1

Release Components

Identify components to be released, verify tests pass, push annotated tags, update SIMP release confluence page. https://simp.readthedocs.io/en/latest/contributors_guide/maintenance/Tagging_and_Releasing_Components.html

-

3

-

-

-

-

-

-

1-.1

Identify components to release

-

1

-

-

-

-

-

-

1-.2

Release components

1-.1

2

-

-

-

-

-

-

102

Create initial SIMP changelog

simp-doc

8

-

-

-

-

-

-

10-1

Create changelog

6

-

-

-

-

-

-

10-2

Review changes

2

-

Examine changes made to the simp-core project since the previous SIMP release tag (e.g., SIMP-6.5.0-1), as well as changes made to its SIMP dependencies listed in the Puppetfile.pinned.

For simp-core changes, examine the following:

• simp-core changes noted in its git logs

• src/assets/simp/build/simp.spec %changelog changes

For changes for an individual SIMP component, examine changes noted both in its git logs and its CHANGELOG file or %changelog section of its build/<component>.spec file. The changes to examine are those from the version listed in the Puppetfile.pinned of the last SIMP release.

simp-doc

8

-

-

-

-

-

2

Update simp-core pre-release tests with release-specific changes

Update simp-core default, ipa, install_from_tar, and simp_lite acceptance test suites for release-specific changes. This includes updating the nodesets and .gitlab-ci.yml for any changes to the supported OSs.

simp-core

-

5

-

-

-

-

-

-

Ideally, this should be done after the initial changelog has been generated, as the changelog informs the work to be done.

Tests will be executed for the appropriate OSs permutations in the nodeset, but separate tickets per OS should not be created.

2-1

Update tests and nodesets

-

4-

• This changelog needs to be done early because it informs what release-specific tests need to be executed and which sections of the documentation may need updates.

• This is a tedious, time-consuming job!

• Liz and Jeanne both have utilities to gather the changes.

• The deps:changelog rake task in simp-core should not be used because it does not accurately take into account individual component changes.

2.1

Create changelog

6

-

-

-

-

-

-

2-.2

Review updateschanges

2-.11

2

-

-

-

-

-

-

3

Update simp-packer core pre-release tests with release-specific changes

Update simp-packer for core default, ipa, install_from_tar, and simp_lite acceptance test suites for release-specific changes. Be sure to tag the previous simp-packer version, if the updates will break testing functionality built for the prior SIMP releaseThis includes updating the nodesets and .gitlab-ci.yml for any changes to the supported OSs.

simp-packercore

-

35

-

-

-

-

-

-

Ideally, this should be done after the initial changelog has been generated, as the changelog informs the work to be done.

Tests will be executed for the appropriate OSs permutations in the nodeset, but separate tickets per OS should not be created.

3-.1

Update code tests and documentationnodesets

-

24

-

-

-

-

-

-

3-.2

Review changesupdates

3-1.2

1

-

-

-

-

-

-

11

Identify 4

Update simp-packer with release-specific tests

Based on the initial Changelog for the release, identify integration tests that must be done with a fully configured SIMP server and (if necessary) clients. These should be tests that are not adequately tested in component acceptance tests.

10

5

11-1

Determine release-specific manual tests

4

11-2

Create tickets for each

1

4

Update simp-core with released components

Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default and ipa acceptance test suites pass.

simp-core

1,2

3

4-1

Update files, build ISOs and execute tests

-

2

4-2

Review updates

4-1

1

5

Create test ISO, and publish the ISO and its tar file

simp-core

4

2

Y

Ychanges

Update simp-packer for release-specific changes. Be sure to tag the previous simp-packer version, if the updates will break testing functionality built for the prior SIMP release.

simp-packer

-

3

-

-

-

-

-

-

Ideally, this should be done after the initial changelog has been generated, as the changelog informs the work to be done.

4.1

Update code and documentation

-

2

-

-

-

-

-

-

4.2

Review changes

4.1

1

-

-

-

-

-

-

5

Identify release-specific tests and documentation updates

Based on the initial Changelog for the release, identify (1) integration tests that must be done with a fully configured SIMP server and (if necessary) clients and (2) simp-doc documentation that may be affected by the changes. The tests should be tests that are not adequately tested in component acceptance tests.

2

7

-

-

-

-

-

-

This step may actually have to be done several times before we get to an initial release candidate build that can be published. If additional tickets are warranted, they can be created on the fly.

5-1

Build ISO

Use official RPM signing keys when the artifacts are to be published anywhere at simp-project.com.

