Versions Compared

Old Version 54

changes.mady.by.user Tapio Tallgren

Saved on

compared with

New Version Current

changes.mady.by.user Srinivasan Selvam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Weekly on Wednesdays at 8:00 AM PST / 11:00 AM EST.Join URL


Akraino Edge Stack 1 is inviting you to a scheduled Zoom meeting.

Topic: Blueprint Validation
Time: Sep 23, 2020 03:00 PM Universal Time UTC
Every week on Wed, until Sep 1, 2021, 50 occurrence(s)

Please download and import the following iCalendar (.ics) files to your calendar system.
Weekly: https://zoom.us/j/459272075meeting/uZEkde6qrjwv3tbXTirGL_mMDLePAUznKw/ics?icsToken=98tyKu2tpzktGNSStVztd60tE9r8bPH2lCJaqJtplQ3CLx9eTyfaM9JjB6hxO8-B

Join Zoom Meeting
https://zoom.us/j/459272075?pwd=M3gwQ3JUaTYvZHhrVUpqL0ZzOTBudz09

Meeting ID: 459 272 075
Passcode: 311342
One tap mobile
+13462487799,,459272075# US (Houston)
+16699006833,,459272075# US (San Jose)

Dial by your location
+1 346 248 7799 US (Houston)

Dial by your location
        +1 669 900 6833 US (San Jose)
        +1 646 558 8656253 215 8782 US (New YorkTacoma)
        +1 877 369 0926 US Toll312 626 6799 US (Chicago)
+1 646 558 8656 US (New York)
+1 301 715 8592 US (Germantown)
877 369 0926 US Toll-free
        +1 855 880 1246 US Toll-free
+1 438 809 7799 Canada
+1 587 328 1099 Canada
+1 647 374 4685 Canada
+1 647 558 0588 Canada
+1 778 907 2071 Canada
+1 204 272 7920 Canada
855 703 8985 Canada Toll-free
Meeting ID: 459272075459 272 075
Find your local number: https://zoom.us/u/acimKOClJkalZMq7OBg



Introductory webcast recording


Notes

Release 2 readiness

...

July 7, 2021

MOM:

  • Discussed for EALT-EDGE Blueprint, ELIOT IOTGateway and ELIOT uCPE Blueprint sonobuoy conformance test / results
  • Discussion → Sonobuoy will execute properly with K8s minimum 3 Node cluster (1 master + 2 worker nodes)
  • Discussion → Sonobuoy support for 1.17.2 → Need to be confirmed by validation team

June 16, 2021

  • Agenda: 
    • Making progress for BluVal to support K8s version v1.18, the patch set is under test
    • Need to identify which R5 blueprints support K8s versions v1.19, v1.20
    • Further discussed possibility for using multiple BluVal releases to support K8s v1.18, v1.19, v1.20
    • Discussed testing compatibility of container run times such as Docker, Containerd, LXC,  CRI-O
    • Discussed supporting popular combinations first, so majority of BPs can be supported
    • Need support for Debian Linux, in R4 we have 3 BPs which support Debian
    • Discussed high level approach for integrating Anuket RC2 tests into BluVal using Robot layer
    • Tina recommended we should provide an update to TSC meeting on June 17th
  • Participants:  Tina Tsou Deepak Kataria Thor Chin Sirisha Gopigiri

June 9, 2021

June 2, 2021

  • Agenda: 
    • Discuss uplift of BluVal to support K8s versions higher than v1.16
    • Integrate Anuket RC2 tests into BluVal
    • Integrate Chaos Tests in BluVal
    • Leverage BluVal UI for improved user experience
    • Integrate enhancements from security sub-committee
  • Participants:  Tina Tsou Deepak Kataria Arif Jason
  • Deepak Kataria presenting BluVal at LFN Developer & Testing Forum, taking place June 7-10, 2021. Presentation scheduled on June 8th

