From 31dceea4851d67ec706185f9d6f5bd0bf427b2c3 Mon Sep 17 00:00:00 2001 From: Piotr Marcinkiewicz Date: Tue, 29 Jun 2021 16:15:49 +0200 Subject: [CONTRIB] Introduce certificate update use case in CertService 1. Make changes in order to allow performing KUR/CR in EJBCA: - Add Certificate Update Admin role - Enable EndEntityAuthentication module - Create and set CA with constant UID - Add configuration for provider. 2. Update CertService, which provides with new certificate update endpoint. 3. Update release-notes. Issue-ID: OOM-2753 Issue-ID: OOM-2754 Signed-off-by: Piotr Marcinkiewicz Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52 Signed-off-by: Joanna Jeremicz --- docs/release-notes-honolulu.rst | 162 ++++++++++++++++++++++++++++++++++++++++ docs/release-notes.rst | 76 ++++++------------- 2 files changed, 184 insertions(+), 54 deletions(-) create mode 100644 docs/release-notes-honolulu.rst (limited to 'docs') diff --git a/docs/release-notes-honolulu.rst b/docs/release-notes-honolulu.rst new file mode 100644 index 0000000000..0c8d81f164 --- /dev/null +++ b/docs/release-notes-honolulu.rst @@ -0,0 +1,162 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 + International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) ONAP Project and its contributors +.. _release_notes_honolulu: + +:orphan: + +************************************* +ONAP Operations Manager Release Notes +************************************* + +Previous Release Notes +====================== + +- :ref:`Guilin ` +- :ref:`Frankfurt ` +- :ref:`El Alto ` +- :ref:`Dublin ` +- :ref:`Casablanca ` +- :ref:`Beijing ` +- :ref:`Amsterdam ` + +Abstract +======== + +This document provides the release notes for the Honolulu release. + +Summary +======= + +The focus of this release is to strengthen the foundation of OOM installer. + +Release Data +============ + ++--------------------------------------+--------------------------------------+ +| **Project** | OOM | +| | | ++--------------------------------------+--------------------------------------+ +| **Docker images** | N/A | +| | | ++--------------------------------------+--------------------------------------+ +| **Release designation** | Honolulu | +| | | ++--------------------------------------+--------------------------------------+ +| **Release date** | 2021/04/29 | +| | | ++--------------------------------------+--------------------------------------+ + +New features +------------ + +* Kubernetes support for version up to 1.20 +* Helm support for version up to 3.5 +* Limits are set for most of the components +* Portal-Cassandra image updated to Bitnami, supporting IPv4/IPv6 Dual Stack +* CMPv2 external issuer implemented which extends Cert-Manager with ability to + enroll X.509 certificates from CMPv2 servers +* New version for mariadb galera using Bitnami image, supporting IPv4/IPv6 Dual + Stack +* Bump version of common PostgreSQL and ElasticSearch +* Move to automatic certificates retrieval for 80% of the components +* Consistent retrieval of docker images, with ability to configure proxy for + the 4 repositories used by ONAP + +**Bug fixes** + +A list of issues resolved in this release can be found here: +https://jira.onap.org/projects/OOM/versions/11073 + +major issues solved: + +* Better handling of persistence on PostgreSQL +* Better Ingress templating +* Better Service templating + +**Known Issues** + +- `OOM-2554 `_ Common pods have java 8 +- `OOM-2435 `_ SDNC karaf shell: + log:list: Error executing command: Unrecognized configuration +- `OOM-2629 `_ NetBox demo entry setup + not complete +- `OOM-2706 `_ CDS Blueprint Processor + does not work with local DB +- `OOM-2713 `_ Problem on onboarding + custom cert to SDNC ONAP during deployment +- `OOM-2698 `_ SO helm override fails in + for value with multi-level replacement +- `OOM-2697 `_ SO with local MariaDB + deployment fails +- `OOM-2538 `_ strange error with + CertInitializer template +- `OOM-2547 `_ Health Check failures + seen after bringing down/up control plane & worker node VM instances on which + ONAP hosted +- `OOM-2699 `_ SO so-mariadb + readinessCheck fails for local MariaDB instance +- `OOM-2705 `_ SDNC DB installation fails + on local MariaDB instance +- `OOM-2603 `_ [SDNC] allign password for + scaleoutUser/restconfUser/odlUser + +Deliverables +------------ + +Software Deliverables +~~~~~~~~~~~~~~~~~~~~~ + +OOM provides `Helm charts `_ that needs to be +"compiled" into Helm package. see step 6 in +:doc:`quickstart guide `. + +Documentation Deliverables +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- :doc:`Project Description ` +- :doc:`Cloud Setup Guide ` +- :doc:`Quick Start Guide ` +- :doc:`Setup Ingress Controller ` +- :doc:`Developer Guide ` +- :doc:`Hardcoded Certificates ` + +Known Limitations, Issues and Workarounds +========================================= + +Known Vulnerabilities +--------------------- + +- Hard coded password used for all OOM deployments + [`OJSI-188 `_] +- :doc:`Hard coded certificates ` in Helm packages + +Workarounds +----------- + +- ``_ + Workaround is to generate a password with "short" strenght or pregenerate + passwords without single quote in it. Default deployment is using "short" + password generation for mariadb. + +Security Notes +-------------- + +**Fixed Security Issues** + +References +========== + +For more information on the ONAP Frankfurt release, please see: + +#. `ONAP Home Page`_ +#. `ONAP Documentation`_ +#. `ONAP Release Downloads`_ +#. `ONAP Wiki Page`_ + + +.. _`ONAP Home Page`: https://www.onap.org +.. _`ONAP Wiki Page`: https://wiki.onap.org +.. _`ONAP Documentation`: https://docs.onap.org +.. _`ONAP Release Downloads`: https://git.onap.org diff --git a/docs/release-notes.rst b/docs/release-notes.rst index ae0ea457f5..730acd5eea 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -11,6 +11,7 @@ ONAP Operations Manager Release Notes Previous Release Notes ====================== +- :ref:`Honolulu ` - :ref:`Guilin ` - :ref:`Frankfurt ` - :ref:`El Alto ` @@ -22,12 +23,12 @@ Previous Release Notes Abstract ======== -This document provides the release notes for the Honolulu release. +This document provides the release notes for the Istanbul release. Summary ======= -The focus of this release is to strengthen the foundation of OOM installer. + Release Data ============ @@ -39,66 +40,25 @@ Release Data | **Docker images** | N/A | | | | +--------------------------------------+--------------------------------------+ -| **Release designation** | Honolulu | +| **Release designation** | Istanbul | | | | +--------------------------------------+--------------------------------------+ -| **Release date** | 2021/04/29 | +| **Release date** | | | | | +--------------------------------------+--------------------------------------+ New features ------------ -* Kubernetes support for version up to 1.20 -* Helm support for version up to 3.5 -* Limits are set for most of the components -* Portal-Cassandra image updated to Bitnami, supporting IPv4/IPv6 Dual Stack -* CMPv2 external issuer implemented which extends Cert-Manager with ability to - enroll X.509 certificates from CMPv2 servers -* New version for mariadb galera using Bitnami image, supporting IPv4/IPv6 Dual - Stack -* Bump version of common PostgreSQL and ElasticSearch -* Move to automatic certificates retrieval for 80% of the components -* Consistent retrieval of docker images, with ability to configure proxy for - the 4 repositories used by ONAP **Bug fixes** A list of issues resolved in this release can be found here: -https://jira.onap.org/projects/OOM/versions/11073 - -major issues solved: +https://jira.onap.org/projects/OOM/versions/11074 -* Better handling of persistence on PostgreSQL -* Better Ingress templating -* Better Service templating **Known Issues** -- `OOM-2554 `_ Common pods have java 8 -- `OOM-2435 `_ SDNC karaf shell: - log:list: Error executing command: Unrecognized configuration -- `OOM-2629 `_ NetBox demo entry setup - not complete -- `OOM-2706 `_ CDS Blueprint Processor - does not work with local DB -- `OOM-2713 `_ Problem on onboarding - custom cert to SDNC ONAP during deployment -- `OOM-2698 `_ SO helm override fails in - for value with multi-level replacement -- `OOM-2697 `_ SO with local MariaDB - deployment fails -- `OOM-2538 `_ strange error with - CertInitializer template -- `OOM-2547 `_ Health Check failures - seen after bringing down/up control plane & worker node VM instances on which - ONAP hosted -- `OOM-2699 `_ SO so-mariadb - readinessCheck fails for local MariaDB instance -- `OOM-2705 `_ SDNC DB installation fails - on local MariaDB instance -- `OOM-2603 `_ [SDNC] allign password for - scaleoutUser/restconfUser/odlUser Deliverables ------------ @@ -126,17 +86,25 @@ Known Limitations, Issues and Workarounds Known Vulnerabilities --------------------- -- Hard coded password used for all OOM deployments - [`OJSI-188 `_] -- :doc:`Hard coded certificates ` in Helm packages Workarounds ----------- -- ``_ - Workaround is to generate a password with "short" strenght or pregenerate - passwords without single quote in it. Default deployment is using "short" - password generation for mariadb. +- `OOM-2754 `_ + Because of *updateEndpoint* property added to *cmpv2issuer* CRD + it is impossible to upgrade platform component from Honolulu to Istanbul + release without manual steps. Actions that should be performed: + + #. Update the CRD definition:: + + > kubectl -n onap apply -f cmpv2-cert-provider/crds/cmpv2issuer.yaml + #. Upgrade the component + #. Make sure that *cmpv2issuer* contains correct value for + *spec.updateEndpoint*. The value should be: *v1/certificate-update*. + If it's not, edit the resource:: + + > kubectl -n onap edit cmpv2issuer cmpv2-issuer-onap + Security Notes -------------- @@ -146,7 +114,7 @@ Security Notes References ========== -For more information on the ONAP Frankfurt release, please see: +For more information on the ONAP Istanbul release, please see: #. `ONAP Home Page`_ #. `ONAP Documentation`_ -- cgit 1.2.3-korg