-

1

Y

Y

5.1

Determine release-specific manual tests

4

5.2

Determine simp-doc pages that need to be reviewed for accuracy or revised

Identify pages that require an in-depth examination or major revision

2

-

-

-

-

-

-

5.3

Create tickets for each test and simp-doc page review

5.1, 5.2

1

-

-

-

-

-

-

Publish artifacts

Interim artifacts may be published to unstable folders at simp-project.com or other unofficial shared locations.

5-1

1

-

-

-

-

-

-

6

Validate ISO by building packer boxes

Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.

5

Y

Y6

Update simp-core with released components

Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default, ipa, and simp_lite acceptance test suites pass.

You must set the SIMP_FULL_MATRIX variable to have all the tests run in a GitLab.

simp-core

1, 3

3

-

-

-

-

-

-

6-.1

Build BIOS boot box with FIPS enabled and encrypted diskUpdate files and build ISOs for supported OSs

You may need to update package lists for the ISO builds.

-

2

-

-

-

-

-

-

6-.2

Build BIOS boot box with FIPS enabled and unencrypted disk

-

-

-

-

-

-

-

6-3

Verify acceptance tests

Verify the default, ipa, and simp_lite acceptance tests pass with new components. No major test revisions should be needed.

6.1

1

-

-

-

-

-

-

-

6-4

Build BIOS boot box with FIPS disabled and unencrypted disk

-Tests should already been updated for major changes in ID 3 in this table.

6.3

Review updates

Make sure to verify versions in Puppetfile.pinned, metdata.json and src/assets/simp/build/simp.spec.

6.2

1

-

-

-

-

-

-

6-5

Build UEFI boot box with FIPS enabled and encrypted disk

-

-

-

-

-7

Create test ISO, and publish the ISO and its tar file

simp-core

6

2

Y

Y

-

-

-

Build UEFI boot box with FIPS enabled and unencrypted disk

-

-

-

-

-

-

-

6-7

Build UEFI boot box with FIPS disabled and encrypted disk-

This step may actually have to be done several times before we get to an initial release candidate build that can be published. If additional tickets are warranted, they can be created on the fly.

7.1

Build ISO

Use official RPM signing keys when the artifacts are to be published anywhere at simp-project.com.

-

1

-

-

-

-

-

-

-

6-8

Build UEFI boot box with FIPS disabled and unencrypted disk

7.2

Publish artifacts

Interim artifacts may be published to unstable folders at simp-project.com or other unofficial shared locations.

7.1

1

-

-

-

-

-

-

7

Verify installation from RPMs in tar file

Run simp-core’s install_from_tar test

simp-core

5

-8

Validate ISO by building packer boxes (BIOS and UEFI)

Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.

7

Y

Y

-

-

-

-

-

-

7-1

Execute test

See https://github.com/simp/simp-core/blob/master/spec/acceptance/suites/README.md for description of environment variables that can be set to point to the tar file

1

Y

Y

-

-

-

-

8

Create upgrade instructions

Document any steps that are needed outside of the generic upgrade instructions. 

simp-doc

4

10

8.1

Validate ISO by building packer boxes (BIOS)

Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.

• BIOS boot box FIPS-enabled, encrypted disk

• BIOS boot box FIPS-enabled, unencrypted disk

• BIOS boot box FIPS-disabled, encrypted disk

• BIOS boot box FIPS-disabled, unencrypted disk

7

Y

Y

-

-

-

-

8

Manually execute upgrade with FIPS enabled

4

8-2

Manually execute upgrade with FIPS disabled

1

8-3

Write upgrade instructions

4

8-4

Review instructions

Review the instructions for clarity, grammar, spelling, formatting, etc. Verification will be done in a separate ticket

1

9

Verify upgrade instructions

Verify upgrade instructions and make any necessary adjustments to them.

simp-doc

8

Y

Y

9-1

Execute instructions

2

9-2

Update instructions

1

13

PXE boot UEFI

Manually verify clients can PXE boot (UEFI) from a SIMP-managed tftpboot server

5

Y

Y

13-1

PXE boot (UEFI) FIPs enabled, disk encrypted, same OS as tftpboot server

13-2

PXE boot (UEFI) FIPs enabled, disk unencrypted, same OS as tftpboot server

13-3

PXE boot (UEFI) FIPs disabled, disk encrypted, same OS as tftpboot server

13-4

PXE boot (UEFI) FIPs disabled, disk unencrypted, same OS as tftpboot server

13-5

PXE boot (UEFI) FIPs enabled, disk encrypted, clients from tftpboot server of different OS

