#onap-int log

14:31:58 <morgan_orange> #startmeeting Integration weekly sync meeting 05/02/2020
14:31:58 <collabot`> Meeting started Wed Feb  5 14:31:58 2020 UTC.  The chair is morgan_orange. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:31:58 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:31:58 <collabot`> The meeting name has been set to 'integration_weekly_sync_meeting_05_02_2020'
14:32:28 <morgan_orange> #topic action point follow-up
14:32:40 <morgan_orange> #info AP1: morgan asks for LF FQDN + certificates
14:32:50 <morgan_orange> #info discussion done, for the certificates => use let's encrypt and for the FQDN LF relunctant from a legal perspective to referent a web site it does not manage, possible workaround to use another domain
14:32:56 <morgan_orange> #info AP2: bartek add tox for vCPE and vagrant files
14:33:01 <morgan_orange> #info done WIP
14:33:06 <morgan_orange> #info AP3: morgan_orange add verification-python in ci-management for integration
14:33:18 <morgan_orange> #info done WIP: https://gerrit.onap.org/r/c/ci-management/+/100985
14:33:25 <morgan_orange> #info AP4: organize ad hoc meeting with lab owners to share tooling and best practices
14:33:30 <morgan_orange> #info not done yet
14:33:35 <morgan_orange> #action morgan_orange organize ad hoc meeting with lab owners to share tooling and best practices
14:33:40 <morgan_orange> #info AP5: morgan_orange contact Kzrysztof for several updates (dcae discussion/pnf_registrate/..)
14:33:46 <morgan_orange> #info done topic planned this week
15:01:38 <morgan_orange> #topic Syncho with Seccom / OOM
15:02:12 <morgan_orange> #info several security tests have been added in CI, the goal of the meeting was to agree on SECCOM/OOM/Integration position and prepare the PTL meeting
15:02:45 <morgan_orange> #agreed pod_root is priority one, we must not have pod run as root in Frankfurt. The build chain shall be reviewed and user must be used
15:02:56 <morgan_orange> #undo
15:02:56 <collabot`> Removing item from minutes: <MeetBot.ircmeeting.items.Agreed object at 0x1d242d0>
15:03:04 <morgan_orange> #info  pod_root is priority one, we must not have pod run as root in Frankfurt. The build chain shall be reviewed and user must be used
15:03:07 <morgan_orange> #agreed
15:03:44 <morgan_orange> #info java debug port must be closed - but be careful there are probably false positive (redis default port in dcae)
15:03:56 <morgan_orange> #action pawel complete the scripts to exclude false positive
15:04:38 <morgan_orange> #info cis: it will be hard to fix everything ... if we want to keep ONAP up&running, in other word it is possible to become cis compliant but ONAP will not run anymore
15:05:35 <morgan_orange> #info goal is to reduce the number of FAIL + keep ONAP runnable + evaluate modifications for next release to move to a CIS compliant k8S for ONAp (somehow problems ~ to those reported leading to non cloud native solution at the end)
15:06:38 <morgan_orange> #info http ports - not trivial. The solution consisting in stopping exposing some of them may lead to side effects (Serve mesh PoC could not work in some conditions)
15:08:57 <morgan_orange> #info we need to review the list of the current 20 http open ports (robot, portal-sdk, portal-app, message-router, dmaap-bc, log-kibana, log-es, dmaap-dr-prov, cli , consul-server-ui, sniro-emulator , refrepo , uui , config-binding-service , dashboard, netbox-nginx, music-tomcat , cds-blueprints-processor-http, aaf-fs
15:09:10 <morgan_orange> #info some exceptions are already known: aaf-fs
15:09:56 <morgan_orange> #info the goal for Frankfurt is to close what is really not needed
15:10:51 <morgan_orange> #topic Admin
15:11:07 <morgan_orange> #info Specific Integration milestones to be defined and reported to David McBride
15:11:14 <morgan_orange> #link https://wiki.onap.org/display/DW/Integration+M4+milestone+possible+evolution
15:11:37 <morgan_orange> #action all review the page and adjust the criteria / morgan to report to David before the end of the week
15:12:04 <morgan_orange> #info Update on Integration verification job: WIP, ci-management job has been merged, tox.ini to be introduced by Bartek
15:12:09 <morgan_orange> #topic lab status
15:12:56 <morgan_orange> #info gitlab runner installed on windriver lab, first tests showed that it was possible to trigger CI chains from gitlab.com on windriver through the runner without the VPN, so it should be possible to launch Daily CI chain in windriver lab
15:13:08 <morgan_orange> #topic Frankfurt status
15:13:53 <morgan_orange> #info CI status: Master relatively stable over the last days: only 3 pods failed today but APPC healthcheck is failing (as well as OOF and VFC), distribution and End to End tests are failing
15:14:03 <morgan_orange> #action morgan_orange create JIRA on OOF and VFC
15:14:48 <morgan_orange> #info Use case update (Selenium, DCAE update,..) => Krzstztof and Brian not present, lets sync by maul
15:14:58 <morgan_orange> #topic AoB
15:15:24 <morgan_orange> #info Bartek about to submit the tox.ini to introduce verification in integration repository
15:16:00 <morgan_orange> #info vCPE use case: SDNC DB bug fixed by SDNC team, but new issues probably due to ONAP instability
15:16:51 <morgan_orange> #info Pawel:update on the tests planned (especially to manage false positive). Pawel aso suggests to move ingress_nodeports to infrastructure healthcheck category (not really security)
15:17:09 <morgan_orange> #action morgan move ingress_nodeport to infrastructure-healthcheck
15:17:25 <morgan_orange> #info morgan integration of kube-hunter from aquasecurity in progress
15:17:58 <morgan_orange> #endmeeting