Table of Contents

Introduction

This page lists three tables with typical tasks that are required for a SIMP release:

...

Copies of these tables should be customized for individual SIMP releases and then used to generate the described release tickets.

Some test tasks from the initial release candidate table may need to be added to subsequent tables, when the bugs fixed could impact the test results.
Some test and documentation tasks may be omitted because the scope of the release is very targeted (e.g., a patch SIMP release).

In a release cycle, it probably makes the most sense to generate the tickets for just a single release candidate at a time, not for all the release candidates to get to the final release. In other words, only generate tickets from one table at a time. This will allow us to fine tune how many release candidates are required and the tests that need to be executed, based on the bugs found with each release candidate.

...

the list of supported OSs changes
manual tests have been automated
new capabilities must be added to the integration regression test list.

Table Conventions

Unless otherwise noted, the following conventions apply to each table:

Stories are indicated with a <number> ID, whereas subtasks to a story are indicated with <parent number>-.<child number> ID.
The Blocker field of a story is used to indicate that this story/subtask requires the listed stories/subtasks to be completed before it can be done.
The Story Points field of a subtask may contain an initial guess at the appropriate story points for that subtask. Adjust as needed!
When Y appears in one of the OS fields of a story (e.g. EL8) , that story will be replicated for the permutation noted.
When Y appears in one of the OS fields of a subtask, that subtask will be replicated for the permutation noted within the story.
N, -, and a blank entry are all treated as ‘do not replicate’ indicators.
The Notes field will not be included in the ticket and is intended for maintainers of these tables.

Initial Release Candidate Tickets

The table below lists the typical tasks that are required for the initial release candidate (e.g., ‘Alpha’). The largest number of bugs are found during the initial release candidate. So, some of the tasks may have to be repeated after bugs are fixed and some of the tasks may be blocked until bugs are fixed. The sprint planning for this release should be flexible, accordingly.

