Versions Compared

Old Version 72

changes.mady.by.user Tapio Tallgren

Saved on

compared with

New Version Current

changes.mady.by.user Srinivasan Selvam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Weekly on Wednesdays at 8:00 AM PST / 11:00 AM EST.Join URL


Akraino Edge Stack 1 is inviting you to a scheduled Zoom meeting.

Topic: Blueprint Validation
Time: Sep 23, 2020 03:00 PM Universal Time UTC
Every week on Wed, until Sep 1, 2021, 50 occurrence(s)

Please download and import the following iCalendar (.ics) files to your calendar system.
Weekly: https://zoom.us/j/459272075meeting/uZEkde6qrjwv3tbXTirGL_mMDLePAUznKw/ics?icsToken=98tyKu2tpzktGNSStVztd60tE9r8bPH2lCJaqJtplQ3CLx9eTyfaM9JjB6hxO8-B

Join Zoom Meeting
https://zoom.us/j/459272075?pwd=M3gwQ3JUaTYvZHhrVUpqL0ZzOTBudz09

Meeting ID: 459 272 075
Passcode: 311342
One tap mobile
+13462487799,,459272075# US (Houston)
+16699006833,,459272075# US (San Jose)

Dial by your location
+1 346 248 7799 US (Houston)

Dial by your location
        +1 669 900 6833 US (San Jose)
        +1 253 215 8782 US (Tacoma)
+1 312 626 6799 US (Chicago)
+1 646 558 8656 US (New York)
        +1 877 369 0926 US 301 715 8592 US (Germantown)
877 369 0926 US Toll-free
        +1 855 880 1246 US Toll-free
+1 438 809 7799 Canada
+1 587 328 1099 Canada
+1 647 374 4685 Canada
+1 647 558 0588 Canada
+1 778 907 2071 Canada
+1 204 272 7920 Canada
855 703 8985 Canada Toll-free
Meeting ID: 459272075459 272 075
Find your local number: https://zoom.us/u/acimKOClJkalZMq7OBg



Introductory webcast recording


Notes

Release 2 readiness

...

July 7, 2021

MOM:

  • Discussed for EALT-EDGE Blueprint, ELIOT IOTGateway and ELIOT uCPE Blueprint sonobuoy conformance test / results
  • Discussion → Sonobuoy will execute properly with K8s minimum 3 Node cluster (1 master + 2 worker nodes)
  • Discussion → Sonobuoy support for 1.17.2 → Need to be confirmed by validation team

June 16, 2021

  • Agenda: 
    • Making progress for BluVal to support K8s version v1.18, the patch set is under test
    • Need to identify which R5 blueprints support K8s versions v1.19, v1.20
    • Further discussed possibility for using multiple BluVal releases to support K8s v1.18, v1.19, v1.20
    • Discussed testing compatibility of container run times such as Docker, Containerd, LXC,  CRI-O
    • Discussed supporting popular combinations first, so majority of BPs can be supported
    • Need support for Debian Linux, in R4 we have 3 BPs which support Debian
    • Discussed high level approach for integrating Anuket RC2 tests into BluVal using Robot layer
    • Tina recommended we should provide an update to TSC meeting on June 17th
  • Participants:  Tina Tsou Deepak Kataria Thor Chin Sirisha Gopigiri

June 9, 2021

June 2, 2021

  • Agenda: 
    • Discuss uplift of BluVal to support K8s versions higher than v1.16
    • Integrate Anuket RC2 tests into BluVal
    • Integrate Chaos Tests in BluVal
    • Leverage BluVal UI for improved user experience
    • Integrate enhancements from security sub-committee
  • Participants:  Tina Tsou Deepak Kataria Arif Jason
  • Deepak Kataria presenting BluVal at LFN Developer & Testing Forum, taking place June 7-10, 2021. Presentation scheduled on June 8th

November 11, 2020


October 28, 2020

October 21, 2020

July 29, 2020

  • Reviews, Jiras etc. - same as on July 15th;
  • Debugging a bluval issue with the IEC Type 4 Team - turns out there was some YAML formatting issue;
  • Proposal: Add a yamllint sanity check for `blueval-<blueprint>` files before actually running bluval, which should help new users figure out if they're running into YAML formatting issues or whether it's an actual bluval traceback (right now bluval throws a pretty cryptic error message with a yaml.safe_load traceback when bluval configuration files have formatting issues, e.g. wrong identation);