November 11, 2020


October 28, 2020

October 21, 2020

July 29, 2020

  • Reviews, Jiras etc. - same as on July 15th;
  • Debugging a bluval issue with the IEC Type 4 Team - turns out there was some YAML formatting issue;
  • Proposal: Add a yamllint sanity check for `blueval-<blueprint>` files before actually running bluval, which should help new users figure out if they're running into YAML formatting issues or whether it's an actual bluval traceback (right now bluval throws a pretty cryptic error message with a yaml.safe_load traceback when bluval configuration files have formatting issues, e.g. wrong identation);

July 22, 2020

  • Reviews, Jiras etc. - same as on July 15th;
  • No participants, the usual participants being all on vacation currently;

July 15, 2020

  • Reviews:
    • 3601 pending peer review
    • 3604 pending peer review
  •  Jiras:
    • Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-119
       is ongoing
  • Tina Tsou mentioned that the Bluval User Guide is not very friendly towards new users who haven't previously worked with LF infrastructure - particularly the LF specific terms could use a little more background (e.g. jumpserver, SUT etc.);
  • we agreed to open a new JIRA ticket for improving the Bluval User Guide with the used terminology / abbreviations;

July 8, 2020

  • Reviews:
    • 3601 pending peer review
    • 3604 pending peer review
  •  Jiras:
    • Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-119
       is ongoing
  • Cynthia Billovits is working with upstream developers - they said they fixed the issue we reported, but it turns out it still needs more work - we're waiting on them to get back to us hopefully later today.

July 1, 2020

  • Tapio Tallgren will be on holiday for next four weeks; Alex will host the meeting for the first two weeks
  • Jiras:
    • Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-117
       is merged
    • Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-119
       is ongoing

June 24, 2020

  • CentOS 8 is not supported in Bluval. We had a discussion about this topic last time and agreed that this should be documented somewhere 
    • Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-117
       is for CentOS 8 support
    • Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-119
       is for the documentation issue
  • Bluval debugging capabilities can still be improved. Ideas from last time:
    • Enable debugging with a single flag in variables.yaml 
      Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-120
    • Add "test" test cases which will validate that e.g the ssh connection works. This is often the first problem users have 
      Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-121


June 10, 2020

  • Reviews:
  • Lynis/Vuls automation
  • Debugging support:  new very simple test cases like
    • Ping to host
    • Ssh access to SUT
    • Volume mount 

June 3, 2020

May 13, 2020

May 06, 2020

April 29, 2020

April 22, 2020

  • Update from security group
    • Lynis: Some of the tests have points attaches to them and some do not
    • The points can be used to create some kind of metric
    • Will try to create a list of acceptable and non-acceptable failures
    • Kube-hunter is being studied
  • Two Jira tickets to be created:
    • k8s conformance is mysteriously failing (from Srinivasan Selvam)
    • KNI validation jobs are not running

April 15, 2020 (recording)

  • Security group update
    • For Vuls and other tests that use CVE tagging:
      • High and medium vulnerabilities are mandatory, so the test fails if any of those fails
      • If the vulnerabilities cannot be fixed, they must be handled as exceptions and documented
      • The exceptions could have time limits
    • For Lynis: gives a hardening index but it is difficult to use that
      • There could be low bar and any test score below it should just fail
      • Any test score above a high bar should pass
      • Test scores between the low and high would need to be analyzed
      • The high score could be the same as passing all high and medium priority tests
    • Kube-hunter: work in progress
  • https://gerrit.akraino.org/r/c/ci-management/+/3356
  • https://gerrit.akraino.org/r/c/ci-management/+/3358
  • Tagging 3.0

April 8, 2020

April 1, 2020

  • Presentation now done, another coming
    • Clarification: Redfish only has Use Case testing (which is what is packaged in Bluval)
  • What should kubehunter return?
    • Robot has some third alternative between "pass" and "fail", Juha will investigate
    • If a security tool finds vulnerabilities, it could be pass since the requirement is to run the tests but this could imply that there is nothing to investigate
    • The vulnerabilities could be harmless in the end, so fail would also be misleading
    • Later on, there can be a whitelist of "harmless" warnings
  • Tagging Release 3.0
    • Can be done after the changes to security tests
    • Cristina will do the tagging
  • Status
    • Patches for CI integration have been merged
    • Vuls fails when run after other tests; Daniel is investigating
    • Juha will send the kubehunter sample report to security@lists.akraino.org