ID	Ticket Summary (< 100 chars)	Description	Component	Blockers	Story Points	EL7	EL8	OEL7	OEL8	RH7	RH8	Notes
1	Release Components	Identify components to be released, verify tests pass, push annotated tags, update SIMP release confluence page. https://simp.readthedocs.io/en/latest/contributors_guide/maintenance/Tagging_and_Releasing_Components.html		-	3	-	-	-	-	-	-
1-.1	Identify components to release			-	1	-	-	-	-	-	-
1-.2	Release components			1-.1	2	-	-	-	-	-	-
102	Create initial SIMP changelog	simp-doc	8	-	-	-	-	-	-	10-1	Create changelog	6	-	-	-	-	-	-	10-2	Review changes	2	-	-	-	-	-	-	2	Update simp-core pre-release tests with release-specific changes	Update simp-core default, ipa, install_from_tar, and simp_lite acceptance test suites for release-specific changes. This includes updating the nodesets and .gitlab-ci.yml for any changes to the supported OSs.	simp-core	-	5Examine changes made to the simp-core project since the previous SIMP release tag (e.g., SIMP-6.5.0-1), as well as changes made to its SIMP dependencies listed in the Puppetfile.pinned. For simp-core changes, examine the following: simp-core changes noted in its git logs src/assets/simp/build/simp.spec `%changelog` changes For changes for an individual SIMP component, examine changes noted both in its git logs and its CHANGELOG file or `%changelog` section of its build/<component>.spec file. The changes to examine are those from the version listed in the Puppetfile.pinned of the last SIMP release.	simp-doc		8	-	-	-	-	-	-	Ideally, this should be done after the initial changelog has been generated, as the changelog informs the work to be done. Tests will be executed for the appropriate OSs permutations in the nodeset, but separate tickets per OS should not be created.	2-1	Update tests and nodesets	-	4	This changelog needs to be done early because it informs what release-specific tests need to be executed and which sections of the documentation may need updates. This is a tedious, time-consuming job! Liz and Jeanne both have utilities to gather the changes. The `deps:changelog` rake task in simp-core should not be used because it does not accurately take into account individual component changes.
2.1	Create changelog				6	-	-	-	-	-	-
2-.2	Review updateschanges			2-.11	2	-	-	-	-	-	-
3	Update simp-packer core pre-release tests with release-specific changes	Update simp-packer core default, ipa, install_from_tar, and simp_lite acceptance test suites for release-specific changes. Be sure to tag the previous simp-packer version, if the updates will break testing functionality built for the prior SIMP release.	simp-packer	-	3This includes updating the nodesets and .gitlab-ci.yml for any changes to the supported OSs.	simp-core	-	5	-	-	-	-	-	-	Ideally, this should be done after the initial changelog has been generated, as the changelog informs the work to be done. 3- Tests will be executed for the appropriate OSs permutations in the nodeset, but separate tickets per OS should not be created.
3.1	Update code tests and documentationnodesets			-	24	-	-	-	-	-	-
3-.2	Review changesupdates			3-1.2	1	-	-	-	-	-	-	11
Identify 4	Update simp-packer with release-specific tests	Based on the initial Changelog for the release, identify integration tests that must be done with a fully configured SIMP server and (if necessary) clients. These should be tests that are not adequately tested in component acceptance tests.	10	5	-	-	-changes	Update simp-packer for release-specific changes. Be sure to tag the previous simp-packer version, if the updates will break testing functionality built for the prior SIMP release.	simp-packer	-	3	-	-	-	11 - 1	Determine release-specific manual tests4	-	-	-	-	-Ideally, this should be done after the initial changelog has been generated, as the changelog informs the work to be done.
4.1	Update code and documentation			-	11- 2	Create tickets for each	1	-	-	-	-	-	-
4	Update simp-core with released components	Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default and ipa acceptance test suites pass.	simp-core	1,2	3 .2	Review changes			4.1	1	-	-	-	-	-	--
5	4-1	Update files, build ISOs and execute tests	-	2	-Identify release-specific tests and documentation updates	Based on the initial Changelog for the release, identify (1) integration tests that must be done with a fully configured SIMP server and (if necessary) clients and (2) simp-doc documentation that may be affected by the changes. The tests should be tests that are not adequately tested in component acceptance tests.		2	7	-	-	-	-	-	4 - 2	Review updates	4-
5.1	1	-	-	-	-	-	-	5	Create test ISO, and publish the ISO and its tar file	simp-core	4	2	Y	YDetermine release-specific manual tests				4
5.2	Determine simp-doc pages that need to be reviewed for accuracy or revised	Identify pages that require an in-depth examination or major revision			2	-	-	-	-	-	-
5.3	Create tickets for each test and simp-doc page review			5.1, 5.2	1	-	-	-	-	-	-	This step may actually have to be done several times before we get to an initial release candidate build that can be published. If additional tickets are warranted, they can be created on the fly.	5-1	Build ISO	Use official RPM signing keys when the artifacts are to be published anywhere at simp-project.com.	-	1	Y	Y	-	-	-	-	5-2	Publish artifacts	Interim artifacts may be published to unstable folders at simp-project.com or other unofficial shared locations.	5-1	1
6	Update simp-core with released components	Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default, ipa, and simp_lite acceptance test suites pass. You must set the SIMP_FULL_MATRIX variable to have all the tests run in a GitLab.	simp-core	1, 3	3	-	-	-	-	-	-
6.1	Update files and build ISOs for supported OSs	You may need to update package lists for the ISO builds.		-	2	-	-	-	-	-	-
6	Validate ISO by building packer boxes	Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.	5	Y	Y	-	-	-	-	6-1	Build BIOS boot box with FIPS enabled and encrypted disk .2	Verify acceptance tests	Verify the default, ipa, and simp_lite acceptance tests pass with new components. No major test revisions should be needed.		6.1	1	-	-	-	-	-	-	-	6-2	Build BIOS boot box with FIPS enabled and unencrypted disk	-	-	-	-Tests should already been updated for major changes in ID 3 in this table.
6.3	Review updates	Make sure to verify versions in Puppetfile.pinned, metdata.json and src/assets/simp/build/simp.spec.		6.2	1	-	-	-	6 - 3	Build BIOS boot box with FIPS disabled and encrypted disk	-	-	-	-	-	-	-	6-4	Build BIOS boot box with FIPS disabled and unencrypted disk	-
-7	Create test ISO, and publish the ISO and its tar file		simp-core	6	2	Y	Y	-	-	-	-	-	6-5	Build UEFI boot box with FIPS enabled and encrypted disk	-	-	-	-	-This step may actually have to be done several times before we get to an initial release candidate build that can be published. If additional tickets are warranted, they can be created on the fly.
7.1	Build ISO	Use official RPM signing keys when the artifacts are to be published anywhere at simp-project.com.		-	1	-	-	6 - 6 Build UEFI boot box with FIPS enabled and unencrypted disk	-	-	-	-	-	-	-	6-7	Build UEFI boot box with FIPS disabled and encrypted disk
- 7.2	Publish artifacts	Interim artifacts may be published to unstable folders at simp-project.com or other unofficial shared locations.		7.1	1	-	-	-	-	-	-
6- 8	Build UEFI boot box with FIPS disabled and unencrypted disk	-	-	-Validate ISO by building packer boxes (BIOS and UEFI)	Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.		7		Y	Y	-	-	-	-	7
Verify installation from RPMs in tar file	Run simp-core’s install_from_tar test	simp-core	5	-	-	-	-8.1	Validate ISO by building packer boxes (BIOS)	Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build. BIOS boot box FIPS-enabled, encrypted disk BIOS boot box FIPS-enabled, unencrypted disk BIOS boot box FIPS-disabled, encrypted disk BIOS boot box FIPS-disabled, unencrypted disk		7		Y	Y	-	-	-	7 - 1	Execute test	See https://github.com/simp/simp-core/blob/master/spec/acceptance/suites/README.md for description of environment variables that can be set to point to the tar file	1	Y	Y	-	-	-	-
8	Create upgrade instructions	Document any steps that are needed outside of the generic upgrade instructions.	simp-doc	4	10	Y	Y8.2	Validate ISO by building packer boxes (UEFI)	Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build. UEFI boot box FIPS-enabled, encrypted disk UEFI boot box FIPS-enabled, unencrypted disk UEFI boot box FIPS-disabled, encrypted disk UEFI boot box FIPS-disabled, unencrypted disk
9	Verify installation from RPMs in tar file	Run simp-core’s install_from_tar test using the tar file generated from an ISO build.	simp-core	7	-	-	-	-	8 - 1	Manually execute upgrade with FIPS enabled	4	-	-	-	-	-	-	8-2	Manually execute upgrade with FIPS disabled	1	-
- 9.1	Execute test	See https://github.com/simp/simp-core/blob/master/spec/acceptance/suites/README.md for description of environment variables that can be set to point to the tar file.			1	Y	Y	-	-	-	- 8-3
10	Write Create upgrade instructions	4	-	-	-Document any steps that are needed outside of the generic upgrade instructions. Also look for any unusual messages emitted during RPM upgrade.	simp-doc	7	10	Y	Y	-	-	-	8 - 4
Review instructions	Review the instructions 10.1	Manually execute upgrade with FIPS enabled				4	-	-	-	-	-	-
10.2	Manually execute upgrade with FIPS disabled				1	-	-	-	-	-	-
10.3	Write upgrade instructions				4	-	-	-	-	-	-
10.4	Review instructions	Review the instructions for clarity, grammar, spelling, formatting, etc. Verification will be done in a separate ticket		10.3	1	-	-	-	-	-	-
911	Verify upgrade instructions	Verify upgrade instructions and make any necessary adjustments to them.	simp-doc	810		Y	Y	-	-	-	-
9-11.1	Execute instructions				2	-	-	-	-	-	-
9-11.2	Update instructions				1	-	-	-	-	-	-
1312	Verify PXE boot UEFI	Manually verify clients can PXE boot (UEFI) from a SIMP-managed tftpboot server	5	Y	Y	-	-	-	-	13-1	. https://simp-project.atlassian.net/browse/SIMP-6925 contains links to tickets with descriptions of what others have done previously to test these capabilities. Verify PXE boot (UEFI) FIPs FIPS enabled, disk encrypted, same OS as tftpboot server	-	-	-	-	-	-	13-2	13-3	Verify PXE boot (UEFI) FIPs FIPS enabled, disk unencrypted, same OS as tftpboot server	-	-	-	-	-	-	Verify PXE boot (UEFI) FIPs	13-4	PXE boot FIPS disabled, disk encrypted, same OS as tftpboot server	-	-	-	-	-	-	13-5	Verify PXE boot (UEFI) FIPs FIPS disabled, disk unencrypted, same OS as tftpboot server	-	-	-	-	-	-	Verify PXE boot (UEFI) FIPs FIPS enabled, disk encrypted, clients from tftpboot server of different OS		-7		Y	Y	-	-	-	-	-	14	TODO: Automate these tests
13	Verify PXE boot BIOS	Manually verify clients can PXE boot (BIOS) from a SIMP-managed tftpboot server	Y	Y	-	-	-	-	14-1	Verify PXE boot (BIOS) FIPs FIPS enabled, disk encrypted, same OS as tftpboot server	-	-	-	-	-	-	14-2	Verify PXE boot (BIOS) FIPs	14-3	PXE boot FIPS enabled, disk unencrypted, same OS as tftpboot server	-	-	-	-	-	-	14-4	Verify PXE boot (BIOS) FIPs FIPS disabled, disk encrypted, same OS as tftpboot server	-	-	-	-	-	-	Verify PXE boot (BIOS) FIPs FIPS disabled, disk unencrypted, same OS as tftpboot server	-	-	-	-	-	-	14-5	Verify PXE boot (BIOS) FIPs FIPS enabled, disk encrypted, clients from tftpboot server of different OS		7		Y	-Y	-	-	-	-	-	15ODO: Finish automation of these tests
14	Verify non-standard ISO UEFI boot options	Manually verify the choose your own partitions and minimum installation ISO boot options		7		Y	Y	-	-	-	-
15-14.1	Verify the choose your own partitions option					-	-	-	-	-	-
15-14.2	Verify the minimum installation option					-	-	-	-	-	-
1615	Verify non-standard ISO BIOS boot options	Manually verify the ‘choose your own partitions' and ‘minimum installation’ ISO boot options		7		Y	Y	-	-	-	-
16-15.1	Verify the choose your own partitions option					-	-	-	-	-	-
16-15.2	Verify the minimum installation option					-	-	-	-	-	-

Interim Release Candidate Tickets

The table below lists the typical tasks that are required for the interim release candidates (e.g., ‘Beta’, ‘RC1’). Fewer and fewer bugs are found with each interim release candidate. Accordingly, any manual integration testing should be targeted to verification of the bug fixes, whereas as many automated integration tests as resources allow should be executed! In other words, examine the manual tests in this table and remove any that are not necessary, before generating the tickets.

