Weekly on Wednesdays at 8:00 AM PST / 11:00 AM EST.Join URL
Akraino Edge Stack 1 is inviting you to a scheduled Zoom meeting.
Topic: Blueprint Validation
Time: Sep 23, 2020 03:00 PM Universal Time UTC
Every week on Wed, until Sep 1, 2021, 50 occurrence(s)
Please download and import the following iCalendar (.ics) files to your calendar system.
Weekly: https://zoom.us/j/459272075meeting/uZEkde6qrjwv3tbXTirGL_mMDLePAUznKw/ics?icsToken=98tyKu2tpzktGNSStVztd60tE9r8bPH2lCJaqJtplQ3CLx9eTyfaM9JjB6hxO8-B
Join Zoom Meeting
https://zoom.us/j/459272075?pwd=M3gwQ3JUaTYvZHhrVUpqL0ZzOTBudz09
Meeting ID: 459 272 075
Passcode: 311342
One tap mobile
+13462487799,,459272075# US (Houston)
+16699006833,,459272075# US (San Jose)
Dial by your location
+1 346 248 7799 US (Houston)
Dial by your location
+1 669 900 6833 US (San Jose)
+1 253 215 8782 US (Tacoma)
+1 312 626 6799 US (Chicago)
+1 646 558 8656 US (New York)
+1 877 369 0926 US 301 715 8592 US (Germantown)
877 369 0926 US Toll-free
+1 855 880 1246 US Toll-free
+1 438 809 7799 Canada
+1 587 328 1099 Canada
+1 647 374 4685 Canada
+1 647 558 0588 Canada
+1 778 907 2071 Canada
+1 204 272 7920 Canada
855 703 8985 Canada Toll-free
Meeting ID: 459272075459 272 075
Find your local number: https://zoom.us/u/acimKOClJkalZMq7OBg
Introductory webcast recording
Notes
July 7, 2021
MOM:
- Discussed for EALT-EDGE Blueprint, ELIOT IOTGateway and ELIOT uCPE Blueprint sonobuoy conformance test / results
- Discussion → Sonobuoy will execute properly with K8s minimum 3 Node cluster (1 master + 2 worker nodes)
- Discussion → Sonobuoy support for 1.17.2 → Need to be confirmed by validation team
June 16, 2021
- Agenda:
- Making progress for BluVal to support K8s version v1.18, the patch set is under test
- Need to identify which R5 blueprints support K8s versions v1.19, v1.20
- Further discussed possibility for using multiple BluVal releases to support K8s v1.18, v1.19, v1.20
- Discussed testing compatibility of container run times such as Docker, Containerd, LXC, CRI-O
- Discussed supporting popular combinations first, so majority of BPs can be supported
- Need support for Debian Linux, in R4 we have 3 BPs which support Debian
- Discussed high level approach for integrating Anuket RC2 tests into BluVal using Robot layer
- Tina recommended we should provide an update to TSC meeting on June 17th
- Participants: Tina Tsou Deepak Kataria Thor Chin Sirisha Gopigiri
June 9, 2021
- Agenda:
- Discussed uplift of BluVal to support K8s version v1.18, Sirisha has submitted patch set for review
- Discussed possibility to support multiple BluVal versions to support v1.18, v1.19, v1.20
- Discussed support for Debian Linux
- Discussed Integrating Anuket RC2 tests into BluVal
- Participants: Tina Tsou Deepak Kataria Thor Chin Sirisha Gopigiri, Jason Wen
- Deepak Kataria presented BluVal at LFN Developer & Testing Forum on June 8th
June 2, 2021
- Agenda:
- Discuss uplift of BluVal to support K8s versions higher than v1.16
- Integrate Anuket RC2 tests into BluVal
- Integrate Chaos Tests in BluVal
- Leverage BluVal UI for improved user experience
- Integrate enhancements from security sub-committee
- Participants: Tina Tsou Deepak Kataria Arif Jason
- Deepak Kataria presenting BluVal at LFN Developer & Testing Forum, taking place June 7-10, 2021. Presentation scheduled on June 8th
November 11, 2020
- Agenda:
- Participants: Paul Carver Thor Chin Tina TsouSrinivasan Selvam
ELIOT IotGateway Blueprint, ELIOT uCPE Blueprint, EALT-EDGE Blueprint due to the K8s conformance testing cannot support v1.17, these exceptions are accepted.
- ORAN cooperation about BluVal will start from REC BP first and if we have any other BP want to integrate with ORAN we can also support them even if ORAN want to use this.(Because BluVal is also an open source for use )
October 28, 2020
- Agenda:
- Participants:
Akraino BluVal Exception Request is added.
