Page History

...

No.	Project Name	TSC Subgroup Release Status	Is this your first release	Going for Maturity Review?	CD Logs URL to be used for review (Column filled in by PTLs)	Link to executive one pager (editable doc format) (Column filled in by PTLs)	API Info Reporting Info Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info template)	BluVal Certification	Security Certification Provide link to Vuls, Lynis, and Kube-Hunter logs below. Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: https://wiki.akraino.org/display/AK/Akraino+CVE+Vulnerability+Exception+Request	Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to Release Upstream Compliance to find details)	Date ready for TSC review (Column filled in by PTLs)	TSC Review Date (Column filled in by TSC)
1	Connected Vehicle Blueprint Thor Chin Tao Wang	scheduled at TSC 2020-12-01 (Tues) 7 am Pacific	N	Y	https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/cvb/	CVB_Akraino_R4_blueprint_Datasheet		https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/cvb/	https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/cvb/ 01 Dec 2020 Vuls: Accepted with exceptions show at: Release 4 Vuls Exception Request 01 Dec 2020 Lynis: Failed - errors sent to BP owner Kube-Hunter: Exception granted: K8s not used by this BP.	Yes	12/01
2	IEC Type 4: AR/VR oriented Edge Stack for Integrated Edge Cloud (IEC) Blueprint Family Bart Dong Thor Chin	scheduled at TSC 2020-12-01 (Tues) 7 am Pacific	N	Y	https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/iec-type4/	IEC-Type4 Release 4 datasheet.docx		https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/iec-type4/	https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/iec-type4/ 01 Dec 2020 Vuls: Failed - errors sent to BP owner 01 Dec 2020 Lynis: Failed - errors sent to BP owner Kube-Hunter: Exception granted: K8s not used by this BP.	Yes	12/01
3	Radio Edge Cloud (REC) Paul Carver	Scheduled at Release 4 Review 2020-12-01 (Tues) 7 am Pacific	N	Mature	https://nexus.akraino.org/content/sites/logs/att/job/Install_REC_on_OpenEdge1/ https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/rec-aarch64_baremetal-install-rec-weekly-master/	REC_Akraino R4 blueprint Datasheet.docx	Received. Accepted	https://nexus.akraino.org/content/sites/logs/att/job/Bluval_Logs/results-11-27-2020.tar	https://nexus.akraino.org/content/sites/logs/att/job/Bluval_Logs/results-11-27-2020.tar 02 Dec 2020 Vuls: Accepted with exceptions show at: Release 4 Vuls Exception Request 02 Dec 2020 Lynis: - errors sent to BP owner Kube-Hunter: Does not appear to have run correctly - question sent to BP owner
4	ICN - Integrated Cloud-Native Family Kuralamudhan Ramakrishnan	Scheduled at Release 4 Review 2020-12-16 (Wed) 7 am Pacific	N	N	ICN Master Baremetal Deployment Verifier ICN Master Virtual Deployment Verifier ICN SDEWAN Master End2End Testing	ICN_ MICN_Akraino_R4_blueprint_Datasheet.docx	Received Accepted	https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master/20201210-010310/.	https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master/20201210-010310/ ICN R4 Test Document#BluValTesting Vuls: Accepted with exceptions show at: Release 4 Vuls Exception os/lynis: USB-2000: ICN contributor whitelisted HID keyboard and mouse. Without this, we lose keyboard and mouse access through the BMC console, and the means to access the node without physically visiting the lab. SSH-7408, MaxSessions and Port: ICN contributor left these at 10 and 2222 respectively to allow Lynis to run. Lynis: Accepted with exceptions show at: Release 4 Lynis Exceptions KRNL-6000, net.ipv4.conf.all.forwarding: ICN contributor left this enabled following other discussions on security list email about the requirement by Kubernetes. k8s/conformance: Sonobuoy v0.16.1 does not support Kubernetes 1.18.9. ICN PTL reported this on https://wiki.akraino.org/display/AK/Akraino+BluVal+Exception+Request k8s/kube-Hunter: The logs show the run with the aquasec/kube-hunter:edge image to fix the CAP_NET_RAW inside a pod issue	Yes	12/10	12/16
5	ELIOT IoT Gateway Blueprint khemendra kumar	scheduled at TSC 2020-12-15 (Tues) 7 am Pacific	N	N	https://nexus.akraino.org/content/sites/logs/huawei/blueprints/iotgateway/job/eliot-iotgateway-deploy-k8s-virtual-daily-master/649/			https://nexus.akraino.org/content/sites/logs/huawei/blueprints/iotgateway/job/eliot-iotgateway-bluval-virtual-daily-master/11/results/ vuls exceptions Akraino CVE Vulnerability Exception Request Akraino BluVal Exception Request	07 Dec 2020 Vuls: Accepted with exceptions show at: Release 4 Vuls Exception Lynis: Failed - For the following test for installed compilers, this issue MUST be fixed: Performing test ID HRDN-7220 (Check if one or more compilers are installed) Release 4 Lynis Exceptions Kube-Hunter: Accepted with exceptions show at: Release 4 Kube-Hunter Exceptions		12/08
