14:31:58 <morgan_orange> #startmeeting Integration weekly sync meeting 05/02/2020 14:31:58 <collabot`> Meeting started Wed Feb 5 14:31:58 2020 UTC. The chair is morgan_orange. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:31:58 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic. 14:31:58 <collabot`> The meeting name has been set to 'integration_weekly_sync_meeting_05_02_2020' 14:32:28 <morgan_orange> #topic action point follow-up 14:32:40 <morgan_orange> #info AP1: morgan asks for LF FQDN + certificates 14:32:50 <morgan_orange> #info discussion done, for the certificates => use let's encrypt and for the FQDN LF relunctant from a legal perspective to referent a web site it does not manage, possible workaround to use another domain 14:32:56 <morgan_orange> #info AP2: bartek add tox for vCPE and vagrant files 14:33:01 <morgan_orange> #info done WIP 14:33:06 <morgan_orange> #info AP3: morgan_orange add verification-python in ci-management for integration 14:33:18 <morgan_orange> #info done WIP: https://gerrit.onap.org/r/c/ci-management/+/100985 14:33:25 <morgan_orange> #info AP4: organize ad hoc meeting with lab owners to share tooling and best practices 14:33:30 <morgan_orange> #info not done yet 14:33:35 <morgan_orange> #action morgan_orange organize ad hoc meeting with lab owners to share tooling and best practices 14:33:40 <morgan_orange> #info AP5: morgan_orange contact Kzrysztof for several updates (dcae discussion/pnf_registrate/..) 14:33:46 <morgan_orange> #info done topic planned this week 15:01:38 <morgan_orange> #topic Syncho with Seccom / OOM 15:02:12 <morgan_orange> #info several security tests have been added in CI, the goal of the meeting was to agree on SECCOM/OOM/Integration position and prepare the PTL meeting 15:02:45 <morgan_orange> #agreed pod_root is priority one, we must not have pod run as root in Frankfurt. The build chain shall be reviewed and user must be used 15:02:56 <morgan_orange> #undo 15:02:56 <collabot`> Removing item from minutes: <MeetBot.ircmeeting.items.Agreed object at 0x1d242d0> 15:03:04 <morgan_orange> #info pod_root is priority one, we must not have pod run as root in Frankfurt. The build chain shall be reviewed and user must be used 15:03:07 <morgan_orange> #agreed 15:03:44 <morgan_orange> #info java debug port must be closed - but be careful there are probably false positive (redis default port in dcae) 15:03:56 <morgan_orange> #action pawel complete the scripts to exclude false positive 15:04:38 <morgan_orange> #info cis: it will be hard to fix everything ... if we want to keep ONAP up&running, in other word it is possible to become cis compliant but ONAP will not run anymore 15:05:35 <morgan_orange> #info goal is to reduce the number of FAIL + keep ONAP runnable + evaluate modifications for next release to move to a CIS compliant k8S for ONAp (somehow problems ~ to those reported leading to non cloud native solution at the end) 15:06:38 <morgan_orange> #info http ports - not trivial. The solution consisting in stopping exposing some of them may lead to side effects (Serve mesh PoC could not work in some conditions) 15:08:57 <morgan_orange> #info we need to review the list of the current 20 http open ports (robot, portal-sdk, portal-app, message-router, dmaap-bc, log-kibana, log-es, dmaap-dr-prov, cli , consul-server-ui, sniro-emulator , refrepo , uui , config-binding-service , dashboard, netbox-nginx, music-tomcat , cds-blueprints-processor-http, aaf-fs 15:09:10 <morgan_orange> #info some exceptions are already known: aaf-fs 15:09:56 <morgan_orange> #info the goal for Frankfurt is to close what is really not needed 15:10:51 <morgan_orange> #topic Admin 15:11:07 <morgan_orange> #info Specific Integration milestones to be defined and reported to David McBride 15:11:14 <morgan_orange> #link https://wiki.onap.org/display/DW/Integration+M4+milestone+possible+evolution 15:11:37 <morgan_orange> #action all review the page and adjust the criteria / morgan to report to David before the end of the week 15:12:04 <morgan_orange> #info Update on Integration verification job: WIP, ci-management job has been merged, tox.ini to be introduced by Bartek 15:12:09 <morgan_orange> #topic lab status 15:12:56 <morgan_orange> #info gitlab runner installed on windriver lab, first tests showed that it was possible to trigger CI chains from gitlab.com on windriver through the runner without the VPN, so it should be possible to launch Daily CI chain in windriver lab 15:13:08 <morgan_orange> #topic Frankfurt status 15:13:53 <morgan_orange> #info CI status: Master relatively stable over the last days: only 3 pods failed today but APPC healthcheck is failing (as well as OOF and VFC), distribution and End to End tests are failing 15:14:03 <morgan_orange> #action morgan_orange create JIRA on OOF and VFC 15:14:48 <morgan_orange> #info Use case update (Selenium, DCAE update,..) => Krzstztof and Brian not present, lets sync by maul 15:14:58 <morgan_orange> #topic AoB 15:15:24 <morgan_orange> #info Bartek about to submit the tox.ini to introduce verification in integration repository 15:16:00 <morgan_orange> #info vCPE use case: SDNC DB bug fixed by SDNC team, but new issues probably due to ONAP instability 15:16:51 <morgan_orange> #info Pawel:update on the tests planned (especially to manage false positive). Pawel aso suggests to move ingress_nodeports to infrastructure healthcheck category (not really security) 15:17:09 <morgan_orange> #action morgan move ingress_nodeport to infrastructure-healthcheck 15:17:25 <morgan_orange> #info morgan integration of kube-hunter from aquasecurity in progress 15:17:58 <morgan_orange> #endmeeting