14

PXE boot BIOS

Manually verify clients can PXE boot (BIOS) from a SIMP-managed tftpboot server

Y

Y

14-1

PXE boot (BIOS) FIPs enabled, disk encrypted, same OS as tftpboot server

14-2

PXE boot (BIOS) FIPs enabled, disk unencrypted, same OS as tftpboot server

14-3

PXE boot (BIOS) FIPs disabled, disk encrypted, same OS as tftpboot server

14-4

PXE boot (BIOS) FIPs disabled, disk unencrypted, same OS as tftpboot server

14-5

PXE boot (BIOS) FIPs enabled, disk encrypted, clients from tftpboot server of different OS

15

Verify non-standard ISO UEFI boot options

Manually verify the choose your own partitions and minimum installation ISO boot options

Y

Y

15-1

Verify the choose your own partitions option

15-2

Verify the minimum installation option

16

Verify non-standard ISO BIOS boot options

Manually verify the ‘choose your own partitions' and ‘minimum installation’ ISO boot options

Y

Y

16-1

Verify the choose your own partitions option

16-2

Verify the minimum installation option

1

Release Components

Identify components to be released, verify tests pass, push annotated tags, update SIMP release confluence page. https://simp.readthedocs.io/en/latest/contributors_guide/maintenance/Tagging_and_Releasing_Components.html

-

3

-

-

-

-

-

-

1-1

Identify components to release

-

1

-

-

-

-

-

-

1-2

Release components

1-1

2

-

-

-

-

-

-

4

Update simp-core with released components

Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default and ipa acceptance test suites pass.

simp-core

1

3.2

Validate ISO by building packer boxes (UEFI)

Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.

• UEFI boot box FIPS-enabled, encrypted disk

• UEFI boot box FIPS-enabled, unencrypted disk

• UEFI boot box FIPS-disabled, encrypted disk

• UEFI boot box FIPS-disabled, unencrypted disk

9

Verify installation from RPMs in tar file

Run simp-core’s install_from_tar test using the tar file generated from an ISO build.

simp-core

7

-

-

-

-

-

-

-

9.1

Execute test

See https://github.com/simp/simp-core/blob/master/spec/acceptance/suites/README.md for description of environment variables that can be set to point to the tar file.

1

Y

Y

-

-

-

-

10

Create upgrade instructions

Document any steps that are needed outside of the generic upgrade instructions.  Also look for any unusual messages emitted during RPM upgrade.

simp-doc

7

10

Y

Y

-

-

-

-

10.1

Manually execute upgrade with FIPS enabled

4

-

-

-

-

-

-

10.2

Manually execute upgrade with FIPS disabled

1

-

-

-

-

-

-

10.3

Write upgrade instructions

4

-

-

-

-

-

-

10.4

Review instructions

Review the instructions for clarity, grammar, spelling, formatting, etc. Verification will be done in a separate ticket

10.3

1

-

-

-

-

-

-

11

Verify upgrade instructions

Verify upgrade instructions and make any necessary adjustments to them.

simp-doc

10

Y

Y

-

-

-

-

11.1

Execute instructions

2

-

-

-

-

-

-

11.2

Update instructions

1

-

-

-

-

-

-

12

Verify PXE boot UEFI

Manually verify clients can PXE boot (UEFI) from a SIMP-managed tftpboot server. https://simp-project.atlassian.net/browse/SIMP-6925 contains links to tickets with descriptions of what others have done previously to test these capabilities.

• Verify PXE boot (UEFI) FIPS enabled, disk encrypted, same OS as tftpboot server

• Verify PXE boot (UEFI) FIPS enabled, disk unencrypted, same OS as tftpboot server

• Verify PXE boot (UEFI) FIPS disabled, disk encrypted, same OS as tftpboot server

• Verify PXE boot (UEFI) FIPS disabled, disk unencrypted, same OS as tftpboot server

• Verify PXE boot (UEFI) FIPS enabled, disk encrypted, clients from tftpboot server of different OS

7

Y

Y

-

-

-

-

TODO: Automate these tests

13

Verify PXE boot BIOS

Manually verify clients can PXE boot (BIOS) from a SIMP-managed tftpboot server

• Verify PXE boot (BIOS) FIPS enabled, disk encrypted, same OS as tftpboot server

• Verify PXE boot (BIOS) FIPS enabled, disk unencrypted, same OS as tftpboot server