6	ELIOT SD-WAN/WAN Edge/uCPE Blueprint khemendra kumar	scheduled at TSC 2020-12-15 (Tues) 7 am Pacific	N	N	https://nexus.akraino.org/content/sites/logs/huawei/blueprints/uCPE/job/eliot-uCPE-deploy-k8s-centos-virtual-daily-master/534/			https://nexus.akraino.org/content/sites/logs/huawei/blueprints/uCPE/job/eliot-uCPE-deploy-k8s-centos-virtual-daily-master/535/results/ vuls exceptions Akraino CVE Vulnerability Exception Request Akraino BluVal Exception Request	07 Dec 2020 Vuls: Accepted with exceptions show at: Release 4 Vuls Exception Lynis: Failed ISSUES that MUST be fixed or a more specific exception reason needs to be provided: sysctl key kernel.dmesg_restrict contains equal expected and current value (1) ## Restrict unprivileged access to kernel syslog For the following test for installed compilers, this issue MUST be fixed: Performing test ID HRDN-7220 (Check if one or more compilers are installed) Release 4 Lynis Exceptions Kube-Hunter: Accepted with exceptions show at: Release 4 Kube-Hunter Exceptions	Yes	12/08
7	Network Cloud and TF Integration Project Sukhdev Kapur	Scheduled at Release 4 Review 2020-12-09 (Wed) 7:30am	N	Not Applicable	https://nexus.akraino.org/content/sites/logs/juniper/job/NC-Tungsten_Fabric/40/	NetworkCloud-TF blueprint Datasheet.docx	Uploaded	Y	https://nexus.akraino.org/content/sites/logs/juniper/validation/ 09 Dec 2020 Vuls: Need to provide vuls.log 09 Dec 2020 Lynis: ISSUES that MUST be fixed or a more specific exception reason needs to be provided: Performing test ID BOOT-5122 (Check for GRUB boot password) Test: Checking PASS_MAX_DAYS option in /etc/login.defs Performing test ID AUTH-9328 (Default umask values) Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups) sysctl key fs.suid_dumpable contains equal expected and current value (0) sysctl key kernel.dmesg_restrict contains equal expected and current value (1) Test: Check if one or more compilers can be found on the system Following compilers found: Found known binary: as (compiler) - /usr/bin/as Found known binary: cc (compiler) - /usr/bin/cc Found known binary: gcc (compiler) - /usr/bin/gcc 09 Dec 2020 Kube-Hunter: In review Sukhdev Kapur has requested that the Release 3 exceptions be provided for Release 4	Y	12/09	12/09
8	KNI Provider access edge Ricardo Noriega	Scheduled at TSC 2020-12-17 (Thurs) 7 am Pacific	N	N	AWS footprint: https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-pae-verify-deploy-aws/81/ GCP footprint: https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-pae-verify-deploy-gcp/51/	Akraino R4 blueprint Datasheet_ KNI PAE.odt	Received Accepted	N [ Not passing as blueprint is based on OKD, not Kubernetes. So we run our own validation suite - https://logs.akraino.org/redhat-kni/bluval_results/blueprint-pae/20200505-104443/out.log ]			12/09	12/09
9	KNI Industrial Edge Ricardo Noriega	Scheduled at TSC 2020-12-17 (Thurs) 7 am Pacific	Y	N	Mgmt Hub logs: https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-management-hub-verify-deploy-gcp/9/ IE logs: https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-ie-verify-deploy-gcp/2/	Akraino R4 blueprint Datasheet_ KNI IE.odt	Received Accepted
10	Micro-MEC		Y	N	https://nexus.akraino.org/content/sites/logs/micromec	Akraino R3 MicroMEC blueprint datasheet.docx	Received	N/A
11	The AI Edge: School/Education Video Security Monitoring Hechun Zhang	Scheduled at TSC 2020-11-24 (Tues) 7 am Pacific	N	Y	https://nexus.akraino.org/content/sites/logs/baidu/job/aiedge-otestack-master-deploy/ https://nexus.akraino.org/content/sites/logs/baidu/job/aiedge-otestack-master-validation/	AIEdge_Akraino R4 blueprint Datasheet.docx		N/A			06/02
12	The AI Edge: Intelligent Vehicle-Infrastructure Cooperation System(I-VICS) Hechun Zhang		Y	N
13	5G MEC/Slice System to Support Cloud Gaming, HD Video and Live Broadcasting Blueprint Feng Yang		Y	N	https://nexus.akraino.org/content/sites/logs/tencent/job/5g-mec-cloud-gaming-CD/15/ https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/5g-mec-cloud-gaming-master-verify/	5G MEC Rel 3 Datasheet	Received	N/A			06/03
14	IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint Family hanyu ding	Scheduled at TSC 2021-1-14 (Thurs) 7 am Pacific	N	N	https://nexus.akraino.org/content/sites/logs/ampere/job/akraino_arm_anbox_test/6/						01/15
