

James Forsyth will ask integration team if we can use the AAI tenant space in windriver environment

5

GraphGraph demo

Pavel Paroulek

A 5-10 minute demo of GraphGraph.

Feedback needed!

6

Bug Review

server	ONAP JIRA
columns	key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId	425b2b0a-557c-3c0c-b515-579789cceedb
key	AAI-2411

JIRA Issue Count (in AAI project):

Jira

server	ONAP JIRA
jqlQuery	project = AAI AND issuetype = Bug and status not in (Closed, Delivered) ORDER BY fixVersion ASC, priority DESC, updated ASC
columns	key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution	count	true
serverId	425b2b0a-557c-3c0c-b515-579789cceedb

JIRA Issue Count (talking about AAI):

Jira

server

ONAP JIRA

jqlQuery

project != AAI AND (text ~ "AAI" OR text ~ "A?AI" OR text ~ "A??AI" OR text ~ "A???AI") AND issuetype = Bug and status not in (Closed,Delivered,Done) ORDER BY priority DESC, updated ASC

count

key	AAI-2402

4
El Alto StatusJames Forsyth

No 2 way TLS in Dublin; James Forsyth will socialize early in El Alto, Due 03 Jun 2019
pnf-id change pushed to El Alto during Architecture review AAI R4 Architecture Review - 5 Mar 2019
API version update for El Alto should be co-ordinated for earlier in the cycle
- needs a checklist of things to be updated, including yang classes
  Jira
  server ONAP JIRA
  serverId 425b2b0a-557c-3c0c-b515-579789cceedb

7Dublin branching

James Forsyth

Dublin artifacts are released and jjb jobs are updated to drop casablanca jobs and replace with dublin

We will change the sonar and clm jobs to use the dublin branch

James Forsyth will see how other teams manage merging release bug/security/late feature change back to master

- key AAI-2351

JIRA Epics count:

Jira

server	ONAP JIRA
jqlQuery	project = AAI AND issuetype = Epic AND fixVersion = "El Alto Release" ORDER BY created DESC
count	true
serverId	425b2b0a-557c-3c0c-b515-579789cceedb

5
Selenium Tests in SparkyArul Nambi

Want to share in the community potential selenium changes for the sparky UI

(bumped up, is it still relevant?)

6
AAI achitecture documentation

Taranjit Singh

Understanding the architecture of AAI is not easy - hard to understand how the code is laid out and how things flow. Need documention which will describe how the microservices are connected, which repos support which functions, etc. Pavel Paroulek says that he had to reverse engineer the dependencies to see how the repos are connected. Recommended to focus on the resources repo for understanding the core function of AAI.

(bumped up, is it still relevant?)

7
Run AAI containers as non-root user

James Forsyth

https://wiki.onap.org/display/DW/Best+Practices

The Docker and Kubernetes engines may run as root until such time as the products support non-root execution.
Applications may run as root within a container.
The process ID of a container must not run as the root ID with the exception of containers supporting ONAP features that require the container to run as the root ID.
Containers may run with root privileges.
Project containers that run as the root ID must document this in the release notes along with the functionality that requires the container to run as the root ID.

Jira

server	ONAP JIRA

8Gerrit Reviewhttps://gerrit.onap.org/r/#/q/projects:aai9Sonar Reviewhttps://sonar.onap.org/projects?search=aai&sort=coverage10Jenkins CLM Reviewhttps://jenkins.onap.org/view/CLM/11Blockers

James Forsyth

Jira

server	ONAP JIRA
columns	key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId	425b2b0a-557c-3c0c-b515-579789cceedb
key	AAI-2406

Jira

server	ONAP JIRA
columns	key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId	425b2b0a-557c-3c0c-b515-579789cceedb
key	AAI-2411

Jira

server	ONAP JIRA
columns	key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId	425b2b0a-557c-3c0c-b515-579789cceedb
key	AAI-24022172

8
Container Images12Helm Chart Transfer

James Forsyth

Container Image Minimization Guidelines

James Forsyth will

start a document with best practices and requirements for merging changes to the aai/oom submodule

Team needs to document (perhaps change the AAI guide for OOM setup) the change to use the submodule in OOM

13Status of ARC documentation

Pavel Paroulek

When is this going to be finished ARC AAI Component Description - Dublin ?

Note: I have no idea what it is, I just was asked to inquire

14Dublin Status 1

ask integration team if we can use the AAI tenant space in windriver environment

9
GraphGraph demo

Pavel Paroulek

A 5-10 minute demo of GraphGraph.

Feedback needed!