October 21, 2020
July 29, 2020
- Reviews, Jiras etc. - same as on July 15th;
- Debugging a bluval issue with the IEC Type 4 Team - turns out there was some YAML formatting issue;
- Proposal: Add a yamllint sanity check for `blueval-<blueprint>` files before actually running bluval, which should help new users figure out if they're running into YAML formatting issues or whether it's an actual bluval traceback (right now bluval throws a pretty cryptic error message with a yaml.safe_load traceback when bluval configuration files have formatting issues, e.g. wrong identation);
July 22, 2020
- Reviews, Jiras etc. - same as on July 15th;
- No participants, the usual participants being all on vacation currently;
July 15, 2020
- Reviews:
- 3601 pending peer review
- 3604 pending peer review
- Jiras:
Jira |
---|
server | Akraino JIRA |
---|
serverId | 604c99be-f414-323d-84e4-c9d70fa2bcdf |
---|
key | VAL-119 |
---|
|
is ongoing
- Tina Tsou mentioned that the Bluval User Guide is not very friendly towards new users who haven't previously worked with LF infrastructure - particularly the LF specific terms could use a little more background (e.g. jumpserver, SUT etc.);
- we agreed to open a new JIRA ticket for improving the Bluval User Guide with the used terminology / abbreviations;
July 8, 2020
- Reviews:
- 3601 pending peer review
- 3604 pending peer review
- Jiras:
Jira |
---|
server | Akraino JIRA |
---|
serverId | 604c99be-f414-323d-84e4-c9d70fa2bcdf |
---|
key | VAL-119 |
---|
|
is ongoing
- Cynthia Billovits is working with upstream developers - they said they fixed the issue we reported, but it turns out it still needs more work - we're waiting on them to get back to us hopefully later today.
July 1, 2020
- Tapio Tallgren will be on holiday for next four weeks; Alex will host the meeting for the first two weeks
- Jiras:
Jira |
---|
server | Akraino JIRA |
---|
serverId | 604c99be-f414-323d-84e4-c9d70fa2bcdf |
---|
key | VAL-117 |
---|
|
is merged Jira |
---|
server | Akraino JIRA |
---|
serverId | 604c99be-f414-323d-84e4-c9d70fa2bcdf |
---|
key | VAL-119 |
---|
|
is ongoing
June 24, 2020
- CentOS 8 is not supported in Bluval. We had a discussion about this topic last time and agreed that this should be documented somewhere
Jira |
---|
server | Akraino JIRA |
---|
serverId | 604c99be-f414-323d-84e4-c9d70fa2bcdf |
---|
key | VAL-117 |
---|
|
is for CentOS 8 support Jira |
---|
server | Akraino JIRA |
---|
serverId | 604c99be-f414-323d-84e4-c9d70fa2bcdf |
---|
key | VAL-119 |
---|
|
is for the documentation issue
- Bluval debugging capabilities can still be improved. Ideas from last time:
- Enable debugging with a single flag in variables.yaml
Jira |
---|
server | Akraino JIRA |
---|
serverId | 604c99be-f414-323d-84e4-c9d70fa2bcdf |
---|
key | VAL-120 |
---|
|
- Add "test" test cases which will validate that e.g the ssh connection works. This is often the first problem users have
Jira |
---|
server | Akraino JIRA |
---|
serverId | 604c99be-f414-323d-84e4-c9d70fa2bcdf |
---|
key | VAL-121 |
---|
|
June 10, 2020
June 3, 2020
- Review:
- New wiki page for debugging
- Add comment about bluval.py vs. bluval.sh
- Tickets:
- Followup on Vuls and Lynis automation: ongoing
- Followup on Redfish testing: password issue is now fixed, waiting for release. Power cycle issue is being worked on
May 13, 2020
May 06, 2020
- Reviews:
- Jira tickets:
- Kuralamudhan Ramakrishnan / Igor Duarte Cardoso Issue related conformance testing via a Jenkins job
- There could be an old Docker image
- Need to make sure that there is bluval-icn.yaml
- VAL-114 Sonobuyo fails in AWS with Network Cloud BP
- VAL-113 Redfish-Usecase-Checkers uses a weak password
- Update from security committee:
- Lynis and kube-hunter draft mandatory test lists are ready, will be uploaded to wiki
April 29, 2020
- New code
- Open issues
- Redfish - ongoing
- Network cloud
- Update from security group
- Lynis will have a list of mandatory tests, and this will be the pass/fail criteria
- Remind PTLs to register the labs
April 22, 2020
- Update from security group
- Lynis: Some of the tests have points attaches to them and some do not
- The points can be used to create some kind of metric
- Will try to create a list of acceptable and non-acceptable failures
- Kube-hunter is being studied
- Two Jira tickets to be created:
- k8s conformance is mysteriously failing (from Srinivasan Selvam)
- KNI validation jobs are not running
- Security group update
- For Vuls and other tests that use CVE tagging:
- High and medium vulnerabilities are mandatory, so the test fails if any of those fails
- If the vulnerabilities cannot be fixed, they must be handled as exceptions and documented
- The exceptions could have time limits
- For Lynis: gives a hardening index but it is difficult to use that
- There could be low bar and any test score below it should just fail
- Any test score above a high bar should pass
- Test scores between the low and high would need to be analyzed
- The high score could be the same as passing all high and medium priority tests
- Kube-hunter: work in progress
- https://gerrit.akraino.org/r/c/ci-management/+/3356
- https://gerrit.akraino.org/r/c/ci-management/+/3358
- Tagging 3.0
April 8, 2020
- Security group update: they now want examples of "Lynis, Vuls, or Sonar Cloud"
- https://gerrit.akraino.org/r/c/validation/+/3343
- https://gerrit.akraino.org/r/c/validation/+/3340
- Tagging 3.0 awaits this patch
- Documentation review
April 1, 2020
- Presentation now done, another coming
- Clarification: Redfish only has Use Case testing (which is what is packaged in Bluval)
- What should kubehunter return?