July 22, 2020

  • Reviews, Jiras etc. - same as on July 15th;
  • No participants, the usual participants being all on vacation currently;

July 15, 2020

  • Reviews:
    • 3601 pending peer review
    • 3604 pending peer review
  •  Jiras:
    • Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-119
       is ongoing
  • Tina Tsou mentioned that the Bluval User Guide is not very friendly towards new users who haven't previously worked with LF infrastructure - particularly the LF specific terms could use a little more background (e.g. jumpserver, SUT etc.);
  • we agreed to open a new JIRA ticket for improving the Bluval User Guide with the used terminology / abbreviations;

July 8, 2020

  • Reviews:
    • 3601 pending peer review
    • 3604 pending peer review
  •  Jiras:
    • Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-119
       is ongoing
  • Cynthia Billovits is working with upstream developers - they said they fixed the issue we reported, but it turns out it still needs more work - we're waiting on them to get back to us hopefully later today.

July 1, 2020

  • Tapio Tallgren will be on holiday for next four weeks; Alex will host the meeting for the first two weeks
  • Jiras:
    • Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-117
       is merged
    • Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-119
       is ongoing

June 24, 2020

  • CentOS 8 is not supported in Bluval. We had a discussion about this topic last time and agreed that this should be documented somewhere 
    • Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-117
       is for CentOS 8 support
    • Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-119
       is for the documentation issue
  • Bluval debugging capabilities can still be improved. Ideas from last time:
    • Enable debugging with a single flag in variables.yaml 
      Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-120
    • Add "test" test cases which will validate that e.g the ssh connection works. This is often the first problem users have 
      Jira
      serverAkraino JIRA
      serverId604c99be-f414-323d-84e4-c9d70fa2bcdf
      keyVAL-121


June 10, 2020

  • Reviews:
  • Lynis/Vuls automation
  • Debugging support:  new very simple test cases like
    • Ping to host
    • Ssh access to SUT
    • Volume mount 

June 3, 2020

May 13, 2020

May 06, 2020

April 29, 2020

April 22, 2020

  • Update from security group
    • Lynis: Some of the tests have points attaches to them and some do not
    • The points can be used to create some kind of metric
    • Will try to create a list of acceptable and non-acceptable failures
    • Kube-hunter is being studied
  • Two Jira tickets to be created:
    • k8s conformance is mysteriously failing (from Srinivasan Selvam)
    • KNI validation jobs are not running

April 15, 2020 (recording)

  • Security group update
    • For Vuls and other tests that use CVE tagging:
      • High and medium vulnerabilities are mandatory, so the test fails if any of those fails
      • If the vulnerabilities cannot be fixed, they must be handled as exceptions and documented
      • The exceptions could have time limits
    • For Lynis: gives a hardening index but it is difficult to use that
      • There could be low bar and any test score below it should just fail
      • Any test score above a high bar should pass
      • Test scores between the low and high would need to be analyzed
      • The high score could be the same as passing all high and medium priority tests
    • Kube-hunter: work in progress
  • https://gerrit.akraino.org/r/c/ci-management/+/3356
  • https://gerrit.akraino.org/r/c/ci-management/+/3358
  • Tagging 3.0

April 8, 2020

April 1, 2020

  • Presentation now done, another coming
    • Clarification: Redfish only has Use Case testing (which is what is packaged in Bluval)
  • What should kubehunter return?
    • Robot has some third alternative between "pass" and "fail", Juha will investigate
    • If a security tool finds vulnerabilities, it could be pass since the requirement is to run the tests but this could imply that there is nothing to investigate
    • The vulnerabilities could be harmless in the end, so fail would also be misleading
    • Later on, there can be a whitelist of "harmless" warnings
  • Tagging Release 3.0
    • Can be done after the changes to security tests
    • Cristina will do the tagging
  • Status
    • Patches for CI integration have been merged
    • Vuls fails when run after other tests; Daniel is investigating
    • Juha will send the kubehunter sample report to security@lists.akraino.org

March 25, 2020

  • Presentation to TSC
  • Vuls and lynis on CI: https://gerrit.akraino.org/r/c/validation/+/3306
  • Discussion with Security Committee:
    • Interpreting the results from the vulnerability tests will require understanding how the project is used
    • Thus, the evaluation must be done together with the project PTL
    • The Security Committee requested a sample document from the tests
  • Presentation to Akraino TSC+PTLs next week Tuesday:
    • Start with the list of mandatory tests (Tapio)
    • Show hands-on how to run the tests (Juha)
    • Show how to run the tests in CI and copy the results (Cristina?)
    • Show the results in UI (Ioakeim?)