5

ID	Ticket Summary (< 100 chars)	Description	Component	Blockers	Story Points	EL7	EL8	OEL7	OEL8	RH7	RH8	Notes

1	Release Components	Identify components to be released, verify tests pass, push annotated tags, update SIMP release confluence page. https://simp.readthedocs.io/en/latest/contributors_guide/maintenance/Tagging_and_Releasing_Components.html	-	316	Dogfood released modules and assets	Use released modules in development environments that exercise as many of the modules as possible. Install RPMs of released assets on SIMP servers.		6		Y	Y	-	-	-	-
16.1	Deploy modules to development environments	Update Puppetfiles for development environments and deploy the modules.				-	-	-	-	-	-
16.2	Install asset RPMs on SIMP server	Install RPMs and watch for any RPM installation error messages.				-	-	-	-	-	-
-	1-1	Identify components to release	-	1 16.3	Examine logs for issues			16.1, 16.2		-	-	-	-	-	-	1-2	Release components	1-1	2	-
-17	Execute misc manual tests	Miscellaneous tests that are not addressed (fully) with automation.		6		Y	Y	-	-	-	-	4
Update 17.1	Verify rsyslog local and forwarded logging in simp-core with released componentsdefault suite	Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default and ipa acceptance test suites pass.	simp-core	1	3's default suite has an extensive rsyslog integration test for local logging and log forwarding that does not use a mock sender ('logger'). Due to rsyslog itself, the rsyslog forwarding verifications have proven to be unreliable. As a stopgap measure, the tests were modified to skip any rsyslog test that fails in the simp-core default suite, in lieu of failing. Unfortunately, this has the potential to hide actual problems. So this ticket is to verify manually that all the failed checks executed in this test actually work.			1	-	-	-	-	-	-	-	4-1	Update files, build ISOs and execute tests	-
2 17.2	Verify compliance report in simp-core default suite	Examine the compliance report generated by the simp-core default suite and verify there are no incorrect mappings or unexpected non-compliance. (There will be some non-compliance for overrides that allow the test to run.)			1	-	-	-	-	-	-	4-2	Review updates	4-1	1
-18	Verify poss scenario	Manually verify SIMP server and a client operate under the expected security measures when the SIMP server is bootstrapped with the ‘poss’ scenario.				Y	Y	-	-	-	-	-	5	Create test ISO, and publish the ISO and its tar file	simp-core	4	2	Y	Y	-	-	-	-	5-1	Build ISO	Use official RPM signing keys when the artifacts are to be published anywhere at simp-project.com.	-	1Verify using a SIMP server and kickstart client with the same OS. TODO: Automate this test
18.1	Bootstrap a SIMP server and verify all security measures are enforced.					-	-	-	-	-	-	-	5-2	Publish artifacts	Interim artifacts may be published to unstable folders at simp-project.com or other unofficial shared locations.	5-1	1	-	-	-	-	-	-	6	Validate ISO by building packer boxes	Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.	5	Y	Y	-	-	-	-
6-1	Build BIOS boot box with FIPS enabled and encrypted disk	-	-	-	-	-	-	-	6-2	Build BIOS boot box with FIPS enabled and unencrypted disk	-	-	-	-	-	-	-	6-3	Build BIOS boot box with FIPS disabled and encrypted disk 18.2	Kick a client and verify no security measures are enforced	If the auditd service is running, it has no rules. ('auditctl -l' returns 'No rules’) If the firewalld service is running, the default zone is not the 99_simp zone. ('firewall-cmd --get-default-zone' returns 'public') haveged service does not exist. ('systemctl status haveged' returns 'Unit haveged.service could not be found.') logrotate configuration, /etc/logrotate.conf, does not have 'include /etc/logrotate.simp.d' pam configuration, /etc/pam.d/system-auth does not have "This file managed by Puppet" SIMP-specific PKI directories, /etc/pki/simp/ and /etc/pki/simp_apps/, do not exist. sssd service should not be running and should not be configured. ( 'systemctl status sssd' returns 'Active: inactive (dead) and there is no/etc/sssd/sssd.conf) stunnel service does not exist. ( 'systemctl status stunnel' returns 'Unit stunnel.service could not be found.') rsyslog service may be running but is not configured for SIMP, i.e. /etc/rsyslog.conf does not have '$IncludeConfig /etc/rsyslog.simp.d/*.conf' tcpwrappers is not configured on OSs that support tcpwrappers. (If /etc/hosts.allow exists, it is just comments. Same for /etc/hosts.deny )				-	-	-	-	-	-	-	-	6-4	Build BIOS boot box with FIPS disabled and unencrypted disk
-19	Benchmark with SCAP scan	This test is intended to find deficiencies in the enforced DISA STIG security settings for SIMP modules				Y	Y	-	-	-	-	-	-	6-5	Build UEFI boot box with FIPS enabled and encrypted disk
- 19.1	Execute scan and analyze results	Execute the SCAP scan on a FIPS-enabled, disk-encrypted SIMP server packer box for which compliance has been enforced and then analyze the results for any SIMP deficiencies. Looking for system configuration that is not correctly configured for which the compliance report does not indicate an exception. Check may reveal component behavior or component compliance data that needs to be updated.				-	-	-	-	-	-
6-6	Build UEFI boot box with FIPS enabled and unencrypted disk	- 19.2	Create tickets for deficiencies	Create tickets for any component deficiencies found.				-	-	-	-	-	-	6-7	Build UEFI boot box with FIPS disabled and encrypted disk	-	-	-	-	-	-	-	6-8	Build UEFI boot box with FIPS disabled and unencrypted disk	-	-	-	-	-	-	-	7	Verify installation from RPMs in tar file	Run simp-core’s install_from_tar test	simp-core

Interim Release Candidate Tickets

The table below lists the typical tasks that are required for the interim release candidates (e.g., ‘Beta’, ‘RC1’). Fewer and fewer bugs are found with each interim release candidate. Any manual integration testing should be targeted to verification of the bug fixes, whereas as many automated integration tests as resources allow should be executed!

Depending upon the bug fixes included in this release candidate, tests identified in the initial release tickets table may need to be re-executed. So, be sure to add those tasks to your copy of this table before generating tickets.