10
Bug Review

JIRA Issue Count (in AAI project):

Jira

server	ONAP JIRA
jqlQuery	project = AAI AND issuetype = Bug and status not in (Closed, Delivered) ORDER BY fixVersion ASC, priority DESC, updated ASC
count	true

James ForsythEncourage our clients to migrate off named queryTo support Policy code change to custom queries JiraserverONAP JIRA could this be fixed?


serverId	425b2b0a-557c-3c0c-b515-579789cceedb

keyPOLICY-1266,

JIRA Issue Count (talking about AAI):

Trying for Silver badge and Level 2 on Security; 50% code coverage on repos

Resiliency and fault tolerance; meeting notice never published,

CSIT on OOM needs to cover more of the services

code coverage to 55% for Dublin

Jira

server	ONAP JIRA

serverId

425b2b0a-557c-3c0c-b515-579789cceedb

key

AAI-2351

jqlQuery	project != AAI AND (text ~ "AAI" OR text ~ "A?AI" OR text ~ "A??AI" OR text ~ "A???AI") AND issuetype = Bug and status not in (Closed,Delivered,Done) ORDER BY priority DESC, updated ASC
count	true
serverId	425b2b0a-557c-3c0c-b515-579789cceedb

11

Dublin branching

James Forsyth

Dublin artifacts are released and jjb jobs are updated to drop casablanca jobs and replace with dublin

We will change the sonar and clm jobs to use the dublin branch

James Forsyth will see how other teams manage merging release bug/security/late feature change back to master

12

Gerrit Review

https://gerrit.onap.org/r/#/q/projects:aai

13

Sonar Review

https://sonar.onap.org/projects?search=aai&sort=coverage

14

Jenkins CLM Review

https://jenkins.onap.org/view/CLM/

15

Helm Chart Transfer

James Forsyth

James Forsythwill start a document with best practices and requirements for merging changes to the aai/oom submodule
Team needs to document (perhaps change the AAI guide for OOM setup) the change to use the submodule in OOM

16

Status of ARC documentation

Pavel Paroulek

When is this going to be finished ARC AAI Component Description - Dublin ?

Note: I have no idea what it is, I just was asked to inquire

17

Dublin Status 1

James Forsyth

Encourage our clients to migrate off named query
Trying for Silver badge and Level 2 on Security; 50% code coverage on repos
Resiliency and fault tolerance; meeting notice never published,

CSIT on OOM needs to cover more of the services

18

Dublin Status 3

James Forsyth

15

Dublin Status 2 / OOM helm charts

James Forsyth

Venkata Harish Kajur

Moving Helm charts into AAI repos

Pavel Paroulek is the AAI contact for doing the helm chart migration, info passed along to Mike Elliot

Migration of the oom / aai charts to an new repo that we will have commit access to. Harish tried to preserve the history on the existing set of files, but there was no way to do it because the commit messages would violate the 50 character limit. So we will lose history on the commits and do the push as a new code drop.
Jessica found a way to do it
Not sure if this would be pushed into El Alto release

16

Dublin Status 3

James Forsyth

Volumed run-time generated certificates are possible

James Forsyth will open Jira tickets to update the keystores in the master branches of the mS that use https
Arul Nambi will do sparky-be, search-data-service, data-router, logging-service, router-core

GraphGraph is coming, depends on expanding schema-service API
RestClient updates are potentially being contributed by community members

17

Dublin Status 4

James Forsyth

Jira

server	ONAP JIRA
serverId	425b2b0a-557c-3c0c-b515-579789cceedb
key	AAI-2219

Champ slipped below 55% with latest commit.

Tian Lee will do babel, model-loader, champ, gizmo, event-client, spike, rest-client, validation

Volumed run-time generated certificates are possible

James Forsyth will open Jira tickets to update the keystores in the master branches of the mS that use https

Arul Nambi will do sparky-be, search-data-service, data-router, logging-service, router-core

GraphGraph is coming, depends on expanding schema-service API
RestClient updates are potentially being contributed by community members

19
Code Coverage StatusJames Forsyth

code coverage to 55% for Dublin
Jira
server ONAP JIRA
serverId 425b2b0a-557c-3c0c-b515-579789cceedb
key AAI-2219

Champ slipped below 55% with latest commit.

Tian Lee will do babel, model-loader, champ, gizmo, event-client, spike, rest-client, validation
Arul Nambi will do sparky-be, search-data-service, data-router, logging-service, router-core
James Forsyth create ticket for El Alto for sparky, rolling back because of sonar failure
Venkata Harish Kajur will check aai-common, resources, traversal, graphadmin, cacher, schema-service (which probably already have the setting)
Add thresholds to all repos that are above 55% so it doesn't happen again
For setting the threshold on each repo, set it to the current percentage, so if it's is at 62.7%, set the threshold to 0.62
<jacoco.line.coverage.limit>0.68</jacoco.line.coverage.limit>
Sonar job for Dublin has been changed to using line coverage.
Code Block
<execution>
James Forsyth create ticket for El Alto for sparky, rolling back because of sonar failure
Venkata Harish Kajur will check aai-common, resources, traversal, graphadmin, cacher, schema-service (which probably already have the setting)
Add thresholds to all repos that are above 55% so it doesn't happen again
For setting the threshold on each repo, set it to the current percentage, so if it's is at 62.7%, set the threshold to 0.62

<jacoco.line.coverage.limit>0.68</jacoco.line.coverage.limit>

Sonar job for Dublin has been changed to using line coverage.

