Date
Attendees
Goals
- Review last meeting's Selenium Grid moving to z15 and upgrade progress.
- Set next DevOps meeting schedule.
- Setup Oauth Authorization server PoC
Discussion items
| Item | Who | Notes |
|---|
| Mongo Express is hit with bitcoin mining malware | | - Simultaneous tests intermittently exhibited false failures.
- Problem was tracked down to s14 having only 50% CPU utilization.
- Using top showed a mongo-express container process was taking up CPU.
- Investigating the process name uncovered that the resource heavy process is a bit-coin mining trojan.
- Mongo Express is made with a version of PHP that is susceptible to malware attacks.
- Shut down and removed mongo express container. CPU utilization on the system went back to normal (<5%).
- We will need a way to securely login to high risk microservices from the Internet. For example:
- docker registry
- Mongo Express
- etc.
|
| Selenium Grid | | - Selenium Grid successfully moved to z15.
- Selenium Grid successfully updated to the latest package versions.
- Validated by running tests against the QA environment grid.
|
| Keycloak: an Authorization Service | | |
| OAuth2 | | OAuth2 |
| JWT | | |
Action items
- Put a link to this Keycloak PoC progress meeting page into a JIRA Story.
- Determine which application can use Keycloak (suggestion: Docker Authentication with Keycloak) to authenticate.
- Create Keycloak test cases. Discuss the best place to put them.
