...

• Sebastian Schmittner (EECC)
• Christian Bormann (Robert Bosch GmbH)
• Guido Wischrop
• Cristian Kubis

In Progress

Network connectivity Script

•  https://github.com/hyperledger/indy-node-container/pull/118

Indy 1.13.2~RC4 Testing

•  Christian wants to test the new release candidate → upgrade ubuntu20 test image todayish

• https://github.com/hyperledger/indy-node-container/pkgs/container/indy-node-container%2Findy_node/48635850?tag=1.2.3-ubuntu20

Indy VDR Containers

• Christian discovered Indy VDR using home brewn indy node containers for testing.
• https://github.com/hyperledger/indy-vdr/blob/main/ci/indy-pool.dockerfile
• Christian: PR → our containers as base for their testing

Improve CI + Tagging of Container releases

• fixed by Philipp in https://github.com/hyperledger/indy-node-container/pull/121 :tada:

• We could Improve the CI pipelines to not run if not necessary (e.g. not run if only md files are changed)
• Already tried this once → need to put work into required merge job cheks
• Include indy node version
  • currently RELEASE-FLAVOUR
  • Decision today: update to: NODE_VERSION-FLAVOUR-RELEASE
    • e.g. FLAVOUR=ubuntu20
    • e.g. FLAVOUR=debian10
• Release less flavours
  • Remove when 1.13 is there
  • Comment into readme now: deprecated ubuntu16, debian10,...

Indy Node Controller

• Philipp Schlarb (esatus AG)  <p.schlarb@esatus.com>

Indy Node Controller

• Controller purpose
  • Network Restart
    • No Ledger Transaction
    • Nodes communicate "Action"
  • Node Upgrades
    • Ledger Transaction
• Current State
  • Controller In seperate Container
  • Mounting Docker Socket 
  Suggestion: Build one controller image with and one without podman
  • https://github.com/hyperledger/indy-node-container/tree/issues/112still openmain/controller
• The principal Controller solution mounting the host docker socket into the controller container might be re-discussed as wellSeperate meeting: 2022-11-17 10:00 - 11:00 Berline time
  
  • Idea Sebastian: Controller = process on Container Host
  • Idea Christian: Kubernetes Operator
• https://github.com/hyperledger/indy-node-container/issues/108#issuecomment-1270047470
  • → we should use the container name = host name to reach the controller from the indy node container instead of "localhost"
  • @tsurai

Container

• Use smaller base images
• python-slim + pypi indy packages?
  • Phillipp: Caution: pypi packages are not identical to deb versions
  • differences regarding config files for indy-node (https://github.com/hyperledger/indy-node/blob/ubuntu-20.04-upgrade/build-scripts/ubuntu-2004/prepare-package.sh)

Stale

Issues

• https://github.com/hyperledger/indy-node-container/issues/96
  • probably resolved?
• Maintainers.md: https://github.com/hyperledger/indy-node-container/issues/98
  • https://github.com/hyperledger/indy-node-container/pull/109

Network connectivity test script

Idea: Script to test that IP Tables rules are as they should be

• At least check that node can connect (TCP lvl) to all other nodes
• Bonus: Check that connection from outside is not possible

Still 2do

Load Test Script by Christian Bormann

• on hold

Alerting

• Sebastian Z finished work on slack alerting action.
• Send webhook to Sebastian Schmittner → Forward to Stephen Curranto add to github repo, then MR github action
• Replace scan → github security alerts or do both?
  • BOTH
  • Sebastian Schmittner

Logging

• Stale PR https://github.com/hyperledger/indy-node-container/pull/83

• Discussion today:
  • Rather document how to edit the https://github.com/hyperledger/indy-node-container/blob/main/run/etc_indy/indy_config.py then overwriting those variables at container start through init script
  • Network Name → same!?
  • Definietly keep READE + docker logging explanation
  • → sesinsible default for logging in docker compose
  • Sebastian Schmittner

Metrics

• Carlos: https://github.com/IDunion/indy-node-monitor
• https://github.com/WadeBarnes/indy-node-monitor/tree/monitoring-stack
• Existing Prometheus + Grafana setup by IFIS

Security

The node keys handling is currently sub optimal (env variable). Should be improved to e.g. file based setup: https://github.com/IDunion/indy-node-container/issues/52

• Cristian already has a nice setup elsewhere and offers to port it
  • https://github.com/internet-sicherheit/sovrin-container
  • Merge of IFIS repo?

Indy-Test-Automation

• Issue#102: Indy Node system tests depend on the Sovrin package
  • Improve our own testing!

Support for non-docker setup

• Helm Charts
  • Might geht interesting at some point in the future Image Removed
    • Potential Clients Spherity/MGM
• Podman
  • https://github.com/IDunion/indy-node-container/issues/48

Next Meeting

• • Container mounting docker socket
    • We deliver the orchestrated setup
    • Problem: Indy Node calls apt to check for package upgrades before forwarding the upgrade to the controller!
  • Process on Container Host
    • Quick and Dirty
      • Needs Docker rights
        • Security Implications!
    • Greatest flexibility
    • Needs to survive restarts → e.g. systemd
    • Not worth it
  • Kubernetes Operator
    • Needs Kubernetes Setup
      • Local install (e.g. K3S) not to dificult
      • But high maintenance effort
      • For production: Tell people to go to a Kubernetes provider!
    • Advantage: Runs on e.g. open shift, google, amazon, etc.
    • Clean Setup with pure container tech
    • Currently: probably to much effort for nobody in ID Union using a Kubernetes based setup
    • Biggest problem: No ressources in our group to develop this

Conclusion

• We keep the current setup of running the Controller.
• We Issue a Change proposal in indy node to refactor all upgrading into the controller

Next Meeting

• Next
• Next meeting: Controller Discussion: 2022-11-04 9:15-10:00 (Berlin time)
• Next regular meeting: 2022-11-11 9:15-10:00 (Berlin time)

...