...
| Ref | Blocking? | Status | Component | Description/Notes |
| 1 | Open | All | Scaled & Distributed Datarouter Solution. 10/20: Fiachra initiated an email thread about how Datarouter components might scale, which interfaces require TLS, and how certificates need to be managed. 10/22: Dom suggested we include kubernetes design considerations, and try to identify specific use cases to drive requirements on AAF (assumed CA capability) 10/22: Dom to document AT&T ECOMP conventions for certificates 10/24: Fiachra sent additional questions to OOM team. also, OOM-8 tracking auto-scaling. 11/7: Additional considerations: spool directory persistence, stateful sets, and SSL certificates. Also, how does Buscontroller get told about additional Nodes. 11/21: Reviewing requirements for statefulness of multiple components. For DR, files in transit need to persist. | |
| 2 | Open | DR | What is the purpose of the "groups" attribute in a subscriber? 10/22: Matt/Kim to investigate 10/24: mechanism to associate many subs to a single group. Matt to send description. 11/21: Fiachra observes that this looks more like some additional authorization method. | |
| 3 | Open | All | Use of HTTPS in dev/test environments. See Fiacha's email. "Quick question on how we are testing the DR flows. This only applies to local deploy & test. Robot CSIT would require investigation on how to implement TLS.
At present we default to "--insecure" curl option using the "-k" flag. Is this valid or should we be using some sort of TLS auth?
We can export the IntermediateCA from the cert chain and pass it via the "--cacert" flag for curl. Should this be the default way of testing DR if all end users will be required to use TLS?
//Fiachra" 10/31: Dom: http is convenient for dev/test, but at least CSIT should confirm that TLS is enabled on all API endpoints. 11/21: Plan to implement TLS in csit. Investigate how DR clients are using CA certs at present. | |
| 4 | Open | All | 11/12: As we consider scaling, are we defining any true load testing scenarios? And what are the tools we are using? | |
| 5 | Open | PTL | 11/21: Look out for email about participating in Dublin Release for M0 milestone. Bhanu to inquire w PTL team since she might be on vacation. | |
| 6 | Open | PTL | 11/21: Follow up on committer promotion requests: Sunil, Dom, Connor | |
| 7 | Open | DR | 11/21: Toby: PM Mapper desires a subscriber delivery function similar to kafka consumer groups. i.e. multiple subs to same feed - only 1 gets delivery. How to implement this? (Is group attribute useful?) | |
| 8 | Open | DR | 11/21: How to handle registration / provisioning of a new dr-node instance to an existing and/or "edge" DR deployment. Recommended to use bus-controller api. | |
| 9 | Open | DR | 10/20: Fiachra initiated an email thread about how Datarouter components might scale, which interfaces require TLS, and how certificates need to be managed. 10/22: Dom suggested we include kubernetes design considerations, and try to identify specific use cases to drive requirements on AAF (assumed CA capability) 10/22: Dom to document AT&T ECOMP conventions for certificates 11/21: TLS solution between DR components and any clients of the API (DCAE Data File Collector, DCAE PM Mapper). Jonathan Gathman mentions AAF Certificate Manager which is available for auto config in Casablanca. Several strategies available:- Common SAN in x509s, NFS cert store, etc. Ramprasad Koya / Bhanu Ramesh Recommendation is to involve PTLs in Dublin planning for component security requirements. | |
| 10 | Open | All | 11/21: Reviewing requirements for statefulness of multiple components. For DR, files in transit need to persist. |