ID	Ticket Summary (< 100 chars)	Description	Component	Blockers	Story Points	EL7	EL8	OEL7	OEL8	RH7	RH8	Notes
1	Release Components	Identify components to be released, verify tests pass, push annotated tags, update SIMP release confluence page. https://simp.readthedocs.io/en/latest/contributors_guide/maintenance/Tagging_and_Releasing_Components.html		-	3	-	-	-	-	-	-
-	This test can be omitted if there are no changes to component packaging since the previous candidate. Component behavior is adequately tested by the simp-core default suite with each simp-core check-in.	7-1	Execute test	See https://github.com/simp/simp-core/blob/master/spec/acceptance/suites/README.md for description of environment variables that can be set to point to the tar file	1	Y	Y	-	-	-	-	12	Update Changelog for bug fixes	simp-doc 1.1	Identify components to release			-	1	-	-	-	-	-	-
1.2	Release components			1.1	2	-	-	-	-	-	-
2	Update simp-core with released components	Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default, ipa, and simp_lite acceptance test suites pass. You must set the SIMP_FULL_MATRIX variable to have all the tests run in a GitLab.	simp-core	1	3	-	-	-	-	-	-
12-2.1	Identify bug fixes and update changelog Update files and build ISOs for supported OSs	You may need to update package lists for the ISO builds.		-	2	-	-	-	-	-	-
12-2	Review changes	12- 2.2	Verify acceptance tests	Verify the default, ipa, and simp_lite acceptance tests pass with new components. No major test revisions should be needed.		2.1	1	-	-	-	-	-	-
13	PXE boot UEFI	Manually verify clients can PXE boot (UEFI) from a SIMP-managed tftpboot server	5	Y	Y 2.3	Review updates	Make sure to verify versions in Puppetfile.pinned, metdata.json and src/assets/simp/build/simp.spec.		2.2	1	-	-	-	-	13-1	PXE boot (UEFI) FIPs enabled, disk encrypted, same OS as tftpboot server	--		-	-	-	-	13-2	PXE boot (UEFI) FIPs enabled, disk unencrypted, same OS as tftpboot server
-3	Create test ISO, and publish the ISO and its tar file		simp-core	2	2	Y	Y	-	-	-	-	-
13- 3	PXE boot (UEFI) FIPs disabled, disk encrypted, same OS as tftpboot server	- .1	Build ISO	Use official RPM signing keys when the artifacts are to be published anywhere at simp-project.com.		-	1	-	-	-	-	-	13-4	PXE boot (UEFI) FIPs disabled, disk unencrypted, same OS as tftpboot server	-
3.2	Publish artifacts	Interim artifacts may be published to unstable folders at simp-project.com or other unofficial shared locations.		3.1	1	-	-	-	-	-	13-5	PXE boot (UEFI) FIPs enabled, disk encrypted, clients from tftpboot server of different OS	-	-	-	-	-	-	14	PXE boot BIOS	Manually verify clients can PXE boot (BIOS) from a SIMP-managed tftpboot server
4	Validate ISO by building packer boxes (BIOS and UEFI)	Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.		3		Y	Y	-	-	-	-14-
4.1	PXE boot (BIOS) FIPs enabled, disk encrypted, same OS as tftpboot server	-	-	-	-	-	-	14-2	PXE boot (BIOS) FIPs enabled, disk unencrypted, same OS as tftpboot server	-	-	-	-	-	-	14-3	PXE boot (BIOS) FIPs disabled, disk encrypted, same OS as tftpboot server	-	Validate ISO by building packer boxes (BIOS)	Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build. BIOS boot box FIPS-enabled, encrypted disk BIOS boot box FIPS-enabled, unencrypted disk BIOS boot box FIPS-disabled, encrypted disk BIOS boot box FIPS-disabled, unencrypted disk
4.2	Validate ISO by building packer boxes (UEFI)	Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build. UEFI boot box FIPS-enabled, encrypted disk UEFI boot box FIPS-enabled, unencrypted disk UEFI boot box FIPS-disabled, encrypted disk UEFI boot box FIPS-disabled, unencrypted disk
5	Verify installation from RPMs in tar file	Run simp-core’s install_from_tar test	simp-core	2	-	-	-	-	-	14-4	PXE boot (BIOS) FIPs disabled, disk unencrypted, same OS as tftpboot server	-	-	-	-	-	-	14-5	PXE boot (BIOS) FIPs enabled, disk encrypted, clients from tftpboot server of different OS	-	--	This test can be omitted if there are no changes to component packaging since the previous candidate. Component behavior is already tested by the simp-core default suite with each simp-core check-in.
5.1	Execute test	See https://github.com/simp/simp-core/blob/master/spec/acceptance/suites/README.md for description of environment variables that can be set to point to the tar file			1	Y	Y	-	-	-	-

Final Release Tickets

The table below lists the typical tasks that are required for the final release. By the time we get to this phase of the release process, there are few, if any bugs found, and very little manual testing is required.

-

ID	Ticket Summary (< 100 chars)	Description	Component	Blockers	Story Points	EL7	EL8	OEL7	OEL8	RH7	RH8	Notes

1	Release Components	Identify components to be released, verify tests pass, push annotated tags, update SIMP release confluence page. https://simp.readthedocs.io/en/latest/contributors_guide/maintenance/Tagging_and_Releasing_Components.html	-	36	Update Changelog for bug fixes		simp-doc	2	3	-	-	-	-	-	-
6.1	Identify bug fixes and update changelog			-	2	-	-	-	-	-	-	1-1
Identify components to release	- 6.2	Review changes			6.1	1	-	-	-	-	-	-	1-2	Release components	1-1	2	-	-
7	Dogfood released modules and assets	Use released modules in development environments that exercise as many of the modules as possible. Install RPMs of released assets on SIMP servers.		2		Y	Y	-	-	-	-
7.1	Deploy modules to development environments	Update Puppetfiles for development environments and deploy the modules.				-	-	-	-	4-	Update simp-core with released components	Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default and ipa acceptance test suites pass.	simp-core	1	3
7.2	Install asset RPMs on SIMP server	Install RPMs and watch for any RPM installation error messages.				-	-	-	-	-	-
-	4-1	Update files, build ISOs and execute tests	-	2 7.3	Examine logs for issues					-	-	-	-	-	-	-	4-2	Review updates	4-1	1	-	-	-	-	-	-	12	Update Changelog for bug fixes	simp-doc	1	3	-	-	-	-	-	-	12-1	Identify bug fixes and update changelog	-	2	-	-	-	-	-	-	12-2	Review changes	12-1	1	-	-	-	-	-	-	21	Review user documentation	General review of user documentation. Intent is to make sure the information is current and intelligible. Does not include ‘Changelog’, ‘Contributing to SIMP’, ‘Security Concept of Operations’, ‘Security Control Mapping’, ‘Vulnerability Supplement’ and ‘License’ sections.	simp-doc

Release Tickets

The table below lists the typical tasks that are required for the final release. By the time we get to this phase of the release process, there are few, if any bugs found, and very little manual testing is required. There are quite a number of documentation review tickets, however. The user documentation tickets are required for each major release, nice-to-have for each minor release, and not necessary for each patch release. They will need to be updated each time the user documentation undergoes structural changes.