• Verify PXE boot (BIOS) FIPS disabled, disk encrypted, same OS as tftpboot server

• Verify PXE boot (BIOS) FIPS disabled, disk unencrypted, same OS as tftpboot server

• Verify PXE boot (BIOS) FIPS enabled, disk encrypted, clients from tftpboot server of different OS

7

Y

Y

-

-

-

-

ODO: Finish automation of these tests

14

Verify non-standard ISO UEFI boot options

Manually verify the choose your own partitions and minimum installation ISO boot options

7

Y

Y

-

-

-

-

14.1

Verify the choose your own partitions option

-

-

-

-

-

-

14.2

Verify the minimum installation option

-

-

-

-

-

-

4-1

Update files, build ISOs and execute tests

-

2

-15

Verify non-standard ISO BIOS boot options

Manually verify the ‘choose your own partitions' and ‘minimum installation’ ISO boot options

7

Y

Y

-

-

-

-

-

4-2

Review updates

4-1

15.1

Verify the choose your own partitions option

-

-

-

-

-

-

5

Create test ISO, and publish the ISO and its tar file

simp-core

4

2

Y

Y

15.2

Verify the minimum installation option

-

-

-

-

-

-

Build ISO

Use official RPM signing keys when the artifacts are to be published anywhere at simp-project.com.

-

116

Dogfood released modules and assets

Use released modules in development environments that exercise as many of the modules as possible. Install RPMs of released assets on SIMP servers.

6

Y

Y

-

-

-

-

16.1

Deploy modules to development environments

Update Puppetfiles for development environments and deploy the modules.

-

-

-

-

-

-

5-16.2

Publish artifacts

Interim artifacts may be published to unstable folders at simp-project.com or other unofficial shared locations.

5-1

1Install asset RPMs on SIMP server

Install RPMs and watch for any RPM installation error messages.

-

-

-

-

-

-

6

Validate ISO by building packer boxes

Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.

5

Y

16.3

Examine logs for issues

16.1, 16.2

-

-

-

-

-

Build BIOS boot box with FIPS enabled and encrypted disk

-

-

-

-

-

-

-

6-2

Build BIOS boot box with FIPS enabled and unencrypted disk

-17

Execute misc manual tests

Miscellaneous tests that are not addressed (fully) with automation.

6

Y

Y

-

-

-

-

-

-

6-3

Build BIOS boot box with FIPS disabled and encrypted disk

-

-

-

-

-

-

-

6-4

17.1

Verify rsyslog local and forwarded logging in simp-core default suite

simp-core's default suite has an extensive rsyslog integration test for local logging and log forwarding that does not use a mock sender ('logger'). Due to rsyslog itself, the rsyslog forwarding verifications have proven to be unreliable. As a stopgap measure, the tests were modified to skip any rsyslog test that fails in the simp-core default suite, in lieu of failing. Unfortunately, this has the potential to hide actual problems. So this ticket is to verify manually that all the failed checks executed in this test actually work.

1

-

-

-

-

-

-

17.2

Verify compliance report in simp-core default suite

-

-

6-5

Build UEFI boot box with FIPS enabled and encrypted diskExamine the compliance report generated by the simp-core default suite and verify there are no incorrect mappings or unexpected non-compliance. (There will be some non-compliance for overrides that allow the test to run.)

1

-

-

-

-

-

-

-

6-6

Build UEFI boot box with FIPS enabled and unencrypted disk

-18

Verify poss scenario

Manually verify SIMP server and a client operate under the expected security measures when the SIMP server is bootstrapped with the ‘poss’ scenario.

Y

Y

-

-

-

-

-

-

6-7

Build UEFI boot box with FIPS disabled and encrypted diskVerify using a SIMP server and kickstart client with the same OS.

TODO: Automate this test

18.1

Bootstrap a SIMP server and verify all security measures are enforced.

-

-

-

-

-

-

-

6-8

Build UEFI boot box with FIPS disabled and unencrypted disk

-

-

-

-

-

-

-

7

Verify installation from RPMs in tar file

Run simp-core’s install_from_tar test

simp-core

5

-

-

-

-

-

-

-

This test can be omitted if there are no changes to component packaging since the previous candidate. Component behavior is adequately tested by the simp-core default suite with each simp-core check-in.