March 25, 2020

  • Presentation to TSC
  • Vuls and lynis on CI: https://gerrit.akraino.org/r/c/validation/+/3306
  • Discussion with Security Committee:
    • Interpreting the results from the vulnerability tests will require understanding how the project is used
    • Thus, the evaluation must be done together with the project PTL
    • The Security Committee requested a sample document from the tests
  • Presentation to Akraino TSC+PTLs next week Tuesday:
    • Start with the list of mandatory tests (Tapio)
    • Show hands-on how to run the tests (Juha)
    • Show how to run the tests in CI and copy the results (Cristina?)
    • Show the results in UI (Ioakeim?)

March 18, 2020

  • Updates from Tapio:
    • The mandatory tests presentation was approved by TSC
    • I asked the Security team for input but got nothing this far
    • I have not received any comments from Blueprints
    • There is one Blueprint (Network Cloud) that is using OpenStack so we will keep Tempest in
  • There can be some tests coming from the O-RAN community
  • No progress on UI full control loop
  • KPI project might bring in some performance testing
  • Juha will update the tempest tests
  • Daniel is working on integrating the security tests in CI

March 11, 2020

  • We discussed the proposal for mandatory tests for Release 3:

View file
nameMandatory tests for Akraino Release 3.pdf
height250

March 4, 2020

  • Vuls improvements
    • Ubuntu 18 is now running on ARM
    • CentOS also seems to work
    • The size is now 1.5 Gb, mainly due to (a) compressing the database and (b) doing a multi-stage build
  • Jenkins documentation: Running bluval in CI
  • Updates from TSC meeting:
    • Bluval will be mandatory for all projects
    • New project proposal: Kontour (KPI)
    • CNTT/CNF-conformance?



February 26, 2020

  • Vuls is integrated for Ubuntu 16
    • CentOS and Ubuntu 19 are WIP
    • The images are getting big,  ~7 Gb
  • Presentation for TSC planning meeting
    • Need a definition of "mandatory tests" for Release 3
    • Need to tag release 3.0 by end of April?
  • kubehunter is now integrated
  • Cristina is working on documenting how Bluval can integrated into a Jenkins
    • Ioamkeim will test the instructions after they are done

February 19, 2020

  • The issue with the verify jobs caused by tox dependencies has been fixed upstream
  • The k8s layer container is failing to build, Juha is looking into it
  • The robot test for kubehunter is ready but it's blocked by the k8s container issue
  • A demo was presented to the TSC about the validation work, there were questions on how to integrate it in CI (Cristina needs to document this)
  • The vuls patch has been updated, waiting for review
  • A patch to reorganize the jobs and improve the relationship between them is in review https://gerrit.akraino.org/r/c/ci-management/+/2242

February 12, 2020

  • Demo to TSC+PTLs: let's try tomorrow in the TSC meeting
  • Juha K. is looking in kubehunter and kubestorage
  • Juha K. is evaluating the Vuls patch
  • CI jobs are failing with tox
  • Discussion about closed loop automation
    • Proposal next week
  • CHOMP project to be followed up

January 29, 2020

  • Presentation to TSC
    • Still some bugs remain
    • Goal is now February 4th TSC+PTL meeting
  • Vuls currently only works on Ubuntu, Cristina Pauna and Daniel Stoica are working on supporting CentOS
  • The CHOMP project is interested in using Bluval
    • Deepak Kataria will invite someone from the project to next meeting for a discussion
  • The right way to edit the committer list is to change it after half of committers have approved the change. Let's follow that rule unless the Technical Governance document says something else
  • We will make some proposals to ONES and then figure out later who will present them. At least Cristina Pauna will attend the event

January 22, 2020

  • Missing from Release 3:
    • Redfish tests (fixes exist but not part of a release)
    • Full control loop testing (UI can trigger tests in a lab, jjb in ci-integration is missing)
  • TSC presentation is planned for next week

January 15, 2020

  • The "push logs to Nexus from Jenkins" patch is still under work
  • The new bluval-fe repo is now ready