15	IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family yihui wang	Scheduled at TSC 2020-12-10 (Thurs) 7 am Pacific	N	N	https://nexus.akraino.org/content/sites/logs/bytedance/job/run-install-bluefield-fs/ https://nexus.akraino.org/content/sites/logs/bytedance/job/run-install-ovs-dpdk/	IEC Release3-SmartNIC datasheet.docx		NA (First Release)		Release document is still for R3	06/04
16	Enterprise Applications on Lightweight 5G Telco Edge Gaurav Agrawal	scheduled at TSC 2020-12-10(Thurs) 7 am Pacific	N	N	https://nexus.akraino.org/content/sites/logs/huawei/blueprints/ealt-edge/ job/ealt-edge-deploy-virtual-daily-master/397	Akraino R4 blueprint Datasheet_EALTEdge.docx	Received; Accepted	https://nexus.akraino.org/content/sites/logs/huawei/blueprints/ealt-edge/job/ealt-edge-bluval-daily-master/237/results/ updated results link - 09-dec Vuls Exception Akraino CVE Vulnerability Exception Request Akraino BluVal Exception Request	https://nexus.akraino.org/content/sites/logs/huawei/blueprints/ealt-edge/job/ealt-edge-bluval-daily-master/237/results/ Akraino CVE Vulnerability Exception Request 08 Dec 2020 Vuls: Accepted with exceptions show at: Release 4 Vuls Exception Request Lynis: Failed For the following issue MUST be fixed for Incubation: Performing test ID BOOT-5122 (Check for GRUB boot password) The following issues SHOULD be fixed for incubation, and MUST be fixed for MATURITY, if not fixed exceptions must be requested: Performing test ID AUTH-9229 (Check password hashing methods) Performing test ID USB-2000 (Check USB authorizations) Test: Checking MaxSessions Test: Checking Port sysctl key kernel.core_uses_pid contains equal expected and current value (1) sysctl key kernel.kptr_restrict has a different value than expected in scan profile. Expected=2, Real=0 sysctl key kernel.sysrq has a different value than expected in scan profile. Expected=0, Real=16 sysctl key net.ipv4.conf.all.forwarding has a different value than expected in scan profile. Expected=0, Real=1 sysctl key net.ipv4.conf.all.log_martians contains equal expected and current value (1) sysctl key net.ipv4.conf.all.send_redirects contains equal expected and current value (0) sysctl key net.ipv4.conf.default.accept_redirects contains equal expected and current value (0) sysctl key net.ipv4.conf.default.log_martians contains equal expected and current value (1) sysctl key net.ipv6.conf.all.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1 sysctl key net.ipv6.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1 Kube-Hunter: Accepted with exceptions show at: Release 4 Kube-Hunter Exceptions updated results link - 09-dec	Yes	12/10
17	Public Cloud Edge Interface (PCEI) Blueprint Oleg Berzin		Y		https://nexus.akraino.org/content/sites/logs/cmti/job/pcei-daily/	PCEI Release 3 Datasheet		N/A			11/19
18	The AI Edge: Federated ML application at edge Julie Han	Scheduled at TSC 2020-12-08 (Tues) 7 am Pacific	Y	N	https://nexus.akraino.org/content/sites/logs/webank/job/	Federated ML application at edge R4 Datasheet	Received Accepted	N/A	https://nexus.akraino.org/content/sites/logs/webank/job/FL_SCAN/results/ https://nexus.akraino.org/content/sites/logs/webank/job/FL_SCAN/lynis_fixed/ 08 Dec 2020 Vuls: Accepted with exceptions show at: Release 4 Vuls Exception Request 09 Dec 2020 Lynis: Failed - errors sent to BP owner Compilers must be removed. Found known binary: g++ (compiler) - /usr/bin/g++ Kube-Hunter: Exception granted: K8s not used by this BP.	Yes	12/08
19	KubeEdge Edge Service Blueprint Yin Ding	Scheduled at Release 4 Review 2020-11-17 (Tue) 7 am Pacific	Y	N	https://nexus.akraino.org/content/sites/logs/futurewei/kubeedgees/		Received; Accepted.	Yes https://nexus.akraino.org/content/sites/logs/futurewei/kubeedgees/58/results/ Akraino BluVal Exception Request	18 Nov 2020 Vuls: Accepted with exceptions show at: Release 4 Vuls Exception Request 20 Nov 2020 Lynis: Accepted Kube-Hunter: Exception granted: KubeEdge node is not on same subnet as the cloud node. Communication occurs through the websocket endpoint, so kube-hunter can't be used.	Yes	11/17
20	Private LTE/5G ICN Blueprint Prem Sankar G		Y
21	IoT Workloads at the Smart Device Edge - Predictive Maintenance (with a Thermal Imaging Camera, vibration sensors, etc.) V S Aaron Williams	Scheduled at Release 4 Review 2020-12-09	Y	N		Predictive_maintenance_Akraino.docx	Received				12/09

...

Space shortcuts

Page tree

Versions Compared

Old Version 159

New Version 160

Key