As with interim releases, depending upon the bug fixes included in this release candidate, tests identified in the initial release tickets table may need to be re-executed. So, be sure to copy in those tasks into your copy of this table before generating tickets.

ID	Ticket Summary (< 100 chars)	Description	Component	Blockers	Story Points	EL7	EL8	OEL7	OEL8	RH7	RH8	Notes
1	Release Components	Identify components to be released, verify tests pass, push annotated tags, update SIMP release confluence page. https://simp.readthedocs.io/en/latest/contributors_guide/maintenance/Tagging_and_Releasing_Components.html NOTE: This excludes simp-doc, which is addressed a separate ticket after all documentation updates have been completed.		-	3	-	-	-	-	-	This is required for each major release, nice-to-have for each minor release, and not necessary for each patch release. Subtasks should correspond to major sections of the documentation, an will need to be updated accordingly when the docs structure changes.	21-1	Review ‘Quick Start’	Review and update as necessary	-
1.1	Identify components to release			-	1	-	-	-	-	-	-
21-3	Review ‘Getting Started’	Review and update as necessary	- 1.2	Release components			1.1	2	-	-	-	-	-	21 - 4	Review ‘User Guide’	Review and update as necessary	-	-	-	-	-	-	21-5	Review ‘HOWTO’	Review and update as necessary	-	-	-	-	-	-	21-6	Review ‘FAQ’	Review and update as necessary	-
2	Update simp-core with released components	Update simp-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default, ipa, and simp_lite acceptance test suites pass. You must set the SIMP_FULL_MATRIX variable to have all the tests run in a GitLab. All components in the Puppetfile.pinned except simp-doc should be referencing a GitHub tag. simp-doc is addressed in another ticket.	simp-core	1	3	-	-	-	-	-	-
2.1	Update files and build ISOs for supported OSs	You may need to update package lists for the ISO builds.		-	2	-	-	-	-	-	21-7	Review ‘Help’ and ‘Contact’ sections	Review and update as necessary-
2.2	Verify acceptance tests	Verify the default, ipa, and simp_lite acceptance tests pass with new components. No major test revisions should be needed.		2.1	1	-	-	-	-	-	-
21-82.3	Review ‘Glossary of Terms’	Review and update as necessary	-	-	-updates	Make sure to verify versions in Puppetfile.pinned, metdata.json and src/assets/simp/build/simp.spec.		2.2	1	-	-	-	22	Review security documentation	General review of security-related documentation. Intent is to make sure the information is current and intelligible.	simp-doc	-	-	-	-	-	-	This is required for each major release, nice-to-have for each minor release, and not necessary for each patch release. Subtasks should correspond to major sections of the documentation, an will need to be updated accordingly when the docs structure changes.
22-1	Review ‘Security Concept of Operations’	Review and update as necessary	3	Verify simp/simp_core meta module	Verify that the simp/simp_core meta module has appropriate dependencies and its dependencies have all been published to PuppetForge by running the install_from_core_module test suite.		2		-	-	-	-	-	-	22-2	Review ‘Security Control Mapping’
Review and update as necessary 3.1	Execute check for PuppetForge publication	Execute ‘bundle exec rake puppetfile:check’ and examine output to identify any modules that have not been published to PuppetForge				-	-	-	-	-	-
22-3	Review ‘Vulnerability Supplement’	Review and update as necessary .2	Publish any missing modules to PuppetForge					-	-	-	-	-	-	5	Create final ISO, verify with simp-packer, and publish the ISOs and their tar files	This is the final build and spot check via simp-packer.	simp-core
4	Y	Y 3.3	Update the install_from_core_module test with any release-specific changes					-	-	-	-	-	-
3.4	Execute the install_from_core_module test					-	-	-	-	-	5 - 1	Build ISO	Use official RPM signing keys when the artifacts are to be published anywhere at simp-project.com.	-	1	-
4	Dogfood released modules and assets	Use released modules in development environments that exercise as many of the modules as possible. Install RPMs of released assets on SIMP servers.		2		Y	Y	-	-	-	-
-	5-2	Build BIOS boot box with FIPS enabled and encrypted disk	5-1 4.1	Deploy modules to development environments	Update Puppetfiles for development environments and deploy the modules.				-	-	-	-	-	-	-	5-3	Build BIOS boot box with FIPS enabled and unencrypted disk
5-1 4.2	Install asset RPMs on SIMP server	Install RPMs and watch for any RPM installation error messages.				-	-	-	-	-	-
5-4	Build BIOS boot box with FIPS disabled and encrypted disk	5-1 .3	Examine logs for issues					-	-	-	-	-	-
5	Update Changelog for bug fixes		simp-doc	5-5	Build BIOS boot box with FIPS disabled and unencrypted disk	5-12	3	-	-	-	-	-	-
5-6	Build UEFI boot box with FIPS enabled and encrypted disk	5-1 .1	Identify bug fixes and update changelog			-	2	-	-	-	-	-	-
5-7	Build UEFI boot box with FIPS enabled and unencrypted disk	5-1	- .2	Review changes			5.1	1	-	-	-	-	-	5-9	Build UEFI boot box with FIPS disabled and unencrypted disk	5 - 8	Build UEFI boot box with FIPS disabled and encrypted disk	5-1	-	-	-	-	-	-	5-1
6	Review ‘Quick Start’ Guide	Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.	simp-doc			-	-	-	-	-	-
6.1	Review and update					-	-	5 - 10	Publish artifacts	Final artifacts that have passed simp-packer validation are published to official release folders at simp-project.com.	5-2, 5-3, 5-4, 5-5, 5-6, 5-7, 5-8, 5-9	1-	-	-
6.2	Review changes			6.2		-	-	-	-	-	-
7	Review ‘Getting Started’ Guide	Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.	simp-doc			-	-	-	-	-	-
7.1	Review and update					-	-	-	-	-	-

Combined Table

The table below lists the standard tasks that must be done with each release.

The table assumes 3 candidate releases of SIMP (Alpha, RC1 and Final ), but should be adjusted based on the complexity of the release and bugs found during testing.
- Only 2 candidate releases may be required for a SIMP patch release.
- More than 3 candidate releases may be required for a SIMP major release.
- Not all the tests may need to be repeated if the changes made don’t impact the test. For example, bug fixes to simp-extras modules won’t necessarily require full regression tests to be executed, when these modules are not exercised in the regression tests.
Stories or subtasks will be replicated based their release candidate and OS fields.
- When Y appears in one of the release candidate or OS fields of a story, that story will be replicated for the permutation noted.
  - When just release candidate permutations or just OS permutations are noted, that story will be replicated for individual release candidates/OSs selected.
  - When both release candidate and OS permutations are listed, the story will be replicated for each OS for each release candidate.
- When Y appears in one of the release candidate or OS fields of a subtask, that subtask will be replicated for the permutation noted within the story.
- N, -, and a blank entry are all treated as ‘do not replicate’ indicators.