March 18, 2020

  • Updates from Tapio:
    • The mandatory tests presentation was approved by TSC
    • I asked the Security team for input but got nothing this far
    • I have not received any comments from Blueprints
    • There is one Blueprint (Network Cloud) that is using OpenStack so we will keep Tempest in
  • There can be some tests coming from the O-RAN community
  • No progress on UI full control loop
  • KPI project might bring in some performance testing
  • Juha will update the tempest tests
  • Daniel is working on integrating the security tests in CI

March 11, 2020

  • We discussed the proposal for mandatory tests for Release 3:

View file
nameMandatory tests for Akraino Release 3.pdf
height250

March 4, 2020

  • Vuls improvements
    • Ubuntu 18 is now running on ARM
    • CentOS also seems to work
    • The size is now 1.5 Gb, mainly due to (a) compressing the database and (b) doing a multi-stage build
  • Jenkins documentation: Running bluval in CI
  • Updates from TSC meeting:
    • Bluval will be mandatory for all projects
    • New project proposal: Kontour (KPI)
    • CNTT/CNF-conformance?



February 26, 2020

  • Vuls is integrated for Ubuntu 16
    • CentOS and Ubuntu 19 are WIP
    • The images are getting big,  ~7 Gb
  • Presentation for TSC planning meeting
    • Need a definition of "mandatory tests" for Release 3
    • Need to tag release 3.0 by end of April?
  • kubehunter is now integrated
  • Cristina is working on documenting how Bluval can integrated into a Jenkins
    • Ioamkeim will test the instructions after they are done

February 19, 2020

  • The issue with the verify jobs caused by tox dependencies has been fixed upstream
  • The k8s layer container is failing to build, Juha is looking into it
  • The robot test for kubehunter is ready but it's blocked by the k8s container issue
  • A demo was presented to the TSC about the validation work, there were questions on how to integrate it in CI (Cristina needs to document this)
  • The vuls patch has been updated, waiting for review
  • A patch to reorganize the jobs and improve the relationship between them is in review https://gerrit.akraino.org/r/c/ci-management/+/2242

February 12, 2020

  • Demo to TSC+PTLs: let's try tomorrow in the TSC meeting
  • Juha K. is looking in kubehunter and kubestorage
  • Juha K. is evaluating the Vuls patch
  • CI jobs are failing with tox
  • Discussion about closed loop automation
    • Proposal next week
  • CHOMP project to be followed up

January 29, 2020

  • Presentation to TSC
    • Still some bugs remain
    • Goal is now February 4th TSC+PTL meeting
  • Vuls currently only works on Ubuntu, Cristina Pauna and Daniel Stoica are working on supporting CentOS
  • The CHOMP project is interested in using Bluval
    • Deepak Kataria will invite someone from the project to next meeting for a discussion
  • The right way to edit the committer list is to change it after half of committers have approved the change. Let's follow that rule unless the Technical Governance document says something else
  • We will make some proposals to ONES and then figure out later who will present them. At least Cristina Pauna will attend the event

January 22, 2020

  • Missing from Release 3:
    • Redfish tests (fixes exist but not part of a release)
    • Full control loop testing (UI can trigger tests in a lab, jjb in ci-integration is missing)
  • TSC presentation is planned for next week

January 15, 2020

  • The "push logs to Nexus from Jenkins" patch is still under work
  • The new bluval-fe repo is now ready

...

January 8, 2020

  • Presentation and demo to TSC
    • Want to have the "push logs to Nexus from Jenkins" patch working before presentation
    • Check again next week
  • The new repo was approved on December 19th by the TSC
    • Need a record of the TSC meeting where this was approved
    • Easiest is to have the topic on the agenda again tomorrow
  • Naga is leaving the project by the end of this week
    • Will remain as a contributor with a new email address (INFO.yaml needs to be updated)
  • Security tests (Lynis and Vuls) may not work on ARM, will check this next
  • Discussion about installation logs and UI
    • The Regional Controller is the only "official" (at least for TA) installer, so it only can tell if installation worked
    • Could also enhance deployment logs so that they inform some UI when an installation has worked
  • Community lab is free to use for all!

...