Weekly on Wednesdays at 8:00 AM PST / 11:00 AM EST.Join URL
Akraino Edge Stack 1 is inviting you to a scheduled Zoom meeting.
Topic: Blueprint Validation
Time: Sep 23, 2020 03:00 PM Universal Time UTC
Every week on Wed, until Sep 1, 2021, 50 occurrence(s)
Please download and import the following iCalendar (.ics) files to your calendar system.
Weekly: https://zoom.us/meeting/j/459272075uZEkde6qrjwv3tbXTirGL_mMDLePAUznKw/ics?icsToken=98tyKu2tpzktGNSStVztd60tE9r8bPH2lCJaqJtplQ3CLx9eTyfaM9JjB6hxO8-B
Join Zoom Meeting
https://zoom.us/j/459272075?pwd=M3gwQ3JUaTYvZHhrVUpqL0ZzOTBudz09
Meeting ID: 459 272 075
Passcode: 311342
One tap mobile
+13462487799,,459272075# US (Houston)
+16699006833,,459272075# US (San Jose)
Dial by your location
+1 346 248 7799 US (Houston)
+
Dial by your location
+1 669 900 6833 US (San Jose)
+1 253 215 8782 US (Tacoma)
+1 312 626 6799 US (Chicago)
+1 646 558 8656 US (New York)
+1 301 715 8592 US (Germantown)
877 369 0926 US Toll-free
+1 855 880 1246 US Toll-free
Meeting ID: 459272075
Find your local number: https://zoom.us/u/acimKOClJk
Introductory webcast recording
...
855 880 1246 US Toll-free
+1 438 809 7799 Canada
+1 587 328 1099 Canada
+1 647 374 4685 Canada
+1 647 558 0588 Canada
+1 778 907 2071 Canada
+1 204 272 7920 Canada
855 703 8985 Canada Toll-free
Meeting ID: 459 272 075
Find your local number: https://zoom.us/u/alZMq7OBg
Introductory webcast recording
Notes
July 7, 2021
MOM:
- Discussed for EALT-EDGE Blueprint, ELIOT IOTGateway and ELIOT uCPE Blueprint sonobuoy conformance test / results
- Discussion → Sonobuoy will execute properly with K8s minimum 3 Node cluster (1 master + 2 worker nodes)
- Discussion → Sonobuoy support for 1.17.2 → Need to be confirmed by validation team
June 16, 2021
- Agenda:
- Making progress for BluVal to support K8s version v1.18, the patch set is under test
- Need to identify which R5 blueprints support K8s versions v1.19, v1.20
- Further discussed possibility for using multiple BluVal releases to support K8s v1.18, v1.19, v1.20
- Discussed testing compatibility of container run times such as Docker, Containerd, LXC, CRI-O
- Discussed supporting popular combinations first, so majority of BPs can be supported
- Need support for Debian Linux, in R4 we have 3 BPs which support Debian
- Discussed high level approach for integrating Anuket RC2 tests into BluVal using Robot layer
- Tina recommended we should provide an update to TSC meeting on June 17th
- Participants: Tina Tsou Deepak Kataria Thor Chin Sirisha Gopigiri
June 9, 2021
- Agenda:
- Discussed uplift of BluVal to support K8s version v1.18, Sirisha has submitted patch set for review
- Discussed possibility to support multiple BluVal versions to support v1.18, v1.19, v1.20
- Discussed support for Debian Linux
- Discussed Integrating Anuket RC2 tests into BluVal
- Participants: Tina Tsou Deepak Kataria Thor Chin Sirisha Gopigiri, Jason Wen
- Deepak Kataria presented BluVal at LFN Developer & Testing Forum on June 8th
- Presentation Slides, Recording and Meeting Notes are available at the link below
- https://wiki.lfnetworking.org/display/LN/2021-06-08+-+Anuket%3A+Cloud-Native+Full+Stack+Conformance+Validation+Framework
June 2, 2021
- Agenda:
- Discuss uplift of BluVal to support K8s versions higher than v1.16
- Integrate Anuket RC2 tests into BluVal
- Integrate Chaos Tests in BluVal
- Leverage BluVal UI for improved user experience
- Integrate enhancements from security sub-committee
- Participants: Tina Tsou Deepak Kataria Arif Jason
- Deepak Kataria presenting BluVal at LFN Developer & Testing Forum, taking place June 7-10, 2021. Presentation scheduled on June 8th
- What: 2021-06-08 - Anuket: Cloud-Native Full Stack Conformance Validation Framework
When: Tue Jun 8 2021 from 8:00 to 9:00 (Time zone: Eastern Time US & Ca)
Calendar: LFN Events > Virtual Events > Anuket
Who: Deepak Kataria
Meeting Link: https://zoom.us/j/94043909680
Link: https://teamup.com/event/show/id/1TDWxFAH2Xrhr6B7seUCCEW6i9Q5uY
- What: 2021-06-08 - Anuket: Cloud-Native Full Stack Conformance Validation Framework
November 11, 2020
- Agenda:
