1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2 .. http://creativecommons.org/licenses/by/4.0
4 .. =========================
6 .. =========================
12 The offical El-Alto release (rolls up all 5.0.0 early drop deliverables) focused on technical debts and SECCOM priority work-items.
14 Following is summary of updates done for DCAEGEN2
18 Following platform components were enabled for HTTPS
19 - ConfigBindingService (CBS)
20 - CBS is used by all DCAE MS to fetch DCAE MS configuration from Consul. To mitigate impact for DCAE MS, CBS deployment through OOM/Helm was modified to support CBS on both HTTP and HTTPS. `Design for CBS TLS migration <https://wiki.onap.org/display/DW/TLS+support+for+CBS+-+Migration+Plan>`_
23 - Non-root container process (ConfigBindingService, InventoryAPI, ServiceChangeHandler, HV-VES, PRH, Son-handler)
25 All components interfacing with platform components were modified to support TLS interface
28 - DCAE Dashboard deployment migration from cloudify blueprint to OOM/Chart
29 - Dynamic Topic support via Dmaap plugin integration for DataFileCollector MS
30 - Dynamic Topic support via Dmaap plugin integration for PM-Mapper service
31 - CBS client libraries updated to remove consul service lookup
32 - Image Optimization (ConfigBindingService, InventoryAPI, ServiceChangeHandler, HV-VES, PRH, Son-handler)
36 With this release, all DCAE platform components has been migrated to helm charts. Following is complete list of DCAE components available part of default ONAP/DCAE installation.
38 - Cloudify Manager (helm chart)
39 - Bootstrap container (helm chart)
40 - Configuration Binding Service (helm chart)
41 - Deployment Handler (helm chart)
42 - Policy Handler (helm chart
43 - Service Change Handler (helm chart)
44 - Inventory API (helm chart)
45 - Dashboard (helm charts)
49 - Threshold Crossing Analytics
51 - PNF-Registration Handler
52 - Holmes Rule Management *
53 - Holmes Engine Management *
54 - Additional resources that DCAE utilizes:
56 - Redis Cluster Database
60 \* These components are delivered by external ONAP project.
62 DCAE also includes below MS which can be deployed on-demand (via Dashboard or Cloudify CLI or CLAMP)
73 - Missing Heartbeat Ms
75 - All DCAE components are designed to support platform maturity requirements.
80 Source code of DCAE components are released under the following repositories on gerrit.onap.org; there is no new component introduced for El-Alto Early-drop.
82 - dcaegen2.analytics.tca
83 - dcaegen2.collectors.snmptrap
84 - dcaegen2.collectors.ves
85 - dcaegen2.collectors.hv-ves
86 - dcaegen2.collectors.datafile
87 - dcaegen2.collectors.restconf
88 - dcaegen2.deployments
89 - dcaegen2.platform.blueprints
90 - dcaegen2.platform.cli
91 - dcaegen2.platform.configbinding
92 - dcaegen2.platform.deployment-handler
93 - dcaegen2.platform.inventory-api
94 - dcaegen2.platform.plugins
95 - dcaegen2.platform.policy-handler
96 - dcaegen2.platform.servicechange-handler
97 - dcaegen2.services.heartbeat
98 - dcaegen2.services.mapper
99 - dcaegen2.services.pm-mapper
100 - dcaegen2.services.prh
101 - dcaegen2.services.son-handler
103 - dcaegen2.services.sdk
105 - ccsdk.platform.plugins
109 * k8splugin can generate deployment name > 63 chars (DCAEGEN2-1667)
110 * CM container loading invalid Cloudify types file (DCAEGEN2-1685)
114 * Healthcheck/Readiness probe VES Collector when authentication is enabled (DCAEGEN2-1594)
118 *Fixed Security Issues*
119 * Unsecured Swagger UI Interface in xdcae-datafile-collector. [`OJSI-28 <https://jira.onap.org/browse/OJSI-28>`_]
120 * In default deployment DCAEGEN2 (xdcae-datafile-collector) exposes HTTP port 30223 outside of cluster. [`OJSI-109 <https://jira.onap.org/browse/OJSI-109>`_]
121 * In default deployment DCAEGEN2 (xdcae-tca-analytics) exposes HTTP port 32010 outside of cluster. [`OJSI-161 <https://jira.onap.org/browse/OJSI-161>`_]
122 * In default deployment DCAEGEN2 (dcae-datafile-collector) exposes HTTP port 30262 outside of cluster. [`OJSI-131 <https://jira.onap.org/browse/OJSI-131>`_]
123 * CVE-2019-12126 - DCAE TCA exposes unprotected APIs/UIs on port 32010. [`OJSI-201 <https://jira.onap.org/browse/OJSI-201>`_]
125 *Known Security Issues*
126 * Unsecured Swagger UI Interface in xdcae-ves-collector. [`OJSI-30 <https://jira.onap.org/browse/OJSI-30>`_]
127 * In default deployment DCAEGEN2 (xdcae-ves-collector) exposes HTTP port 30235 outside of cluster. [`OJSI-116 <https://jira.onap.org/browse/OJSI-116>`_]
128 * In default deployment DCAEGEN2 (xdcae-dashboard) exposes HTTP port 30418 outside of cluster. [`OJSI-159 <https://jira.onap.org/browse/OJSI-159>`_]
129 * In default deployment DCAEGEN2 (dcae-redis) exposes redis port 30286 outside of cluster. [`OJSI-187 <https://jira.onap.org/browse/OJSI-187>`_]
130 * In default deployment DCAEGEN2 (config-binding-service) exposes HTTP port 30415 outside of cluster. [`OJSI-195 <https://jira.onap.org/browse/OJSI-195>`_]
132 *Known Vulnerabilities in Used Modules*
134 DCAE code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The DCAE open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=51282478>`_.
137 - `DCAE project page <https://wiki.onap.org/display/DW/Data+Collection+Analytics+and+Events+Project>`_
139 - `Passing Badge information for DCAE <https://bestpractices.coreinfrastructure.org/en/projects/1718>`_
141 - `Project Vulnerability Review Table for DCAE (El-Alto Maintenance) <https://wiki.onap.org/pages/viewpage.action?pageId=68540441>`_
146 The following components are upgraded from Dublin/R4 and El-Alto EarlyDrop deliverables.
147 - K8S Bootstrap container:
148 - Docker container tag: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.4
149 - Description: K8s bootstrap container updated to interface with Cloudify using HTTPS; new k8s and Dmaap plugin version included; Dashboard deployment was removed.
150 - Configuration Binding Service:
151 - Docker container tag: onap/org.onap.dcaegen2.platform.configbinding.app-app:2.5.2
152 - Description: HTTPS support, Image optimization and non-root user
154 - Docker container image tag: onap/org.onap.dcaegen2.platform.inventory-api:3.4.0
155 - Description: HTTPS support, container optmization and non-root user
157 - Docker container tag: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.2.3
158 - Description : Code optimization, bug fixes, dmaap plugin integration
160 - Docker container tag: onap/org.onap.dcaegen2.services.son-handler:1.1.1
161 - Description : Image optimization, bug fixes, CBS integration
162 - VES Adapter/Mapper MS
163 - Docker container tag: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.0.1
164 - Description : Image optimization & CBS periodic polling
166 - Docker container tag: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.3.1
167 - Description : Code optimization, bug fixes and SDK alignment
169 - Docker container tag: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.3.0
170 - Description : Code optimization, bug fixes and SDK alignment