7-1

Execute test

See https://github.com/simp/simp-core/blob/master/spec/acceptance/suites/README.md for description of environment variables that can be set to point to the tar file

1

Y

Y

-

-

-

-

12

Update Changelog for bug fixes

simp-doc

1

18.2

Kick a client and verify no security measures are enforced

• If the auditd service is running, it has no rules. ('auditctl -l' returns 'No rules’)

• If the firewalld service is running, the default zone is not the 99_simp zone. ('firewall-cmd --get-default-zone' returns 'public')

• haveged service does not exist. ('systemctl status haveged' returns 'Unit haveged.service could not be found.')

• logrotate configuration, /etc/logrotate.conf, does not have 'include /etc/logrotate.simp.d'

• pam configuration, /etc/pam.d/system-auth does not have "This file managed by Puppet"

• SIMP-specific PKI directories, /etc/pki/simp/ and /etc/pki/simp_apps/, do not exist.

• sssd service should not be running and should not be configured. ( 'systemctl status sssd' returns 'Active: inactive (dead) and there is no/etc/sssd/sssd.conf)

• stunnel service does not exist. ( 'systemctl status stunnel' returns 'Unit stunnel.service could not be found.')

• rsyslog service may be running but is not configured for SIMP, i.e.
  /etc/rsyslog.conf does not have '$IncludeConfig /etc/rsyslog.simp.d/*.conf'

• tcpwrappers is not configured on OSs that support tcpwrappers. (If /etc/hosts.allow exists, it is just comments. Same for /etc/hosts.deny )

-

-

-

-

-

-

12-1

Identify bug fixes and update changelog

-

2

-19

Benchmark with SCAP scan

This test is intended to find deficiencies in the enforced DISA STIG security settings for SIMP modules

Y

Y

-

-

-

-

-

12-2

Review changes

12-1

1

-

-

-

-

-

-

1

Release Components

Identify components to be released, verify tests pass, push annotated tags, update SIMP release confluence page. https://simp.readthedocs.io/en/latest/contributors_guide/maintenance/Tagging_and_Releasing_Components.html

-

3

19.1

Execute scan and analyze results

Execute the SCAP scan on a FIPS-enabled, disk-encrypted SIMP server packer box for which compliance has been enforced and then analyze the results for any SIMP deficiencies. Looking for system configuration that is not correctly configured for which the compliance report does not indicate an exception. Check may reveal component behavior or component compliance data that needs to be updated.

-

-

-

-

-

-

19.2

Create tickets for deficiencies

Create tickets for any component deficiencies found.

-

-

-

-

-

-

-

1-1

Identify components to release

-

1

-

-

-

-

-

-

1-2

Release components

1-1

2

-

-

-

-

-

-

4

Update simp-core with released components

Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default and ipa acceptance test suites pass.

simp-core

1

3

-

-

-

-

-

-

4-1

Update files, build ISOs and execute tests

-

1

Release Components

Identify components to be released, verify tests pass, push annotated tags, update SIMP release confluence page. https://simp.readthedocs.io/en/latest/contributors_guide/maintenance/Tagging_and_Releasing_Components.html

-

3

-

-

-

-

-

-

4-2

Review updates

1.1

Identify components to release

-

1

-

-

-

-

-

-

12

Update Changelog for bug fixes

simp-doc

1

3

-

-

-

-

-

-

12-1

Identify bug fixes and update changelog

1.2

Release components

1.1

2

-

-

-

-

-

-

2

Review changes

12-1

1

-

-

-

-

-

-

21

Review user documentation

General review of user documentation. Intent is to make sure the information is current and intelligible. Does not include ‘Changelog’, ‘Contributing to SIMP’, ‘Security Concept of Operations’, ‘Security Control Mapping’, ‘Vulnerability Supplement’ and ‘License’ sections.

simp-doc

Update simp-core with released components

Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default, ipa, and simp_lite acceptance test suites pass.

You must set the SIMP_FULL_MATRIX variable to have all the tests run in a GitLab.

simp-core

1

3

-

-

-

-

-

-

This is required for each major release, nice-to-have for each minor release, and not necessary for each patch release.

Subtasks should correspond to major sections of the documentation, an will need to be updated accordingly when the docs structure changes.

21-1

Review ‘Quick Start’

Review and update as necessary

2.1

Update files and build ISOs for supported OSs

You may need to update package lists for the ISO builds.

-

2

-

-

-

-

-

-

21-3

Review ‘Getting Started’

Review and update as necessary 

2.2

Verify acceptance tests

Verify the default, ipa, and simp_lite acceptance tests pass with new components. No major test revisions should be needed.