- Discuss how BluVal can help O-RAN and Akraino Alliance Paul Carver Thor Chin Tina Tsou
- Akraino BluVal Exception Request Srinivasan Selvam
- Participants: Paul Carver Thor Chin Tina TsouSrinivasan Selvam
- ORAN cooperation about BluVal will start from REC BP first and if we have any other BP want to integrate with ORAN we can also support them even if ORAN want to use this.(Because BluVal is also an open source for use )
October 28, 2020
- Agenda:
- Discuss how BluVal can help O-RAN and Akraino Alliance Paul Carver Thor Chin Suzy Gu Jim Xu Hao Xu
- Akraino BluVal Exception Request Hao Xu Yin Ding
- Participants:
October 21, 2020
July 29, 2020
- Reviews, Jiras etc. - same as on July 15th;
- Debugging a bluval issue with the IEC Type 4 Team - turns out there was some YAML formatting issue;
- Proposal: Add a yamllint sanity check for `blueval-<blueprint>` files before actually running bluval, which should help new users figure out if they're running into YAML formatting issues or whether it's an actual bluval traceback (right now bluval throws a pretty cryptic error message with a yaml.safe_load traceback when bluval configuration files have formatting issues, e.g. wrong identation);
July 22, 2020
- Reviews, Jiras etc. - same as on July 15th;
- No participants, the usual participants being all on vacation currently;
July 15, 2020
- Reviews:
- Jiras:
is ongoingJira server Akraino JIRA serverId 604c99be-f414-323d-84e4-c9d70fa2bcdf key VAL-119
- Tina Tsou mentioned that the Bluval User Guide is not very friendly towards new users who haven't previously worked with LF infrastructure - particularly the LF specific terms could use a little more background (e.g. jumpserver, SUT etc.);
- we agreed to open a new JIRA ticket for improving the Bluval User Guide with the used terminology / abbreviations;
July 8, 2020
- Reviews:
- Jiras:
is ongoingJira server Akraino JIRA serverId 604c99be-f414-323d-84e4-c9d70fa2bcdf key VAL-119
- Cynthia Billovits is working with upstream developers - they said they fixed the issue we reported, but it turns out it still needs more work - we're waiting on them to get back to us hopefully later today.
July 1, 2020
- Tapio Tallgren will be on holiday for next four weeks; Alex will host the meeting for the first two weeks
- Action: Get Zoom rights to Alexandru Avadanii
- Jiras:
is mergedJira server Akraino JIRA serverId 604c99be-f414-323d-84e4-c9d70fa2bcdf key VAL-117
is ongoingJira server Akraino JIRA serverId 604c99be-f414-323d-84e4-c9d70fa2bcdf key VAL-119
June 24, 2020
- CentOS 8 is not supported in Bluval. We had a discussion about this topic last time and agreed that this should be documented somewhere
is for CentOS 8 supportJira server Akraino JIRA serverId 604c99be-f414-323d-84e4-c9d70fa2bcdf key VAL-117
is for the documentation issueJira server Akraino JIRA serverId 604c99be-f414-323d-84e4-c9d70fa2bcdf key VAL-119
- Bluval debugging capabilities can still be improved. Ideas from last time:
- Enable debugging with a single flag in variables.yaml
Jira server Akraino JIRA serverId 604c99be-f414-323d-84e4-c9d70fa2bcdf key VAL-120 - Add "test" test cases which will validate that e.g the ssh connection works. This is often the first problem users have
Jira server Akraino JIRA serverId 604c99be-f414-323d-84e4-c9d70fa2bcdf key VAL-121
- Enable debugging with a single flag in variables.yaml
June 10, 2020
- Reviews:
- 3556: Enable mandatory tests for REC
- 3550: Use docker host network for containers
- 3558: Support password ssh auth for all robot tests
- 3561: Add a new variable Robot loglevel
- 3562: Remove inactive committers
- Lynis/Vuls automation
- Debugging support: new very simple test cases like
- Ping to host
- Ssh access to SUT
- Volume mount
June 3, 2020
- Review:
- https://gerrit.akraino.org/r/c/validation/+/3543/1/tests/os/vuls/vuls.robot#87 - could add a global "debug" flag, that would be easier to use
- New wiki page for debugging
- Add comment about bluval.py vs. bluval.sh
- Tickets:
- Followup on Vuls and Lynis automation: ongoing
