diff options
author | Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> | 2021-06-29 16:15:49 +0200 |
---|---|---|
committer | Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> | 2021-09-06 10:42:00 +0200 |
commit | 31dceea4851d67ec706185f9d6f5bd0bf427b2c3 (patch) | |
tree | c66e3b75b83cb4ef6f5aff7d81bbcb0c02f0145b /docs/release-notes.rst | |
parent | f94a5f639cb670fbc4d3902f80d3b5b6714b1ec6 (diff) |
[CONTRIB] Introduce certificate update use case in CertService
1. Make changes in order to allow performing KUR/CR in EJBCA:
- Add Certificate Update Admin role
- Enable EndEntityAuthentication module
- Create and set CA with constant UID
- Add configuration for provider.
2. Update CertService, which provides with new certificate update
endpoint.
3. Update release-notes.
Issue-ID: OOM-2753
Issue-ID: OOM-2754
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Diffstat (limited to 'docs/release-notes.rst')
-rw-r--r-- | docs/release-notes.rst | 76 |
1 files changed, 22 insertions, 54 deletions
diff --git a/docs/release-notes.rst b/docs/release-notes.rst index ae0ea457f5..730acd5eea 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -11,6 +11,7 @@ ONAP Operations Manager Release Notes Previous Release Notes ====================== +- :ref:`Honolulu <release_notes_honolulu>` - :ref:`Guilin <release_notes_guilin>` - :ref:`Frankfurt <release_notes_frankfurt>` - :ref:`El Alto <release_notes_elalto>` @@ -22,12 +23,12 @@ Previous Release Notes Abstract ======== -This document provides the release notes for the Honolulu release. +This document provides the release notes for the Istanbul release. Summary ======= -The focus of this release is to strengthen the foundation of OOM installer. + Release Data ============ @@ -39,66 +40,25 @@ Release Data | **Docker images** | N/A | | | | +--------------------------------------+--------------------------------------+ -| **Release designation** | Honolulu | +| **Release designation** | Istanbul | | | | +--------------------------------------+--------------------------------------+ -| **Release date** | 2021/04/29 | +| **Release date** | | | | | +--------------------------------------+--------------------------------------+ New features ------------ -* Kubernetes support for version up to 1.20 -* Helm support for version up to 3.5 -* Limits are set for most of the components -* Portal-Cassandra image updated to Bitnami, supporting IPv4/IPv6 Dual Stack -* CMPv2 external issuer implemented which extends Cert-Manager with ability to - enroll X.509 certificates from CMPv2 servers -* New version for mariadb galera using Bitnami image, supporting IPv4/IPv6 Dual - Stack -* Bump version of common PostgreSQL and ElasticSearch -* Move to automatic certificates retrieval for 80% of the components -* Consistent retrieval of docker images, with ability to configure proxy for - the 4 repositories used by ONAP **Bug fixes** A list of issues resolved in this release can be found here: -https://jira.onap.org/projects/OOM/versions/11073 - -major issues solved: +https://jira.onap.org/projects/OOM/versions/11074 -* Better handling of persistence on PostgreSQL -* Better Ingress templating -* Better Service templating **Known Issues** -- `OOM-2554 <https://jira.onap.org/browse/OOM-2554>`_ Common pods have java 8 -- `OOM-2435 <https://jira.onap.org/browse/OOM-2435>`_ SDNC karaf shell: - log:list: Error executing command: Unrecognized configuration -- `OOM-2629 <https://jira.onap.org/browse/OOM-2629>`_ NetBox demo entry setup - not complete -- `OOM-2706 <https://jira.onap.org/browse/OOM-2706>`_ CDS Blueprint Processor - does not work with local DB -- `OOM-2713 <https://jira.onap.org/browse/OOM-2713>`_ Problem on onboarding - custom cert to SDNC ONAP during deployment -- `OOM-2698 <https://jira.onap.org/browse/OOM-2698>`_ SO helm override fails in - for value with multi-level replacement -- `OOM-2697 <https://jira.onap.org/browse/OOM-2697>`_ SO with local MariaDB - deployment fails -- `OOM-2538 <https://jira.onap.org/browse/OOM-2538>`_ strange error with - CertInitializer template -- `OOM-2547 <https://jira.onap.org/browse/OOM-2547>`_ Health Check failures - seen after bringing down/up control plane & worker node VM instances on which - ONAP hosted -- `OOM-2699 <https://jira.onap.org/browse/OOM-2699>`_ SO so-mariadb - readinessCheck fails for local MariaDB instance -- `OOM-2705 <https://jira.onap.org/browse/OOM-2705>`_ SDNC DB installation fails - on local MariaDB instance -- `OOM-2603 <https://jira.onap.org/browse/OOM-2603>`_ [SDNC] allign password for - scaleoutUser/restconfUser/odlUser Deliverables ------------ @@ -126,17 +86,25 @@ Known Limitations, Issues and Workarounds Known Vulnerabilities --------------------- -- Hard coded password used for all OOM deployments - [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_] -- :doc:`Hard coded certificates <oom_hardcoded_certificates>` in Helm packages Workarounds ----------- -- `<https://github.com/bitnami/bitnami-docker-mariadb-galera/issues/35>`_ - Workaround is to generate a password with "short" strenght or pregenerate - passwords without single quote in it. Default deployment is using "short" - password generation for mariadb. +- `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_ + Because of *updateEndpoint* property added to *cmpv2issuer* CRD + it is impossible to upgrade platform component from Honolulu to Istanbul + release without manual steps. Actions that should be performed: + + #. Update the CRD definition:: + + > kubectl -n onap apply -f cmpv2-cert-provider/crds/cmpv2issuer.yaml + #. Upgrade the component + #. Make sure that *cmpv2issuer* contains correct value for + *spec.updateEndpoint*. The value should be: *v1/certificate-update*. + If it's not, edit the resource:: + + > kubectl -n onap edit cmpv2issuer cmpv2-issuer-onap + Security Notes -------------- @@ -146,7 +114,7 @@ Security Notes References ========== -For more information on the ONAP Frankfurt release, please see: +For more information on the ONAP Istanbul release, please see: #. `ONAP Home Page`_ #. `ONAP Documentation`_ |