2.1

1

-

-

-

-

-

-

21-42.3

Review ‘User Guide’Review and update as necessaryupdates

Make sure to verify versions in Puppetfile.pinned, metdata.json and src/assets/simp/build/simp.spec.

2.2

1

-

-

-

-

-

-

21-5

Review ‘HOWTO’

Review and update as necessary

-

-

-

-

-

-

21-6

Review ‘FAQ’

Review and update as necessary 

3

Create test ISO, and publish the ISO and its tar file

simp-core

2

2

Y

Y

-

-

-

-

-

-

-

-

21-7

Review ‘Help’ and ‘Contact’ sections

3.1

Build ISO

Use official RPM signing keys when the artifacts are to be published anywhere at simp-project.com.

-

1

-

-

-

-

-

-

21-8

Review ‘Glossary of Terms’

3.2

Publish artifacts

Interim artifacts may be published to unstable folders at simp-project.com or other unofficial shared locations.

3.1

1

-

-

-

-

-

-

22

Review security documentation

General review of security-related documentation. Intent is to make sure the information is current and intelligible.

simp-doc

-4

Validate ISO by building packer boxes (BIOS and UEFI)

Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.

3

Y

Y

-

-

-

-

-

This is required for each major release, nice-to-have for each minor release, and not necessary for each patch release.

Subtasks should correspond to major sections of the documentation, an will need to be updated accordingly when the docs structure changes.

22-1

Review ‘Security Concept of Operations’

Review and update as necessary

-

-

-

-

-

-

22-2

Review ‘Security Control Mapping’

Review and update as necessary

-

-

-4.1

Validate ISO by building packer boxes (BIOS)

Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.

• BIOS boot box FIPS-enabled, encrypted disk

• BIOS boot box FIPS-enabled, unencrypted disk

• BIOS boot box FIPS-disabled, encrypted disk

• BIOS boot box FIPS-disabled, unencrypted disk

4.2

Validate ISO by building packer boxes (UEFI)

Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.

• UEFI boot box FIPS-enabled, encrypted disk

• UEFI boot box FIPS-enabled, unencrypted disk

• UEFI boot box FIPS-disabled, encrypted disk

• UEFI boot box FIPS-disabled, unencrypted disk

5

Verify installation from RPMs in tar file

Run simp-core’s install_from_tar test

simp-core

2

-

-

-

-

Review ‘Vulnerability Supplement’

Review and update as necessary

-

-

-

-

-

-

5

Create final ISO, verify with simp-packer, and publish the ISOs and their tar files

This is the final build and spot check via simp-packer.

simp-core

4

Y

YThis test can be omitted if there are no changes to component packaging since the previous candidate. Component behavior is already tested by the simp-core default suite with each simp-core check-in.

5.1

Execute test

See https://github.com/simp/simp-core/blob/master/spec/acceptance/suites/README.md for description of environment variables that can be set to point to the tar file

1

Y

Y

-

-

-

-

6

Update Changelog for bug fixes

simp-doc

2

3

-

-

-

-

-

-

Build ISO

Use official RPM signing keys when the artifacts are to be published anywhere at simp-project.com.

6.1

Identify bug fixes and update changelog

-

12

-

-

-

-

-

-

5-2

Build BIOS boot box with FIPS enabled and encrypted disk

5-1

-

-

-

-

-

-

5-3

Build BIOS boot box with FIPS enabled and unencrypted disk

6.2

Review changes

6.1

1

-

-

-

-

-

-

5-4

Build BIOS boot box with FIPS disabled and encrypted disk

5-1

-

-

-7

Dogfood released modules and assets

Use released modules in development environments that exercise as many of the modules as possible. Install RPMs of released assets on SIMP servers.

2

Y

Y

-

-

-

-

Build BIOS boot box with FIPS disabled and unencrypted disk

5-1

-

-

7.1

Deploy modules to development environments

Update Puppetfiles for development environments and deploy the modules.

-

-

-

-

-

Build UEFI boot box with FIPS enabled and encrypted disk

5-1

-

-

-

-

-

-

5-7

Build UEFI boot box with FIPS enabled and unencrypted disk

7.2

Install asset RPMs on SIMP server

Install RPMs and watch for any RPM installation error messages.

-

-

-

-

-

-

-

5-8

Build UEFI boot box with FIPS disabled and encrypted disk

7.3

Examine logs for issues

-

-

-

-

-

-

-

5-9

Build UEFI boot box with FIPS disabled and unencrypted disk

5-1

-

-

-

-

-

-

5-10

Publish artifacts

Final artifacts that have passed simp-packer validation are published to official release folders at simp-project.com.

