#onap-int: Integration weekly sync meeting 05/02/2020

Meeting summary

1. action point follow-up (morgan_orange, 14:32:28)
   1. AP1: morgan asks for LF FQDN + certificates (morgan_orange, 14:32:40)
   2. discussion done, for the certificates => use let's encrypt and for the FQDN LF relunctant from a legal perspective to referent a web site it does not manage, possible workaround to use another domain (morgan_orange, 14:32:50)
   3. AP2: bartek add tox for vCPE and vagrant files (morgan_orange, 14:32:56)
   4. done WIP (morgan_orange, 14:33:01)
   5. AP3: morgan_orange add verification-python in ci-management for integration (morgan_orange, 14:33:06)
   6. done WIP: https://gerrit.onap.org/r/c/ci-management/+/100985 (morgan_orange, 14:33:18)
   7. AP4: organize ad hoc meeting with lab owners to share tooling and best practices (morgan_orange, 14:33:25)
   8. not done yet (morgan_orange, 14:33:30)
   9. ACTION: morgan_orange organize ad hoc meeting with lab owners to share tooling and best practices (morgan_orange, 14:33:35)
   10. AP5: morgan_orange contact Kzrysztof for several updates (dcae discussion/pnf_registrate/..) (morgan_orange, 14:33:40)
   11. done topic planned this week (morgan_orange, 14:33:46)
   
   
2. Syncho with Seccom / OOM (morgan_orange, 15:01:38)
   1. several security tests have been added in CI, the goal of the meeting was to agree on SECCOM/OOM/Integration position and prepare the PTL meeting (morgan_orange, 15:02:12)
   2. pod_root is priority one, we must not have pod run as root in Frankfurt. The build chain shall be reviewed and user must be used (morgan_orange, 15:03:04)
   3. AGREED: (morgan_orange, 15:03:07)
   4. java debug port must be closed - but be careful there are probably false positive (redis default port in dcae) (morgan_orange, 15:03:44)
   5. ACTION: pawel complete the scripts to exclude false positive (morgan_orange, 15:03:56)
   6. cis: it will be hard to fix everything ... if we want to keep ONAP up&running, in other word it is possible to become cis compliant but ONAP will not run anymore (morgan_orange, 15:04:38)
   7. goal is to reduce the number of FAIL + keep ONAP runnable + evaluate modifications for next release to move to a CIS compliant k8S for ONAp (somehow problems ~ to those reported leading to non cloud native solution at the end) (morgan_orange, 15:05:35)
   8. http ports - not trivial. The solution consisting in stopping exposing some of them may lead to side effects (Serve mesh PoC could not work in some conditions) (morgan_orange, 15:06:38)
   9. we need to review the list of the current 20 http open ports (robot, portal-sdk, portal-app, message-router, dmaap-bc, log-kibana, log-es, dmaap-dr-prov, cli , consul-server-ui, sniro-emulator , refrepo , uui , config-binding-service , dashboard, netbox-nginx, music-tomcat , cds-blueprints-processor-http, aaf-fs (morgan_orange, 15:08:57)
   10. some exceptions are already known: aaf-fs (morgan_orange, 15:09:10)
   11. the goal for Frankfurt is to close what is really not needed (morgan_orange, 15:09:56)
   
   
3. Admin (morgan_orange, 15:10:51)
   1. Specific Integration milestones to be defined and reported to David McBride (morgan_orange, 15:11:07)
   2. https://wiki.onap.org/display/DW/Integration+M4+milestone+possible+evolution (morgan_orange, 15:11:14)
   3. ACTION: all review the page and adjust the criteria / morgan to report to David before the end of the week (morgan_orange, 15:11:37)
   4. Update on Integration verification job: WIP, ci-management job has been merged, tox.ini to be introduced by Bartek (morgan_orange, 15:12:04)
   
   
4. lab status (morgan_orange, 15:12:09)
   1. gitlab runner installed on windriver lab, first tests showed that it was possible to trigger CI chains from gitlab.com on windriver through the runner without the VPN, so it should be possible to launch Daily CI chain in windriver lab (morgan_orange, 15:12:56)
   
   
5. Frankfurt status (morgan_orange, 15:13:08)
   1. CI status: Master relatively stable over the last days: only 3 pods failed today but APPC healthcheck is failing (as well as OOF and VFC), distribution and End to End tests are failing (morgan_orange, 15:13:53)
   2. ACTION: morgan_orange create JIRA on OOF and VFC (morgan_orange, 15:14:03)
   3. Use case update (Selenium, DCAE update,..) => Krzstztof and Brian not present, lets sync by maul (morgan_orange, 15:14:48)
   
   
6. AoB (morgan_orange, 15:14:58)
   1. Bartek about to submit the tox.ini to introduce verification in integration repository (morgan_orange, 15:15:24)
   2. vCPE use case: SDNC DB bug fixed by SDNC team, but new issues probably due to ONAP instability (morgan_orange, 15:16:00)
   3. Pawel:update on the tests planned (especially to manage false positive). Pawel aso suggests to move ingress_nodeports to infrastructure healthcheck category (not really security) (morgan_orange, 15:16:51)
   4. ACTION: morgan move ingress_nodeport to infrastructure-healthcheck (morgan_orange, 15:17:09)
   5. morgan integration of kube-hunter from aquasecurity in progress (morgan_orange, 15:17:25)

Action items

1. morgan_orange organize ad hoc meeting with lab owners to share tooling and best practices
2. pawel complete the scripts to exclude false positive
3. all review the page and adjust the criteria / morgan to report to David before the end of the week
4. morgan_orange create JIRA on OOF and VFC
5. morgan move ingress_nodeport to infrastructure-healthcheck

Action items, by person

1. morgan_orange
   1. morgan_orange organize ad hoc meeting with lab owners to share tooling and best practices
   2. morgan_orange create JIRA on OOF and VFC
2. UNASSIGNED
   1. pawel complete the scripts to exclude false positive
   2. all review the page and adjust the criteria / morgan to report to David before the end of the week
   3. morgan move ingress_nodeport to infrastructure-healthcheck

People present (lines said)

1. morgan_orange (45)
2. collabot` (4)