January 8, 2020

  • Presentation and demo to TSC
    • Want to have the "push logs to Nexus from Jenkins" patch working before presentation
    • Check again next week
  • The new repo was approved on December 19th by the TSC
    • Need a record of the TSC meeting where this was approved
    • Easiest is to have the topic on the agenda again tomorrow
  • Naga is leaving the project by the end of this week
    • Will remain as a contributor with a new email address (INFO.yaml needs to be updated)
  • Security tests (Lynis and Vuls) may not work on ARM, will check this next
  • Discussion about installation logs and UI
    • The Regional Controller is the only "official" (at least for TA) installer, so it only can tell if installation worked
    • Could also enhance deployment logs so that they inform some UI when an installation has worked
  • Community lab is free to use for all!

December 18, 2019

  • New repo request went to wrong place, have tried again
  • Security tests:
    • Lynis - merged
    • Vuls - aim to have it for review this week. It is not support
  • The Jenkins job in CI-Integration is now pushing results from Enea lab to Nexus daily from the LF Jenkins master
  • Release 2.0.1 has been tagged
    • Plan is to automate this in the future so after new tags, the Docker images are created automatically

December 4, 2019

  • Bluval containerization https://gerrit.akraino.org/r/c/validation/+/2089
    • Goal is to make running the tests easier by running Bluval inside a container
    • Cristina will test the patch and make comments
    • The Jenkins job needs to be updated
  • New repo for UI (but only that, needs a new name)
  • Presentation to TSC
    • Currently, pushing the results to LF Nexus does not work with the Jenkins job
    • Should wait until everything is up and running
    • Will check next week whether the presentation can be done on Dec 17 or Dec 19
  • UI launch
    • Lab owners and TSC members can request access to the UI from Ioakim
  • LTP patch https://gerrit.akraino.org/r/c/validation/+/2075
    • Some LTP tests stall which makes the test run very slowly
    • This patch removes some of those tests
    • Can be merged
    • If someone tells that these tests should work, Juha will take another look at the removed tests


November 27, 2019

  • Release 2 update:
    • Images are now in Docker hub
  • There were some changes to LTP, and we discussed whether to add a new tag. The conclusion was to create release 2.0.1, so blueprint projects can run the latest tagged version which has LTP working
  • We discussed the release 3 priorities. The current draft is here.
  • Action items:
    • Cristina to tag release 2.0.1
    • Deepak will think about more tests
    • Ioakim will write a request for a new repo
    • Naga will work on a proposal to refactor the tests

November 13, 2019

Topics:

  • Sonobuyo k8s version and Juha's patch https://gerrit.akraino.org/r/c/validation/+/1933
    • Ok to go forward with this
  • Release tagging?
    • Ok after merging a couple of patches
    • Aiming for Friday
    • "2.0"
  • LTP
    • The test works now but it has not been merged or run in CI
    • Will be included in "2.0" release but did not make it in time for mandatory
  • User Interface
    • AWS instance

November 6, 2019

We had a short meeting today, due to small number of participants. News:

-        We fixed VAL-69, VAL-72, VAL-73, VAL-86

-        The CI jobs that build our containers were failing on arm due to the build server and that issue has been solved. There was another failure in the latest build and I am currently investigating it

-        The CI jobs that run the validation k8s conformance test have not been able to run yet, we’re investigating the issue (VAL-81)

-        A documentation draft for running validation in CI has been put on wiki, but I need to update it so that it’s more generic


October 30, 2019

  • Ken Yi wants to discuss the mandatory security testing requirements
  • Jenkins update https://gerrit.akraino.org/r/c/ci-management/+/1657
    • Initial patch made but had some issues
    • Needs some more testing and documentation
  • We need to check where we are rst. Release 2. Seems like Sonobuyo and Tempest are working fine, LTP and Redfish have issues
    • Redfish tests have upstream bugs → propose to drop
    • LTP testing requires sudo - is this acceptable?
    • LTP is also somewhat broken at the moment
    • Sonobuyo is failing to run on some blueprints
    • WIll prioritize the Rel.2 bugs
  • UI update
  • Bug reports