Code Block

  <execution>
                        <id>default-check</id>
                        <goals>
                            <goal>check</goal>
                        </goals> <id>default-check</id>
                        <configuration><goals>
                            <dataFile>${project.build.directory}/coverage-reports/jacoco.exec</dataFile><goal>check</goal>
                        </goals>
    <rules>
                    <configuration>
             <!--  implementation is needed only for Maven 2  -->
     <dataFile>${project.build.directory}/coverage-reports/jacoco.exec</dataFile>
                           <rule implementation="org.jacoco.maven.RuleConfiguration"> <rules>
                                <!--  implementation  <element>BUNDLE</element>
     is needed only for Maven 2  -->
                               <limits>
 <rule implementation="org.jacoco.maven.RuleConfiguration">
                                      <limit implementation="org.jacoco.report.check.Limit"><element>BUNDLE</element>
                                    <limits>
        <counter>LINE</counter>
                                    <limit implementation="org.jacoco.report.check.Limit">
          <value>COVEREDRATIO</value>
                                  <counter>LINE</counter>
          <minimum>${jacoco.line.coverage.limit}</minimum>
                                  <value>COVEREDRATIO</value>
        </limit>
                                    <minimum>${jacoco.line.coverage.limit}</limits>minimum>
                                        </rule>
limit>
                                    </rules>limits>
                                </configuration>
rule>
                            </execution>

18Dublin Use Cases

James Forsyth

Epic-of-epics:

Jira

server	ONAP JIRA
serverId	425b2b0a-557c-3c0c-b515-579789cceedb
key	AAI-2107

5G Use Case (R4 Dublin)

BBS Broadband Service Use Case (Dublin)

CCVPN Use Case (Dublin)

Change Management Dublin Extensions

Fine Grain Placement Service (F-GPS) Edge Automation (Dublin)

OpenSource Access Manager (OSAM) Use Case

K8S based Cloud Region Support

Tony Noori from AT&T will identify the ONAP POC for system engineering for AAI modelling. This person will coordinate schema changes, watch the use case wiki, jira, perform gerrit reviews, etc.

Analysis: AAI R4 Use Case and Functional Requirements Impacts

JIRA Epics count:

Jira

server	ONAP JIRA
jqlQuery	project = AAI AND issuetype = Epic AND fixVersion = "Dublin Release" ORDER BY created DESC
count	true
serverId	425b2b0a-557c-3c0c-b515-579789cceedb

rules>
                        </configuration>
                    </execution>

2019El Alto StatusJames Forsyth

No 2 way TLS in Dublin; James Forsyth will socialize early in El Alto, Due 03 Jun 2019

pnf-id change pushed to El Alto during Architecture review AAI R4 Architecture Review - 5 Mar 2019

API version update for El Alto should be co-ordinated for earlier in the cycleneeds a checklist of things to be updated, including yang classes

Jira

server	ONAP JIRA
serverId	425b2b0a-557c-3c0c-b515-579789cceedb
key	AAI-2351

JIRA Epics count:

Jira

server	ONAP JIRA
jqlQuery	project = AAI AND issuetype = Epic AND fixVersion = "El Alto Release" ORDER BY created DESC
count	true
serverId	425b2b0a-557c-3c0c-b515-579789cceedb

20Selenium Tests in SparkyArul NambiWant to share in the community potential selenium changes for the sparky UI21

Traversal Nodes query documentation

J. Ram Balasubramanian

Jira

server	ONAP JIRA
columns	key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId	425b2b0a-557c-3c0c-b515-579789cceedb
key	AAI-2202

Jira

server	ONAP JIRA
columns	key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId	425b2b0a-557c-3c0c-b515-579789cceedb
key	AAI-2383

Documentation on the search/nodes-query API is missing. James Forsyth needs to find it and publish it.

22AAI achitecture documentation

Taranjit Singh

Understanding the architecture of AAI is not easy - hard to understand how the code is laid out and how things flow. Need documention which will describe how the microservices are connected, which repos support which functions, etc. Pavel Paroulek says that he had to reverse engineer the dependencies to see how the repos are connected. Recommended to focus on the resources repo for understanding the core function of AAI.

23API version documentation

Keong Lim

Is v15 API for Dublin release?

Jira

server	ONAP JIRA
serverId	425b2b0a-557c-3c0c-b515-579789cceedb
key	AAI-1811

Why does schema-service now have v16 files?

Jira

server	ONAP JIRA
serverId	425b2b0a-557c-3c0c-b515-579789cceedb
key	AAI-2161

James Forsyth Document nodes wiki and add explanation about presence of the v15 file. Should add v14-v15 changes to release notes.

24

Open Action Items

James Forsyth Document nodes wiki and add explanation about presence of the v15 file. Should add v14-v15 changes to release notes.
James Forsyth will see how other teams manage merging release bug/security/late feature change back to master for Dublin release.

...

Space shortcuts

Page tree

Versions Compared

Old Version 2

New Version 3

Key

Open Action Items