ID

Run the install_from_rpm test. See https://github.com/simp/simp-core/blob/master/spec/acceptance/suites/README.md . If a nodeset for the OS under test does not exist, create it.

Ticket Summary (< 100 chars)	Description	Component	Blockers	Story Points	Alpha (Y/N)	RC1 (Y/N)	Final (Y/N)	EL7 (Y/N)	EL8 (Y/N)	OEL7 (Y/N)	OEL8 (Y/N)	RH7 (Y/N)	RH8 (Y/N)	Notes	1	~~Release Components~~	~~Identify components to be released, verify tests pass, push annotated tags, update SIMP release confluence page.~~ ~~https://simp.readthedocs.io/en/latest/contributors_guide/maintenance/Tagging_and_Releasing_Components.html~~	-	3	Y	Y	Y
7.2	Review changes			7.2		-	-	-	-	-	-
8	Review ‘User Guide’	Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.	simp-doc			-	-	-	-	-	-
8.1	Review and update					-	-	-	-	-	-
8.2	Review changes			8.2		-	-	-	-	-	-
8.3	Review Upgrade Instructions	Ensure nothing has changed since the original
9	Review ‘HOWTO’	Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.	simp-doc			-	-	-	-	-	-
9.1	Review and update					-	-	-	-	-	-
9.2	Review changes			9.2		-	-	-	-	-	-
10	Review ‘FAQ’	Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.	simp-doc			-	-	-	-	-	-
~~1-1~~	~~Identify components to release~~	-	1 10.1	Review and update					-	-	-	-	-	-	-	-	-
1- 10.2	~~Release components~~	~~1-1~~	Review changes			10.2		-	-	-	-	-	-	-	-	-	2	~~Update simp-core pre-release tests with release-specific changes~~	Update simp-core default, ipa, install_from_tar, and simp_lite acceptance test suites for release-specific changes. This includes updating the nodesets and .gitlab-ci.yml for any changes to the supported OSs.	~~simp-core~~	-	5	Y
N	N	11	Review ‘Help’ and ‘Contact’ sections	Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.	simp-doc			-	-	-	-	-	-
11.1	Review and update					-	-	-	-	-	-	~~Ideally, this should be done after the initial changelog has been generated, as the changelog informs the work to be done.~~ ~~Tests will be executed for the appropriate OSs permutations in the nodeset, but separate tickets per OS should not be created.~~
~~2-1~~	~~Update tests and nodesets~~	-	4	-	-	-	- 11.2	Review changes			11.2		-	-	-	-	-	-
12	Review ‘Glossary of Terms’	Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.	simp-doc			-	-	-	-	-	2-2	~~Review updates~~	2-
12.1	1Review and update					-	-	-	-	-	-
12.2	Review changes			12.2		-	-	-	3-	Update simp-packer with release-specific changesUpdate simp-packer for release-specific changes. Be sure to tag the previous simp-packer version, if the updates will break testing functionality built for the prior SIMP release	-
13	Review ‘Security Concept of Operations’	Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.	simp-packerdoc			-	3-	Y-	N-N	-	--
13.1	Review and update					-	-	-	-	~~Ideally, this should be done after the initial changelog has been generated, as the changelog informs the work to be done.~~	3-1~~Update code and documentation~~	-
13.2	-	-Review changes			13.2		-	-	-	-	-	-	-	~~3-2~~	~~Review changes~~	~~3-1~~
114	Review ‘Security Control Mapping’	Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.	simp-doc			-	-	-	-	-	-
-	- 14.1	Review and update					-	4-	Update simp-core with released componentsUpdate simp	-core files (Puppetfile.pinned, metadata.json, src/assets/simp/build/simp.spec) and verify ISOs can be built and the default and ipa acceptance test suites pass.	simp-core	1-	3	Y	Y
Y 14.2	Review changes			14.2		-	-	-	-	-	-	~~For each release candidate (Alpha, RC1, Final), this has a dependency upon the corresponding ticket to release components.~~
~~4-1~~	~~Update files, build ISOs and execute tests~~	-	215	Review ‘Vulnerability Supplement’	Review and update as necessary. This is a general review to make sure the information is accurate and intelligible.	simp-doc			-	-	-	-	-	-
15.1	Review and update					-	-	-	-	-	4-
15.2	Review updateschanges			15.2		4-11	-	-	-	-	--
16	Finalize simp-doc	-	-
5	~~Create ISOs, and publish the ISOs and tar files~~	When this is a release candidate, the publication should be to an unstable repo or some other unofficial shared location 16.1	Remove any reference to release candidates
16.2	Release			16.2
17	Update simp-core with released simp-doc and verify versions	Update simp-core Puppetfile.pinned All components in the Puppetfile.pinned should be referencing a GitHub tag.	simp-core	41	Y3	Y	Y-	-	-	-	-	-	-	~~Only the child should be replicated for OSs for which we build an ISO~~
~~5-1~~	~~Build ISO~~	-	1 17.1	Update files and build ISOs			-	2	-	-	-	-	-	Y-	Y	N	N	N	N	~~5-2~~	~~Publish artifacts~~	~~Final artifacts are published to~~ ~~simp-project.com. Interim artifacts may be published to unstable folders at simp-project.com~~
5- 17.2	Verify versions	Make sure there are no version discrepancies in the Puppetfile.pinned, metadata.json and src/assets/simp/build/simp.spec files.		17.1	1	-	-	-	-	-	-	-	-	-	6	~~Validate ISO by building packer boxes~~	~~Use simp-packer to build SIMP server packer boxes. Basic bootstrap validation is done as part of the packer build.~~	5	Y	Y	Y	-	TODO: Automate this task
18	Create final ISO, verify with simp-packer, and publish the ISOs and their tar files	This is the final build and spot check via simp-packer.	simp-core	17		Y	Y	-	-	-	-
18.1	Build ISO	Use official RPM signing keys when the artifacts are to be published anywhere at simp-project.com.		-	1	-	-	-	-	-	6-1
18.2	Build BIOS boot box with FIPS enabled and encrypted disk			18.1		-	-	-	-	Y-Y	-	N	N	N	N	~~6-2~~
18.3	Build BIOS boot box with FIPS enabled and unencrypted disk			18.1		-	-	-	Y-Y	-	N	N	N	N	~~6-3~~	-
18.4	Build BIOS boot box with FIPS disabled and encrypted disk			18.1		-	-	-	Y-Y	-	N	N	N	N	~~6-4~~-
18.5	Build BIOS boot box with FIPS disabled and unencrypted disk			18.1		-	-	-	Y-Y	-	N	N	N	N	~~6-5~~-
18.6	Build UEFI boot box with FIPS enabled and encrypted disk			18.1		-	-	-	-	Y-Y	-	N	N	N	N	~~6-6~~
18.7	Build UEFI boot box with FIPS enabled and unencrypted disk			-18.1		-	-	Y-Y	-	N-	N	N	N	~~6-7~~-
18.8	Build UEFI boot box with FIPS disabled and encrypted disk			18.1		-	-	-	Y-Y	-	N-	N	N	N	~~6-8~~
