From 2d6bc19a63bb7bbae5a3aaaf5964009aad85990c Mon Sep 17 00:00:00 2001 From: VENKATESH KUMAR Date: Sun, 18 Aug 2019 22:08:00 -0400 Subject: dcae rls updates for ED Change-Id: Ib54f231d161bdffee5b7ff43f9387c1b91863bdc Signed-off-by: VENKATESH KUMAR Issue-ID: DCAEGEN2-1669 Issue-ID: DCAEGEN2-1708 --- docs/sections/release-notes.rst | 165 +++++++++++++++++++++++ docs/sections/services/dfc/delivery.rst | 6 +- docs/sections/services/ves-http/installation.rst | 4 +- 3 files changed, 170 insertions(+), 5 deletions(-) diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst index 8e375ffd..92c6957c 100644 --- a/docs/sections/release-notes.rst +++ b/docs/sections/release-notes.rst @@ -3,6 +3,171 @@ Release Notes ============= + +Version: 5.0.0 +-------------- + +El-Alto Early-drop focused on technical debts and SECCOM priority work-items. + +Following is summary of updates done for DCAEGEN2 + +**Security** + +Following platform components were enabled for HTTPS + - ConfigBindingService (CBS) + - CBS is used by all DCAE MS to fetch DCAE MS configuration from Consul. To mitigate impact for DCAE MS, CBS deployment through OOM/Helm was modified to support CBS on both HTTP and HTTPS. `Design for CBS TLS migration `_ + - Cloudify Manager + - InventoryAPI + +All components interfacing with platform components were modified to support TLS interface + +**Miscellaneous** + - DCAE Dashboard deployment migration from cloudify blueprint to OOM/Chart + - Dynamic Topic support via Dmaap plugin integration for DataFileCollector MS + - Dynamic Topic support via Dmaap plugin integration for PM-Mapper service + - CBS client libraries updated to remove consul service lookup + + +With this release, all DCAE platform components has been migrated to helm charts. Following is complete list of DCAE components available part of default ONAP/DCAE installation. + - Platform components + - Cloudify Manager (helm chart) + - Bootstrap container (helm chart) + - Configuration Binding Service (helm chart) + - Deployment Handler (helm chart) + - Policy Handler (helm chart + - Service Change Handler (helm chart) + - Inventory API (helm chart) + - Dashboard (helm charts) + - Service components + - VES Collector + - SNMP Collector + - Threshold Crossing Analytics + - HV-VES Collector + - PNF-Registration Handler + - Holmes Rule Management * + - Holmes Engine Management * + - Additional resources that DCAE utilizes: + - Postgres Database + - Redis Cluster Database + - Consul Cluster * + + Notes: + \* These components are delivered by external ONAP project. + +DCAE also includes below MS which can be deployed on-demand (via Dashboard or Cloudify CLI or CLAMP) + + - Collectors + - RESTConf collector  + - DataFile collector + - Event Processors + - VES Mapper + - 3gpp PM-Mapper + - BBS Event processor + - Analytics/RCA + - SON-Handler + - Missing Heartbeat Ms + +- All DCAE components are designed to support platform maturity requirements. + + +**Source Code** + +Source code of DCAE components are released under the following repositories on gerrit.onap.org; there is no new component introduced for El-Alto Early-drop. + - dcaegen2 + - dcaegen2.analytics.tca + - dcaegen2.collectors.snmptrap + - dcaegen2.collectors.ves + - dcaegen2.collectors.hv-ves + - dcaegen2.collectors.datafile + - dcaegen2.collectors.restconf + - dcaegen2.deployments + - dcaegen2.platform.blueprints + - dcaegen2.platform.cli + - dcaegen2.platform.configbinding + - dcaegen2.platform.deployment-handler + - dcaegen2.platform.inventory-api + - dcaegen2.platform.plugins + - dcaegen2.platform.policy-handler + - dcaegen2.platform.servicechange-handler + - dcaegen2.services.heartbeat + - dcaegen2.services.mapper + - dcaegen2.services.pm-mapper + - dcaegen2.services.prh + - dcaegen2.services.son-handler + - dcaegen2.services + - dcaegen2.services.sdk + - dcaegen2.utils + - ccsdk.platform.plugins + - ccsdk.dashboard + +**Bug Fixes** + * k8splugin can generate deployment name > 63 chars (DCAEGEN2-1667) + * CM container loading invalid Cloudify types file (DCAEGEN2-1685) + + +**Known Issues** + * Healthcheck/Readiness probe VES Collector when authentication is enabled (DCAEGEN2-1594) + + +**Security Notes** + +*Fixed Security Issues* + +*Known Security Issues* + + * Unsecured Swagger UI Interface in xdcae-datafile-collector. [`OJSI-28 `_] + * Unsecured Swagger UI Interface in xdcae-ves-collector. [`OJSI-30 `_] + * In default deployment DCAEGEN2 (xdcae-datafile-collector) exposes HTTP port 30223 outside of cluster. [`OJSI-109 `_] + * In default deployment DCAEGEN2 (xdcae-ves-collector) exposes HTTP port 30235 outside of cluster. [`OJSI-116 `_] + * In default deployment DCAEGEN2 (dcae-datafile-collector) exposes HTTP port 30262 outside of cluster. [`OJSI-131 `_] + * In default deployment DCAEGEN2 (xdcae-dashboard) exposes HTTP port 30418 outside of cluster. [`OJSI-159 `_] + * In default deployment DCAEGEN2 (xdcae-tca-analytics) exposes HTTP port 32010 outside of cluster. [`OJSI-161 `_] + * In default deployment DCAEGEN2 (dcae-redis) exposes redis port 30286 outside of cluster. [`OJSI-187 `_] + * In default deployment DCAEGEN2 (config-binding-service) exposes HTTP port 30415 outside of cluster. [`OJSI-195 `_] + * CVE-2019-12126 - DCAE TCA exposes unprotected APIs/UIs on port 32010. [`OJSI-201 `_] + +*Known Vulnerabilities in Used Modules* + +DCAE code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The DCAE open Critical security vulnerabilities and their risk assessment have been documented as part of the `project `_. + +Quick Links: + - `DCAE project page `_ + + - `Passing Badge information for DCAE `_ + + - `Project Vulnerability Review Table for DCAE `_ + + +**Upgrade Notes** + +The following components are upgraded from Dublin/R4. + - Cloudify Manager: + - Docker container tag: onap/org.onap.dcaegen2.deployments.cm-container:2.0.2 + - Description: DCAE's Cloudify Manager container is based on Cloudify Manager Community Version 19.01.24, which is based on Cloudify Manager 4.5. The container was updated to support TLS. + - K8S Bootstrap container: + - Docker container tag: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.2 + - Description: K8s bootstrap container updated to interface with Cloudify using HTTPS; new k8s and Dmaap plugin version included; Dashboard deployment was removed. + - Configuration Binding Service: + - Docker container tag: onap/org.onap.dcaegen2.platform.configbinding.app-app:2.5.1 + - Description: HTTPS support, Image optimization and non-root user + - Deployment Handler + - Docker container image tag: onap/org.onap.dcaegen2.platform.deployment-handler:4.2.0 + - Description: Update to node10, uninstall workflow updates + - Service Change Handler + - Docker container image tag: onap/org.onap.dcaegen2.platform.servicechange-handler:1.3.2 + - Description: HTTPS inventoryAPI support, container optmization and non-root user + - Inventory API + - Docker container image tag: onap/org.onap.dcaegen2.platform.inventory-api:3.4.0 + - Description: HTTPS support, container optmization and non-root user + - DataFile Collector + - Docker container tag: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.2.2 + - Description : Code optimization, bug fixes, dmaap plugin integration + - 3gpp PM-Mapper + - Docker container tag: onap/org.onap.dcaegen2.services.pm-mapper:1.1.3 + - Description: Code optimization, bug fixes, dmaap plugin integration + + + Version: 4.0.0 -------------- diff --git a/docs/sections/services/dfc/delivery.rst b/docs/sections/services/dfc/delivery.rst index 41d72400..a24b0201 100644 --- a/docs/sections/services/dfc/delivery.rst +++ b/docs/sections/services/dfc/delivery.rst @@ -7,11 +7,11 @@ Delivery Docker Container ---------------- -DFC is delivered as a docker container. The latest released version (Dublin) can be downloaded from nexus: +DFC is delivered as a docker container. The latest released version can be downloaded from nexus: - ``docker pull nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.1.3`` + ``docker pull nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.2.2`` -For another version, it is possible to replace the tag '1.1.3' with any version that seems suitable. Available images +For another version, it is possible to replace the tag '1.2.2' with any version that seems suitable. Available images are visible following this `link`_. .. _link: https://nexus3.onap.org/#browse/search=keyword%3D*collectors.datafile* diff --git a/docs/sections/services/ves-http/installation.rst b/docs/sections/services/ves-http/installation.rst index be32d899..3f8f943a 100644 --- a/docs/sections/services/ves-http/installation.rst +++ b/docs/sections/services/ves-http/installation.rst @@ -10,7 +10,7 @@ As the service is containerized, it can be started on stand-alone mode also. To run VES Collector container on standalone mode, following parameters are required - ``docker run -d -p 8080:8080/tcp -p 8443:8443/tcp -P -e DMAAPHOST='10.0.11.1' nexus.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.3.2`` + ``docker run -d -p 8080:8080/tcp -p 8443:8443/tcp -P -e DMAAPHOST='10.0.11.1' nexus.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.4.5`` DMAAPHOST is required for standalone; for normal platform installed instance the publish URL are obtained from Consul. Below parameters are exposed for DCAE platform (cloudify) deployed instance @@ -110,7 +110,7 @@ and remove following entry and save the changes; K8S will update the service de default: "http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.VES_PNFREG_OUTPUT" tag_version: type: string - default: "nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.4.4" + default: "nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.4.5" external_port: type: string description: Kubernetes node port on which collector is exposed -- cgit 1.2.3-korg