- Improved CI + Tags PR
- Controller
- Container Tagging
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
---|
Attendance
- Sebastian Schmittner (EECC)
- Christian Bormann (Robert Bosch GmbH)
- Guido Wischrop
- Cristian Kubis
In Progress
Network connectivity Script
Indy 1.13.2~RC4 Testing
- Christian wants to test the new release candidate → upgrade ubuntu20 test image todayish
Indy VDR Containers
- Christian discovered Indy VDR using home brewn indy node containers for testing.
- https://github.com/hyperledger/indy-vdr/blob/main/ci/indy-pool.dockerfile
- Christian: PR → our containers as base for their testing
Improve CI + Tagging of Container releases
- fixed by Philipp in https://github.com/hyperledger/indy-node-container/pull/121 :tada:
- We could Improve the CI pipelines to not run if not necessary (e.g. not run if only md files are changed)
- Already tried this once → need to put work into required merge job cheks
- Include indy node version
- currently RELEASE-FLAVOUR
- Decision today: update to: NODE_VERSION-FLAVOUR-RELEASE
- e.g. FLAVOUR=ubuntu20
- e.g. FLAVOUR=debian10
- Release less flavours
- Remove when 1.13 is there
- Comment into readme now: deprecated ubuntu16, debian10,...
Indy Node Controller
- Suggestion: Build one controller image with and one without podmanPhilipp Schlarb (esatus AG) <p.schlarb@esatus.com>
Indy Node Controller
- Controller purpose
- Network Restart
- No Ledger Transaction
- Nodes communicate "Action"
- Node Upgrades
- Ledger Transaction
- Network Restart
- Current State
- Controller In seperate Container
- Mounting Docker Socket
- https://github.com/hyperledger/indy-node-container/tree/issuesmain/112controller
- still open
- Seperate meeting: 2022-11-17 10:00 - 11:00 Berline time
- Idea Sebastian: Controller = process on Container Host
- Idea Christian: Kubernetes Operator
- → we should use the container name = host name to reach the controller from the indy node container instead of "localhost"
- @tsurai
Container
- Use smaller base images
- python-slim + pypi indy packages?
- Phillipp: Caution: pypi packages are not identical to deb versions
- differences regarding config files for indy-node (https://github.com/hyperledger/indy-node/blob/ubuntu-20.04-upgrade/build-scripts/ubuntu-2004/prepare-package.sh)
Stale
Issues
- https://github.com/hyperledger/indy-node-container/issues/96
- probably resolved?
- Maintainers.md: https://github.com/hyperledger/indy-node-container/issues/98
Network connectivity test script
Idea: Script to test that IP Tables rules are as they should be
- At least check that node can connect (TCP lvl) to all other nodes
- Bonus: Check that connection from outside is not possible
Still 2do
Load Test Script by Christian Bormann
- on hold
Alerting
- Sebastian Z finished work on slack alerting action.
- Send webhook to Sebastian Schmittner → Forward to Stephen Curranto add to github repo, then MR github action
- Replace scan → github security alerts or do both?
Logging
Stale PR https://github.com/hyperledger/indy-node-container/pull/83
- Discussion today:
- Rather document how to edit the https://github.com/hyperledger/indy-node-container/blob/main/run/etc_indy/indy_config.py then overwriting those variables at container start through init script
- Network Name → same!?
- Definietly keep READE + docker logging explanation
- → sesinsible default for logging in docker compose
- Sebastian Schmittner
Metrics
- Carlos: https://github.com/IDunion/indy-node-monitor
- https://github.com/WadeBarnes/indy-node-monitor/tree/monitoring-stack
- Existing Prometheus + Grafana setup by IFIS
Security
The node keys handling is currently sub optimal (env variable). Should be improved to e.g. file based setup: https://github.com/IDunion/indy-node-container/issues/52
- Cristian already has a nice setup elsewhere and offers to port it
- https://github.com/internet-sicherheit/sovrin-container
- Merge of IFIS repo?
Indy-Test-Automation
- Issue#102: Indy Node system tests depend on the Sovrin package
- Improve our own testing!
Support for non-docker setup
- Helm Charts
- Might geht interesting at some point in the future
- Potential Clients Spherity/MGM
- Might geht interesting at some point in the future
- Podman
Next Meeting
- Container mounting docker socket
- We deliver the orchestrated setup
- Problem: Indy Node calls apt to check for package upgrades before forwarding the upgrade to the controller!
- Process on Container Host
- Quick and Dirty
- Needs Docker rights
- Security Implications!
- Needs Docker rights
- Greatest flexibility
- Needs to survive restarts → e.g. systemd
- Not worth it
- Quick and Dirty
- Kubernetes Operator
- Needs Kubernetes Setup
- Local install (e.g. K3S) not to dificult
- But high maintenance effort
- For production: Tell people to go to a Kubernetes provider!
- Advantage: Runs on e.g. open shift, google, amazon, etc.
- Clean Setup with pure container tech
- Currently: probably to much effort for nobody in ID Union using a Kubernetes based setup
- Biggest problem: No ressources in our group to develop this
- Needs Kubernetes Setup
- Container mounting docker socket
Conclusion
- We keep the current setup of running the Controller.
- We Issue a Change proposal in indy node to refactor all upgrading into the controller
Next Meeting
- Next meeting: 2022-11-11 9:15-10:00 (Berlin time)
...