18.9	Build UEFI boot box with FIPS disabled and unencrypted disk	-	-	-	Y	Y	N	N	N	N	7	~~Verify installation from RPMs in tar file~~	~~Run simp-core’s install_from_tar test~~	~~simp-core~~	5	Y	Y	Y	-	-	-	-	-	-	~~Only the child should be replicated for OSs for which there is a nodeset for the install_from_tar test~~ ~~Depending upon changes made from Alpha to RC1 and from RC1 to Final, we may not have to execute these tests with each interim release.~~	~~7-1~~	~~Execute test~~	~~See~~ https://github.com/simp/simp-core/blob/master/spec/acceptance/suites/README.md ~~for description of environment variables that can be set to point to the tar file~~	-	-	-	Y	Y	N	N	N	N
8	~~Create upgrade instructions~~	~~Document any steps that are needed outside of the generic upgrade instructions.~~	~~simp-doc~~	4	10	Y	N	N	Y	Y	N	N	N	N	~~First time we deliver an EL8 ISO, we will only have upgrade instructions for EL7~~ ~~Manual tests for now. Will migrate to~~ ~~simp-integration_test~~ ~~for automated upgrade test.~~
~~8-1~~	~~Manually execute upgrade with FIPS enabled~~	4	-	-	-	-	-	-	-	-	-	~~8-2~~	~~Manually execute upgrade with FIPS disabled~~	1	-	-	-	-	-	-	-	-	-	~~8-2~~	~~Write upgrade instructions~~	4	-	-	-	-	-	-	-	-	-	~~8-3~~	~~Review instructions~~	~~Review the instructions for clarity, grammar, spelling, formatting, etc. Verification will be done in a separate ticket~~	1	-	-	-	-	-	-	-	-	-	9	~~Verify upgrade instructions~~	~~Verify upgrade instructions and make any necessary adjustments to them.~~	~~simp-doc~~	8	Y	N	N	Y	Y	N	N	N	N	~~9-1~~	~~Execute instructions~~	2	-	-	-	-	-	-	-	-	-	~~9-2~~	~~Update instructions~~	1	-	-	-	-	-	-	-	-	-	10	~~Create initial SIMP changelog~~	~~simp-doc~~	8	Y	N	N	-	-	-	-	-	-	~~10-1~~	~~Create changelog~~	6	-	-	-	-	-	-	-	-	-	~~10-2~~	~~Review changes~~	2	-	-	-	-	-	-	-	-	-	11	~~Identify release-specific tests~~	Based on the initial Changelog for the release, identify integration tests that must be done with a fully configured SIMP server and (if necessary) clients. These should be tests that are not adequately tested in component acceptance tests.	10	5	Y	N	N	-	-	-	-	-	-	~~11-1~~	~~Determine release-specific manual tests~~	4	Y	N	N	-	-	-	-	-	-	~~11-2~~	~~Create tickets for each~~	1	-	-	-	-	-	-	-	-	-	12	~~Update Changelog for bug fixes~~	~~simp-doc~~	3	N	Y	Y	-	-	-	-	-	-	~~12-1~~	~~Identify bug fixes and update changelog~~	2	-	-	-	-	-	-	-	-	-	~~12-2~~	~~Review changes~~	1	-	-	-	-	-	-	-	-	-	13	PXE boot UEFI	Manually verify clients can PXE boot (UEFI) from a SIMP-managed tftpboot server	Y	Y	Y	Y	Y	N	N	N	N	PXE boot UEFI testing is complicated because it cannot be done with VirtualBox. It has to be done with libvirt or real hardware. This needs to be documented in simp-doc (there is a ticket for this!) These are split into numerous subtasks because they are not yet automated.	13-1	PXE boot (UEFI) FIPs enabled, disk encrypted, same OS as tftpboot server	-	-	-	-	-	-	-	-	-	13-2	PXE boot (UEFI) FIPs enabled, disk unencrypted, same OS as tftpboot server	-	-	-	-	-	-	-	-	-	13-3	PXE boot (UEFI) FIPs disabled, disk encrypted, same OS as tftpboot server	-	-	-	-	-	-	-	-	-	13-4	PXE boot (UEFI) FIPs disabled, disk unencrypted, same OS as tftpboot server	-	-	-	-	-	-	-	-	-	13-5	PXE boot (UEFI) FIPs enabled, disk encrypted, clients from tftpboot server of different OS	-	-	-	-	-	-	-	-	-	14	PXE boot BIOS	Manually verify clients can PXE boot (BIOS) from a SIMP-managed tftpboot server	Y	Y	Y	Y	Y	N	N	N	N	These are split into numerous subtasks because they are not yet automated.	14-1	PXE boot (BIOS) FIPs enabled, disk encrypted, same OS as tftpboot server	-	-	-	-	-	-	-	-	-	14-2	PXE boot (BIOS) FIPs enabled, disk unencrypted, same OS as tftpboot server	-	-	-	-	-	-	-	-	-	14-3	PXE boot (BIOS) FIPs disabled, disk encrypted, same OS as tftpboot server	-	-	-	-	-	-	-	-	-	14-4	PXE boot (BIOS) FIPs disabled, disk unencrypted, same OS as tftpboot server	-	-	-	-	-	-	-	-	-	14-5	PXE boot (BIOS) FIPs enabled, disk encrypted, clients from tftpboot server of different OS	-	-	-	-	-	-	-	-	-	15	Verify non-standard ISO UEFI boot options	Manually verify the choose your own partitions and minimum installation ISO boot options	Y	Y	Y	Y	Y	N	N	N	N	15-1	Verify the choose your own partitions option	-	-	-	-	-	-	-	-	-	15-2	Verify the minimum installation option	-	-	-	-	-	-	-	-	-	16	Verify non-standard ISO BIOS boot options	Manually verify the ‘choose your own partitions' and ‘minimum installation’ ISO boot options	Y	Y	Y	Y	Y	N	N	N	N	16-1	Verify the choose your own partitions option	-	-	-	-	-	-	-	-	-	16-2	Verify the minimum installation option	-	-	-	-	-	-	-	-	-	17	Dogfood released modules and RPMs	Use released modules in development environments that exercise as many of the modules as possible	Y	Y	Y	-	-	-	-	-	-	17-1	Deploy modules and RPMs to development environments	Deploy modules to as many OS variants as possible	-	-	-	-	-	-	-	-	-	17-2	Examine logs for issues	-	-	-	-	-	-	-	-	-	18	Verify simp/simp_core meta module	Verify that the simp/simp_core meta module has appropriate dependencies and its dependencies have all been published to PuppetForge by running the install_from_core_module test suite.	N	N	Y	-	-	-	-	-	-	18-1	Update the install_from_core_module test with any release-specific changes	-	-	-	-	-	-	-	-	-	18-2	Execute check for PuppetForge publication	Execute ‘bundle exec rake puppetfile:check’ and examine output to identify any modules that have not been published to PuppetForge	18-3	Publish any missing modules to PuppetForge	18-2	18-4	Execute the install_from_core_module test	18-3	19	Announce release	N	N	Y	20	Post-release: Verify RPM publication	Verify RPMs have been uploaded to simp-project.com. This includes Puppet module RPMs, SIMP application RPMs, and any other auxiliary, application RPMs.	N	N	Y	-	-	-	-	-	-	20-1	Verify Puppet module RPMs have been published	Execute ‘bundle exec rake puppetfile:check’ and examine output to identify any modules that have not been published to simp-project.com.	-	-	-	-	-	-	-	-	-	20-2	Verify other RPMs have been published	-	-	-	Y	Y	Y	Y	N	N	The simp-project.com repos have different structures for EL and OEL, so replicating this test for each OS is helpful.	