Table of Contents |
---|
Key Contacts - Byung-Woo Jun (Ericsson)
Note: The ONAP Streamlining - The Process has been approved by ONAP TSC
ONAP Benefits to the Industry
Contribution - Great Accomplishments!
...
ONAP Deployment Dependencies (by Andreas Geissler)
See ONAP deployment dependenciesevolution
ONAP Helm Charts Dependencies (by Andreas Geissler)
...
Each ONAP component needs to meet code security practices and certifications that are defined by SECCOM. There would be no direct impact for ONAP Streamlining; i.e., business is as usual.
Additional analysis will be provided as needed.
ONAP
...
SECCOM Roles
The following lists ONAP SECCOM roles and duties:
- Provide global requirements and best practices and audit tests - example: require secure code
- Provide secure reference implementation and documentation - example: logging, service mesh, external security with authentication and authorization
- Prioritize vulnerability fixes
- prioritize secure enhancements
- Proposal: ONAP projects work with latest version of common components such as Istio, KeyCloak, Kafka, Ingress...
ONAP Component Logging Analysis
- ONAP supports open-source and standard-based logging.
- ONAP already separates log generation from log collection / aggregation/persistence/visualization/analysis.
- Each ONAP component handle log generation only thru STDOUT and STDERR, by following ONAP security logging fields – global requirements, https://wiki.onap.org/display/DW/Security+Logging+Fields+-+Global+Requirement
- The log destination will be configured
- Log collection agent(s) will be configured; ONAP reference configuration is using FluentBit as the collection agent;
- ONAP uses a separate privileged namespace to deploy FluentBit for security reasons
- Vendors/operators can configure it differently, based on their needs
- Vendors/operators can realize and configure the log collection/ aggregation/persistence/visualization with their own logging ecosystem
- There will be no/minor impact on logging due to ONAP component disaggregation
ONAP Component Focused Integrated Testing
- ONAP supports clustering components by use cases:
- Selection of the best components for a particular task in systems
- Responsive integration and delivery
- ONAP still can provide reference automation for coordination
- ONAP E2E integration testing can be performed for code quality.
- Focused Integration testing can be performed, based on use cases.
- Additional analysis will be provided as needed.
Release Management Tasks
- Marketing version, Montreal, will be scheduled as the previous releases.
- Setting release schedule plans for Montreal
- The Marketing version will be used as the Major version by ONAP projects
- PTLs decide the minor and patch versions, based on their project release cycles and share the project versioning with TSC
- Provide each component release flexibility and evolution
- Integration & Pair-wise testing
- Integration testing will continue to increase ONAP project overall qualities
- Pair-wise testing will continue but it will be based on use cases
- Project testing will be performed by each project team
- For Montreal, security scanning will continue as before
Based on feedback during the Montreal, the release plan can be revisited
Montreal Release Plan Proposal
- Each PTL determines their project agile cycle(s) based their features
- PTLs/Feature owners coordinate with ARCCOM/REQCOM/SECCOM/TSC for the feature review and approval per agile iteration
- PTLs/Feature owners may work with OOM, INT and DOC for build, testing and documentation, as needed
- project release specific documentation should be handled in a automated fashion (e.g., scripts; PTLs create the release-specific rst and scripts put the rst contents into RTD)
- Each agile iteration/sprint is reviewed and critiqued by the project team (and ARCCOM/REQCOM/SECCOM/INT/TSC as needed…) and is used to determine what the next step (PTL decides it) until RC
- e.g., priorities, guidance, standards, security…
- After Montreal, we may want to revisit the Marketing release RC and Sign off
Documentation Versioning Proposal
- Use of Marketing version along with minor and patch version(s): current ones
- Suggestion (checking possibilities)
- https://docs.onap.org/en/latest/
- https//docs.onap.org/projects/onap-doc/en/montreal/index.html // for main doc page
- https//docs.onap.org/projects/onap-projectname/en/x.y.z/index.html
- https://docs.onap.org/projects/onap-cps/en/13.1.1/index.html // support project-specific doc versioning
- https://docs.onap.org/projects/onap-cps/en/13.0.1/index.html // support project-specific doc versioning
Special Interest Group (SIG) - TBD...