- Robot has some third alternative between "pass" and "fail", Juha will investigate
- If a security tool finds vulnerabilities, it could be pass since the requirement is to run the tests but this could imply that there is nothing to investigate
- The vulnerabilities could be harmless in the end, so fail would also be misleading
- Later on, there can be a whitelist of "harmless" warnings
- Tagging Release 3.0
- Can be done after the changes to security tests
- Cristina will do the tagging
- Status
- Patches for CI integration have been merged
- Vuls fails when run after other tests; Daniel is investigating
- Juha will send the kubehunter sample report to security@lists.akraino.org
March 25, 2020
- Presentation to TSC
- Vuls and lynis on CI: https://gerrit.akraino.org/r/c/validation/+/3306
- Discussion with Security Committee:
- Interpreting the results from the vulnerability tests will require understanding how the project is used
- Thus, the evaluation must be done together with the project PTL
- The Security Committee requested a sample document from the tests
- Presentation to Akraino TSC+PTLs next week Tuesday:
- Start with the list of mandatory tests (Tapio)
- Show hands-on how to run the tests (Juha)
- Show how to run the tests in CI and copy the results (Cristina?)
- Show the results in UI (Ioakeim?)
March 18, 2020
- Updates from Tapio:
- The mandatory tests presentation was approved by TSC
- I asked the Security team for input but got nothing this far
- I have not received any comments from Blueprints
- There is one Blueprint (Network Cloud) that is using OpenStack so we will keep Tempest in
- There can be some tests coming from the O-RAN community
- No progress on UI full control loop
- KPI project might bring in some performance testing
- Juha will update the tempest tests
- Daniel is working on integrating the security tests in CI
March 11, 2020
- We discussed the proposal for mandatory tests for Release 3:
View file |
---|
name | Mandatory tests for Akraino Release 3.pdf |
---|
height | 250 |
---|
|
March 4, 2020
- Vuls improvements
- Ubuntu 18 is now running on ARM
- CentOS also seems to work
- The size is now 1.5 Gb, mainly due to (a) compressing the database and (b) doing a multi-stage build
- Jenkins documentation: Running bluval in CI
- Updates from TSC meeting:
- Bluval will be mandatory for all projects
- New project proposal: Kontour (KPI)
- CNTT/CNF-conformance?
February 26, 2020
- Vuls is integrated for Ubuntu 16
- CentOS and Ubuntu 19 are WIP
- The images are getting big, ~7 Gb
- Presentation for TSC planning meeting
- Need a definition of "mandatory tests" for Release 3
- Need to tag release 3.0 by end of April?
- kubehunter is now integrated
- Cristina is working on documenting how Bluval can integrated into a Jenkins
- Ioamkeim will test the instructions after they are done
February 19, 2020
- The issue with the verify jobs caused by tox dependencies has been fixed upstream
- The k8s layer container is failing to build, Juha is looking into it
- The robot test for kubehunter is ready but it's blocked by the k8s container issue
- A demo was presented to the TSC about the validation work, there were questions on how to integrate it in CI (Cristina needs to document this)
- The vuls patch has been updated, waiting for review
- A patch to reorganize the jobs and improve the relationship between them is in review https://gerrit.akraino.org/r/c/ci-management/+/2242
February 12, 2020
- Demo to TSC+PTLs: let's try tomorrow in the TSC meeting
- Juha K. is looking in kubehunter and kubestorage
- Juha K. is evaluating the Vuls patch
- CI jobs are failing with tox
- Discussion about closed loop automation
- CHOMP project to be followed up
January 29, 2020
- Presentation to TSC
- Still some bugs remain
- Goal is now February 4th TSC+PTL meeting
- Vuls currently only works on Ubuntu, Cristina Pauna and Daniel Stoica are working on supporting CentOS
- The CHOMP project is interested in using Bluval
- Deepak Kataria will invite someone from the project to next meeting for a discussion
- The right way to edit the committer list is to change it after half of committers have approved the change. Let's follow that rule unless the Technical Governance document says something else
- We will make some proposals to ONES and then figure out later who will present them. At least Cristina Pauna will attend the event
January 22, 2020
- Missing from Release 3:
- Redfish tests (fixes exist but not part of a release)
- Full control loop testing (UI can trigger tests in a lab, jjb in ci-integration is missing)
- TSC presentation is planned for next week
...