=================================== #opnfv-meeting: INFRA working group =================================== Meeting started by uli-k at 04:31:47 UTC. The full logs are available at http://ircbot.wl.linuxfoundation.org/meetings/opnfv-meeting/2016/opnfv-meeting.2016-11-23-04.31.log.html . Meeting summary --------------- * Bryan Sullivan (bryan_att, 04:31:54) * roll call (uli-k, 04:31:56) * thaj (thaj, 04:32:01) * Jack Morgan (jmorgan1, 04:32:03) * meimei (May-meimei, 04:32:11) * add two things to agenda: (uli-k, 04:34:20) * Daniel Smith (migrating but listening :) ) (DanSmithEricsson, 04:34:20) * vPOD assignments (uli-k, 04:34:40) * Jingbo Hao (Kingpoo, 04:34:42) * update on common config files (uli-k, 04:34:53) * Helen Yao (HelenYao, 04:35:06) * vPOD assignment requests (uli-k, 04:35:47) * Netready, Opera, Domino requested vPOD (uli-k, 04:36:55) * Dan explains he provides vPODs usually for three weeks and then releases. (uli-k, 04:40:00) * we offer Ericsson vPOD to Netready and Huawei vPODs to domino and to Opera. (uli-k, 04:42:43) * static tests (uli-k, 04:42:56) * LINK: https://wiki.opnfv.org/display/security/Security+Scanning (May-meimei, 04:43:57) * May-meimei and Haojingbo explain we have some tools already in community (uli-k, 04:46:19) * proposal to have a list of scanning tools on wiki (uli-k, 04:47:03) * question: is security-scanning the right place? (uli-k, 04:48:19) * question: should we also scan the test infrastructure and CI environment? (uli-k, 04:49:35) * AGREED: to start a discussion with security-scanning team (uli-k, 04:50:33) * I am unclear if the request was to add these additional tools to the security scanning program generally, or specifically to the infra environment for OPNFV, eg as part of the normal CI process (bryan_att, 04:50:34) * in the CI process these tools might provide additional info on vulnerabilities that exist in the system as being tested in CI, so that was my sense of the suggestion (bryan_att, 04:51:36) * suggestion to add basic info on the tools to the wiki, e.g. which errors can be found. (uli-k, 04:51:39) * LINK: https://build.opnfv.org/ci/job/opnfv-lint-verify-master/ (May-meimei, 04:51:40) * LINK: https://gerrit.opnfv.org/gerrit/#/c/24615/ (May-meimei, 04:52:08) * the question is whether we have security scanning as a job in the jenkins process (bryan_att, 04:52:14) * we collect more information and then go forward here. (uli-k, 04:55:21) * I think adding/expanding security scanning as a process in CI is a good goal, given that it adds value (e.g. finds some issues, which should be expected especially in the early stages of use, and later helps us track when those issues are resolved) (bryan_att, 04:55:36) * Requirements by Dovetail on infrastructure (uli-k, 04:55:56) * re Pharos spec, the question is whether a SUT should mimic the Pharos spec or more generally follow the "spirit" of the pharos spec (bryan_att, 05:02:52) * Jack recommends that Dovetail work with the Infra team to define the questions more clearly (bryan_att, 05:04:52) * OPNFV compliancy will probably not require to run on a Pharos-compliant lab. (uli-k, 05:07:14) * Dovetail currently doesn't need to be integrated in some way to CI (uli-k, 05:09:32) * Since dovetail will create the compliancy tests later than the OPNFV code is developed, an integration of dovetail tests to ci jobs is probably currently not necessary. (uli-k, 05:11:09) * ACTION: wenjing to schedule dovetail discussion on hackfest (uli-k, 05:12:12) * common config filest (uli-k, 05:12:25) * does this plan include also the deployed config of the OPNFV scenario, e.g. the admin-openrc.sh file (a common place and core variable set), OpenStack config settings (external network name, region name, project names, etc...) (bryan_att, 05:15:24) * the goal is for tests to avoid having to guess this info from the environment (bryan_att, 05:16:07) * there is a difference between the "intent" (how things should be built) vs the end-state (how things *were* built including any options for the settings of the VIM installations) (bryan_att, 05:17:01) * but in the end we need (1) easily discoverable, common settings for the install (intended and as executed); (2) to be able to specify how we want the configuration (hardware and software settings) (bryan_att, 05:18:40) * we need to distinguish which information should go into POD descriptor versus scenario descriptor or be dynamically created info (uli-k, 05:23:10) * POD descriptor should describe the reality - what is there in the POD (uli-k, 05:23:30) * scenario descriptor should describe what the installer has to do (deploy and configure during deployment) (uli-k, 05:23:59) * additionally the installer needs to provide some information of the deployment to the user. This information will change for every deployment (uli-k, 05:24:51) * aob: feedback on meeting time (uli-k, 05:27:14) * participants appreciate some way of rotating (uli-k, 05:28:21) * makes sense to me; there are three things - the pod descriptor (actual hardware information); scenario use intent for the hardware and software settings (e.g. which NICs have which role, or the intended VIM settings); as-deployed state (including additonal VIM settings that were decided by the installer or unspecified in the scenario file) (bryan_att, 05:28:54) * we don't have any participation from eastcoast today (uli-k, 05:29:40) * I'm good with rotating the schedule (bryan_att, 05:30:06) * AGREED: fdegir, jmorgan1 and uli-k will observe this for some time to develop the best way (uli-k, 05:31:45) * bryan_att recommends again to put as much as possible into the IRC (uli-k, 05:33:14) Meeting ended at 05:34:12 UTC. People present (lines said) --------------------------- * uli-k (35) * bryan_att (15) * DanSmithEricsson (6) * jmorgan1 (6) * May-meimei (5) * collabot` (4) * Kingpoo (2) * HelenYao (1) * thaj (1) Generated by `MeetBot`_ 0.1.4