- Followup on Redfish testing: password issue is now fixed, waiting for release. Power cycle issue is being worked on
May 13, 2020
- Reviews:
- https://gerrit.akraino.org/r/c/validation/+/3398 is now merged
- Daniel is working on https://gerrit.akraino.org/r/c/validation/+/3421 Fix ssh cleanup issue for vuls test and https://gerrit.akraino.org/r/c/validation/+/3432 Fix blucon.py argument issue
- https://gerrit.akraino.org/r/c/validation/+/3370 Add ICN Bluval support needs to be reviewed and merged
- Jiras:
has now an upstream ticket: https://github.com/DMTF/Redfish-Usecase-Checkers/issues/39Jira server Akraino JIRA serverId 604c99be-f414-323d-84e4-c9d70fa2bcdf key VAL-113
is a new oneJira server Akraino JIRA serverId 604c99be-f414-323d-84e4-c9d70fa2bcdf key VAL-115
May 06, 2020
- Reviews:
- https://gerrit.akraino.org/r/c/validation/+/3398 bluval-eliot.yaml added for ELIOT BP
- https://gerrit.akraino.org/r/c/validation/+/3395 Support password-based ssh auth
- Jira tickets:
- Kuralamudhan Ramakrishnan / Igor Duarte Cardoso Issue related conformance testing via a Jenkins job
- There could be an old Docker image
- Need to make sure that there is bluval-icn.yaml
- VAL-114 Sonobuyo fails in AWS with Network Cloud BP
- VAL-113 Redfish-Usecase-Checkers uses a weak password
- Kuralamudhan Ramakrishnan / Igor Duarte Cardoso Issue related conformance testing via a Jenkins job
- Update from security committee:
- Lynis and kube-hunter draft mandatory test lists are ready, will be uploaded to wiki
April 29, 2020
- New code
- Open issues
- Redfish - ongoing
- Network cloud
- Update from security group
- Lynis will have a list of mandatory tests, and this will be the pass/fail criteria
- Remind PTLs to register the labs
April 22, 2020
- Update from security group
- Lynis: Some of the tests have points attaches to them and some do not
- The points can be used to create some kind of metric
- Will try to create a list of acceptable and non-acceptable failures
- Kube-hunter is being studied
- Two Jira tickets to be created:
- k8s conformance is mysteriously failing (from Srinivasan Selvam)
- KNI validation jobs are not running
April 15, 2020 (recording)
- Security group update
- For Vuls and other tests that use CVE tagging:
- High and medium vulnerabilities are mandatory, so the test fails if any of those fails
- If the vulnerabilities cannot be fixed, they must be handled as exceptions and documented
- The exceptions could have time limits
- For Lynis: gives a hardening index but it is difficult to use that
- There could be low bar and any test score below it should just fail
- Any test score above a high bar should pass
- Test scores between the low and high would need to be analyzed
- The high score could be the same as passing all high and medium priority tests
- Kube-hunter: work in progress
- For Vuls and other tests that use CVE tagging:
- https://gerrit.akraino.org/r/c/ci-management/+/3356
- https://gerrit.akraino.org/r/c/ci-management/+/3358
- Tagging 3.0
April 8, 2020
- Security group update: they now want examples of "Lynis, Vuls, or Sonar Cloud"
- Daniel will provide
- https://gerrit.akraino.org/r/c/validation/+/3343
- https://gerrit.akraino.org/r/c/validation/+/3340
- Tagging 3.0 awaits this patch
- Documentation review
- Test plan
April 1, 2020
- Presentation now done, another coming
- Clarification: Redfish only has Use Case testing (which is what is packaged in Bluval)
- What should kubehunter return?
- Robot has some third alternative between "pass" and "fail", Juha will investigate
- If a security tool finds vulnerabilities, it could be pass since the requirement is to run the tests but this could imply that there is nothing to investigate
- The vulnerabilities could be harmless in the end, so fail would also be misleading
- Later on, there can be a whitelist of "harmless" warnings
- Tagging Release 3.0
- Can be done after the changes to security tests
- Cristina will do the tagging
- Status
- Patches for CI integration have been merged
- Vuls fails when run after other tests; Daniel is investigating
- Juha will send the kubehunter sample report to security@lists.akraino.org
...