- Technical coordination and governance (former TSC)
- Architecture & Interoperability (could be on LFN level)
- LFN security
- LFN common practices
- Modeling
- LFN documentation consistency
- Technical outreach (SDO & Open-source)
Presentation
- ONAP Streamlining - The Process at SECCOM and ARCCOM, 2023-7-18, https://jira.onap.org/secure/attachment/18920/ONAP%20-%20Streamlining%20the%20process-2023-7-18-v2.pptx
- ONAP Streamlining - The Process, presentation slide deck for TSC, 2023-8-3, ONAP - Streamlining the process Report-2023-8-3.pptx
- ONAP Streamlining - The Process, presentation slide deck - v2, ONAP - Streamlining the process Report-2023-8-3-v2.pptx
- ONAP Streamlining - The Process, work items
- ONAP supports open-source and standard-based logging.
- ONAP already separates log generation from log collection / aggregation/persistence/visualization/analysis.
- Each ONAP component handle log generation only thru STDOUT and STDERR, by following ONAP security logging fields – global requirements, https://wiki.onap.org/display/DW/Security+Logging+Fields+-+Global+Requirement
- The log destination will be configured
- Log collection agent(s) will be configured; ONAP reference configuration is using FluentBit as the collection agent;
- ONAP uses a separate privileged namespace to deploy FluentBit for security reasons
- Vendors/operators can configure it differently, based on their needs
- Vendors/operators can realize and configure the log collection/ aggregation/persistence/visualization with their own logging ecosystem
- There will be no/minor impact on logging due to ONAP component disaggregation
ONAP Component Focused Integrated Testing
- ONAP supports clustering components by use cases:
- Selection of the best components for a particular task in systems
- Responsive integration and delivery
- ONAP still can provide reference automation for coordination
- ONAP E2E integration testing can be performed for code quality.
- Focused Integration testing can be performed, based on use cases.
- Additional analysis will be provided as needed.
Release Management Tasks - TBD...
- Marketing version, Montreal, will be scheduled as the previous releases.
- Setting release schedule plans for Montreal
- The Marketing version will be used as the Major version by ONAP projects
- PTLs decide the minor and patch versions, based on their project release cycles and share the project versioning with TSC
- Provide each component release flexibility and evolution
- Integration & Pair-wise testing
- Integration testing will continue to increase ONAP project overall qualities
- Pair-wise testing will continue but it will be based on use cases
- Project testing will be performed by each project team
- For Montreal, security scanning will continue as before
Based on feedback during the Montreal, the release plan can be revisited
Special Interest Group (SIG) - TBD...
- Technical coordination and governance (former TSC)
- Architecture & Interoperability (could be on LFN level)
- LFN security
- LFN common practices
- Modeling
- LFN documentation consistency
- Technical outreach (SDO & Open-source)
Presentation
- ONAP Streamlining - The Process at SECCOM and ARCCOM, 2023-7-18, https://jira.onap.org/secure/attachment/1892018952/ONAP%20-%20Streamlining%20the%20processONAPStreamliningWorkItems-2023-78-18-v222.pptx
- ONAP Streamlining - The Process, presentation slide deck for TSC, 2023-8-3, ONAP - Streamlining the process ReportRelease Plan, https://jira.onap.org/secure/attachment/18956/ONAP%20-%20Streamlining%20the%20process%20Report-2023-8-329-v3.pptx
- ONAP Streamlining - The Process, presentation slide deck - v2, ONAP - Streamlining the process Report-2023-8-3-v2Release Plan for TSC approval, at https://jira.onap.org/secure/attachment/18969/ONAP%20-%20Streamlining%20the%20process%20Report-2023-9-7-v1.pptx
References
- ONAP Streamlining LFN D&TF June 2023 presentation, https://wiki.lfnetworking.org/download/attachments/82906137/ONAP%20-%20Streamlining%20the%20process-v7.pdf?version=1&modificationDate=1686246324000&api=v2
- ONAP Deployment dependencies (by Andreas Geissler), ONAP deployment dependenciesevolution
- ONAP Helm chart dependencies (by Andreas Geissler), ONAP Helm chart dependencies
...