5-2, 5-3, 5-4, 5-5, 5-6, 5-7, 5-8, 5-9

1

-

-

-

-

-

-

1

Release Components

Identify components to be released, verify tests pass, push annotated tags, update SIMP release confluence page. https://simp.readthedocs.io/en/latest/contributors_guide/maintenance/Tagging_and_Releasing_Components.html

NOTE: This excludes simp-doc, which is addressed a separate ticket after all documentation updates have been completed.

-

3

-

-

-

-

-

-

1.1

Identify components to release

-

1

-

-

-

-

-

-

1.2

Release components

1.1

2

-

-

-

-

-

-

2

Update simp-core with released components

Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default, ipa, and simp_lite acceptance test suites pass.

You must set the SIMP_FULL_MATRIX variable to have all the tests run in a GitLab.

All components in the Puppetfile.pinned except simp-doc should be referencing a GitHub tag. simp-doc is addressed in another ticket.

simp-core

1

3

-

-

-

-

-

-

1-1

Identify components to release

-

1

-

2.1

Update files and build ISOs for supported OSs

You may need to update package lists for the ISO builds.

-

2

-

-

-

-

-

--

1-2

Release components

1-1

2.2

Verify acceptance tests

Verify the default, ipa, and simp_lite acceptance tests pass with new components. No major test revisions should be needed.

2.1

1

-

-

-

-

-

-

2.3

Review updates

Make sure to verify versions in Puppetfile.pinned, metdata.json and src/assets/simp/build/simp.spec.

2.2

1

-

-

-

-

-

-

23

Update Verify simp/simp-core pre-release tests with release-specific changesUpdate simp-core default, ipa, _core meta module

Verify that the simp/simp_core meta module has appropriate dependencies and its dependencies have all been published to PuppetForge by running the install_from_tar, and simp_lite acceptance test suites for release-specific changes. This includes updating the nodesets and .gitlab-ci.yml for any changes to the supported OSs.

simp-core

-

5

Y

N

N

core_module test suite.

2

-

-

-

-

-

-

-

Ideally, this should be done after the initial changelog has been generated, as the changelog informs the work to be done.

Tests will be executed for the appropriate OSs permutations in the nodeset, but separate tickets per OS should not be created.

2-1

Update tests and nodesets

-

3.1

Execute check for PuppetForge publication

Execute ‘bundle exec rake puppetfile:check’ and examine output to identify any modules that have not been published to PuppetForge

-

-

-

-

-

-

-

3.2

Publish any missing modules to PuppetForge

-

-

-

-

-

2-2

Review updates

2-1

3.3

Update the install_from_core_module test with any release-specific changes

-

-

-

-

-

-

-

3.4

Execute the install_from_core_module test

-

-3

Update simp-packer with release-specific changesUpdate simp-packer for release

-specific changes. Be sure to tag the previous simp-packer version, if the updates will break testing functionality built for the prior SIMP release.simp

-packer

-

3

Y

N

N

-

-4

Dogfood released modules and assets

Use released modules in development environments that exercise as many of the modules as possible. Install RPMs of released assets on SIMP servers.

2

Y

Y

-

-

-

-

Ideally, this should be done after the initial changelog has been generated, as the changelog informs the work to be done.

3-1

Update code and documentation

-

4.1

Deploy modules to development environments

Update Puppetfiles for development environments and deploy the modules.

-

-

-

-

-

-

-

-

-

-

3-2

Review changes

3-1

4.2

Install asset RPMs on SIMP server

Install RPMs and watch for any RPM installation error messages.

-

-

-

-

-

--

4.3

Examine logs for issues

-

-

-

-

-

-

45

Update Changelog for bug fixes

simp-core with released components

Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default and ipa acceptance test suites pass.

simp-core

1

3

Y

Y

Y

doc

2

3

-

-

-

-

-

-

-

-

-

For each release candidate (Alpha, RC1, Final), this has a dependency upon the corresponding ticket to release components.