October 23, 2019

  • Release 2: Redfish update https://gerrit.akraino.org/r/c/validation/+/1781
    • Testing with OpenEdge is ongoing
    • OpenStack integration: copy bluval-rec.yaml to bluval-unicycle.yaml and leave OpenStack tests out from bluval-rec.yaml
  • Add remote session to etcd HA testcases https://gerrit.akraino.org/r/c/validation/+/1793
    • Will be modified to follow the The Principle: Whenever possible, use testing tools on the container to connect to the SUT. When this is not possible, ssh connection to the SUT can be used
    • Indu will fix this so that the kubectl in the container will connect to the SUT using a modified kubeconfig file (replace localhost with real IP address)
  • Fix for LTP: https://gerrit.akraino.org/r/c/validation/+/1752
    Jira
    serverAkraino JIRA
    serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
    keyVAL-66
    • Will build binaries out of the source files and using those for testing
    • The binaries will be copied to the SUT, run, and deleted afterwards
    • The full LTP requires sudo rights which is a security risk. Need to investigate if there is a subset of LTP that can work without special rights
  • Versioning of Bluval code and Docker hub
    • Use tags to mark releases
    • Need separate Jenkins jobs for released/stable version and master
    • The UI project needs separate versioning
    • Could request a new repo for UI?
  • CI jobs: https://gerrit.akraino.org/r/c/ci-management/+/1657
    • Still has a "-1" but getting there
    • Need to create instructions once the patch is merged (AP: Vali)
    • Does not cover uploading the results
  • Logging container: https://gerrit.akraino.org/r/c/validation/+/1767
    • Will be part of service layer
  • NTP and DNS tests
  • UI status update
    • Almost there, but some problems remain

October 16, 2019


October 9, 2019


October 2, 2019


September 25, 2019

  • Plan is to use MySQL and AWS ECS for the Validation UI, Ioakeim will update the LF ticket IT-16700
  • Blueprint Validation pre-requisites were presented in the Akraino Technical Community Call held on 9/19; meeting was recorded
  • Naga is validating ETCD testing which was completed by Indu and will integrate with BluVal
  • Tempest robot test verified on Airship by Indu, Naga is testing integration with BluVal
  • Discussion on OpenStack layer: Tempest and Refstack are complementary. If projects don't support certain features the tests should detect the missing components and skip those tests (we need to test this functionality). As a backup we can also blacklist tests. Indu is working on VAL-51 which was created to test this functionality.
  • LTP tests need root access to run; options are either sudo or create a group with privileges as opposed to using root password. Question if they can be ran without root access; Ioakeim has been assigned VAL-50, and is investigating. One consideration is to create a special group with the right capabilities. This group must be created on every lab.
  • Discussion on security: we need a development guide documentation
  • Discussion on how to handle the situation where the nodes don't have access to internet and we need the test images to be in a local repository inside the cluster
  • A ticket was created for Cristina VAL-53, to create a Container for the Logging and Monitoring Layer

September 18, 2019

  • The UI VM discussion (MariaDB vs MySQL DB): waiting for LF to provide the quotation for MariaDB
  • Discussion on blueprint validation prerequisites (what we request from users with regards to infra and logs)
  • Update from Indu: completed the etcd testing, validated in Airship and REC (ready to merge). Tempest robot test verified on Airship and integrated with bluval
  • Discussion on OpenStack layer: Tempest and Refstack are complementary. If projects don't support certain features the tests should detect the missing components and skip those tests (we need to test this functionality). As a backup we can also blacklist tests.
  • LTP tests need root access to run; options are either sudo or create a group with privileges as opposed to using root password. Question if they can be ran without root access.
  • Discussion on security: we need a development guide documentation
  • Discussion on how to handle the situation where the nodes don't have access to internet and we need the test images to be in a local repository inside the cluster

...

September 11, 2019

  • "Release readiness" updated
  • Discussion about Blueprint family names and Blueprint names - it is best to use the same names that are used in repos
  • The UI VM discussion (MariaDB vs MySQL DB) will continue in https://jira.linuxfoundation.org/servicedesk/customer/portal/2/IT-16700
  • All Blueprints that want to have Maturity review before Akraino Release 2 must complete mandatory tests before Oct 31st

...