20-3	Publish any missing RPMs	21	~~Review user documentation~~	General review of user documentation. Intent is to make sure the information is current and intelligible. Does not include ‘Changelog’, ‘Contributing to SIMP’, ‘Security Concept of Operations’, ‘Security Control Mapping’, ‘Vulnerability Supplement’ and ‘License’ sections.	~~This is required for each major release, nice-to-have for each minor release, and not necessary for each patch release.~~ ~~Subtasks should correspond to major sections of the documentation, an will need to be updated accordingly when the docs structure changes.~~	~~21-1~~	~~Review ‘Quick Start’~~	~~Review and update as necessary~~	~~21-3~~	~~Review ‘Getting Started’~~	~~Review and update as necessary~~	~~21-4~~	~~Review ‘User Guide’~~	~~Review and update as necessary~~	~~21-5~~	~~Review ‘HOWTO’~~	~~Review and update as necessary~~	~~21-6~~	~~Review ‘FAQ’~~	~~Review and update as necessary~~	~~21-7~~	~~Review ‘Help’ and ‘Contact’ sections~~	~~Review and update as necessary~~	~~21-8~~	~~Review ‘Glossary of Terms’~~	~~Review and update as necessary~~	22	~~Review security documentation~~	~~General review of security-related documentation. Intent is to make sure the information is current and intelligible.~~	~~This is required for each major release, nice-to-have for each minor release, and not necessary for each patch release.~~ ~~Subtasks should correspond to major sections of the documentation, an will need to be updated accordingly when the docs structure changes.~~	~~22-1~~	~~Review ‘Security Concept of Operations’~~	~~Review and update as necessary~~	~~22-2~~	~~Review ‘Security Control Mapping’~~	~~Review and update as necessary~~	~~22-3~~	~~Review ‘Vulnerability Supplement’~~	~~Review and update as necessary~~	23	Execute manual tests	Miscellaneous tests that are not addressed (fully) with automation.	23-1	Verify rsyslog local and forwarded logging in simp-core default suite	simp-core's default suite has an extensive rsyslog integration test for local logging and log forwarding. In lieu of testing with mock log events via `logger` (as is done in pupmod-simp-rsyslog and pupmod-simp-simp_rsyslog), this test stimulates events that generate log messages from actual applications (e.g., puppetserver error logs). Unfortunately, due to rsyslog itself, the rsyslog forwarding verifications have proven to be unreliable. As a stopgap measure, the tests were modified to skip any rsyslog test that fails in the simp-core default suite, in lieu of failing. Unfortunately, this has the potential to hide actual problems. So this ticket is to verify that all the checks executed in this test actually work.	23-2	Verify compliance report in simp-core default suite	Examine the compliance report generated by the simp-core default suite and verify there are no incorrect mappings or unexpected non-compliance. (There will be some non-compliance for overrides that allow the test to run.)	24	Verify poss scenario	Manually verify SIMP server and a client operate under the expected security measures when the SIMP server is bootstrapped with the ‘poss’ scenario.	Y	Y	-	-	-	-	Verify using a SIMP server and kickstart client with the same OS.	24-1	Bootstrap a SIMP server and verify all security measures are enforced.	24-2	Kick a client and verify no security measures are enforced	If the auditd service is running, it has no rules no rules. 'auditctl -l' returned 'No rules' If the firewalld service is running, the default zone is not the 99_simp zone 'firewall-cmd --get-default-zone' returns 'public' haveged service does not exist 'systemctl status haveged' returned 'Unit haveged.service could not be found.' logrotate configuration, /etc/logrotate.conf, does not have 'include /etc/logrotate.simp.d' pam configuration, /etc/pam.d/system-auth does not have "This file managed by Puppet" SIMP-specific PKI directories, /etc/pki/simp/ and /etc/pki/simp_apps/, do not exist. sssd service should not be running and should not be configured 'systemctl status sssd' returned 'Active: inactive (dead) No /etc/sssd/sssd.conf stunnel service does not exist 'systemctl status stunnel' returned 'Unit stunnel.service could not be found.' rsyslog service is running but is not configured for SIMP, i.e. /etc/rsyslog.conf does not have '$IncludeConfig /etc/rsyslog.simp.d/.conf' tcpwrappers is not configured on OSs that support tcpwrappers * If /etc/hosts.allow exists, it is just comments ** If /etc/hosts.deny exists, it is just comments disk	18.1	-	-	-	-	-	-
18.10	Publish artifacts	Final artifacts that have passed simp-packer validation are published to official release folders at simp-project.com.		18.2, 18.3, 18.4, 18.5, 18.6, 18.7, 18.8, 18.9	1	-	-	-	-	-	-
19	Announce release			5		-	-	-	-	-	-
19.1	Announce on mailing lists					-	-	-	-	-	-
20	Post-release: Verify RPM publication	Verify RPMs have been uploaded to simp-project.com. This includes Puppet module RPMs, SIMP application RPMs, and any other auxiliary, application RPMs.				-	-	-	-	-	-
20.1	Verify Puppet module RPMs have been published	Execute ‘bundle exec rake puppetfile:check’ and examine output to identify any modules that have not been published to simp-project.com.				-	-	-	-	-	-
20.2	Verify other RPMs have been published	Run the install_from_rpm test. See https://github.com/simp/simp-core/blob/master/spec/acceptance/suites/README.md . If a nodeset for the OS under test does not exist, create it.				Y	Y	-	-	-	-
20.3	Publish any missing RPMs					-	-	-	-	-	-

Version	Old Version 47	New Version Current
Changes made by	Liz Nemsick	Judith Johnson
Saved on	Dec 18, 2020	Feb 09, 2021

Versions Compared

Key

Introduction

Table Conventions

Initial Release Candidate Tickets

Interim Release Candidate Tickets

Interim Release Candidate Tickets

Final Release Tickets

Release Tickets

Combined Table

Content Comparison

Versions Compared

Key

Introduction

Table Conventions

Initial Release Candidate Tickets

Interim Release Candidate Tickets

Interim Release Candidate Tickets

Final Release Tickets

Release Tickets

Combined Table