4-1

5.1

Identify bug fixes and update changelog

-

2

-

-

-

-

-

-

-

-

-

5.2

Review updateschanges

4-5.1

1

-

-

-

-

-

-

-

-

-

5

Create ISOs, and publish the ISOs and tar files

When this is a release candidate, the publication should be to an unstable repo or some other unofficial shared location6

Review ‘Quick Start’ Guide

Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.

simp-coredoc

4

Y

Y

Y

-

-

-

-

-

-

-

Only the child should be replicated for OSs for which we build an ISO

5-1

Build ISO

-

6.1

Review and update

-

-

-

-

-

-

Y

Y

N

N

N

N

5-2

Publish artifacts

Final artifacts are published to simp-project.com. Interim artifacts may be published to unstable folders at simp-project.com

5-1

6.2

Review changes

6.2

-

-

-

-

-

-

7

Review ‘Getting Started’ Guide

Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.

simp-doc

-

-

-

-

-

-

7.1

Review and update

-

-

-

-

-

-

7.2

Review changes

7.2

-

-

-

6

Validate ISO by building packer boxes

Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.

5

Y

Y

Y-

-

-

8

Review ‘User Guide’

Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.

simp-doc

-

-

-

-

-

-6-

8.1

Build BIOS boot box with FIPS enabled and encrypted diskReview and update

-

-

-

-

-

-

Y

Y

N

N

N

N

6-2

Build BIOS boot box with FIPS enabled and unencrypted disk

-

-

-

Y

Y

N

N

N

N

6-3

8.2

Review changes

8.2

-

-

-

-

-

-

8.3

Review Upgrade Instructions

Ensure nothing has changed since the original

9

Review ‘HOWTO’

Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.

simp-doc

-

-

-

-

-

-

Y

Y

N

N

N

N

6-4

Build BIOS boot box with FIPS disabled and unencrypted disk

9.1

Review and update

-

-

-

-

-

-

9.2

Review changes

9.2

-

-

-

Y-Y

-

N-N

10

N

N

6-5

Build UEFI boot box with FIPS enabled and encrypted diskReview ‘FAQ’

Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.

simp-doc

-

-

-

-

-

Y-

Y

N

N

N

N

6-6

Build UEFI boot box with FIPS enabled and unencrypted disk

10.1

Review and update

-

-

-

-

-

-

Y

Y

N

N

N

N

6-7

Build UEFI boot box with FIPS disabled and encrypted disk

10.2

Review changes

10.2

-

-

-

-

-

-

11

Review ‘Help’ and ‘Contact’ sections

Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.

simp-doc

-

-

Y-Y

-

N-N

-

N

N

6-8

11.1

Review and update

-

-

-

-

-

Y

Y

N

N

N

N

7

Verify installation from RPMs in tar file

Run simp-core’s install_from_tar test

simp-core

5

Y

Y

Y-

11.2

Review changes

11.2

-

-

-

-

-

-

12

Review ‘Glossary of Terms’

Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.

simp-doc

-

-

-

-

-

-

12.1

Review and update

-

-

-

-

-

-

Only the child should be replicated for OSs for which there is a nodeset for the install_from_tar test

Depending upon changes made from Alpha to RC1 and from RC1 to Final, we may not have to execute these tests with each interim release.

7-1

Execute test

See https://github.com/simp/simp-core/blob/master/spec/acceptance/suites/README.md for description of environment variables that can be set to point to the tar file

12.2

Review changes

12.2

-

-

-

-

-

-

13

Review ‘Security Concept of Operations’

Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.

simp-doc

-

-

Y-Y

-

N-N

-

N

N

8

Create upgrade instructions

Document any steps that are needed outside of the generic upgrade instructions. 

simp-doc

4

10

Y

N

N

Y

Y

N

N

N

N

First time we deliver an EL8 ISO, we will only have upgrade instructions for EL7

Manual tests for now. Will migrate to simp-integration_test for automated upgrade test.

8-1

Manually execute upgrade with FIPS enabled

13.1

Review and update

-

-

-

-

-

-

13.2

Review changes

13.2

-

-

-

-

-

-

14

Review ‘Security Control Mapping’

Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.

simp-doc

-

-

-

-

-

-

14.1

Review and update

-

-

-

-

-

-8-

14.2

Manually execute upgrade with FIPS disabled

1Review changes

14.2

-

-

-

-

-

-

15

Review ‘Vulnerability Supplement’

Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.

simp-doc

-

-

8-2

Write upgrade instructions-

4-

-

-

15.1

Review and update

-

-

-

-

-

-8-3

15.2

Review instructions

Review the instructions for clarity, grammar, spelling, formatting, etc. Verification will be done in a separate ticket

1

changes

15.2

-

-

-

-

-

--

16

Finalize simp-

-

9

Verify upgrade instructions

Verify upgrade instructions and make any necessary adjustments to them.

simp-doc

8

Y

N

N

Y