• Controller issues fixed, new release
• SBOM
• Logging

Attendance

• Sebastian Schmittner (EECC)
• Christian Bormann (Robert Bosch GmbH)
• Franz, Marquart (FT RPD SSP) Marquart Franz (Siemens)
• Philipp Schlarb (esatus AG)  <p.schlarb@esatus.com>
• Guido Wischrop(mgm tp)
• Christian Fries (EECC)
• Cristian Kubis (IFIS)

In Progress

Indy Node Controller

• We do currently not support upgrade scripts
  • https://github.com/hyperledger/indy-node/tree/main/data/migrations
• https://github.com/hyperledger/indy-node-container/pull/97
  • fixed + released

IP Tables script:

• https://github.com/hyperledger/indy-node-container/blob/main/run/set_iptables.sh
• Add to README: flush Chain (default docker) before running the script
• Check that DROP rule is automatically moved to correct position
  • https://github.com/hyperledger/indy-node-container/issues/102
• Note: There will be an update for the IP Table rule (conn limit per IP for port 9702) in early September

External Issue

• https://github.com/hyperledger/indy-node-container/issues/96
• Sebastian Schmittner:eyes:

Network connectivity test script

Idea: Script to test that IP Tables rules are as they should be

• At least check that node can connect (TCP lvl) to all other nodes
• Bonus: Check that connection from outside is not possible

Load Test Script by Christian Bormann

• Rust Programm 
• Containerized :check:
• Add to container shipping repo
  • Consensus Vote...: YES! For Now.
• Philipp: Test Automation Repo
  • TBD: Conrtib Christians Code into our or the test repo?
• WIP Christian Bormann
  
  • MR when he feels its ready  

Meeting time slot

• One more Thursday meeting (US frindly time) 
• Advertise in Contributors meeting
• change back to Friday morning (Berlin time) if there is no US participation

Alerting

• Sebastian Z finished work on slack alerting action.
• Send webhook to Sebastian Schmittner → Forward to Stephen Curranto add to github repo, then MR github action
• Replace scan → github security alerts or do both?
  • BOTH
  • Sebastian Schmittner

SBOM

Marquart:

• Marquart triggering Siemens processes to check whether Indy nod (Container) can be run in productive setting for a Siemens scale company → OSS Clearing

• https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
• Do we have a SBOM?
  • No!
• Can this be generated...?
• probably... yes!
  • https://docs.docker.com/engine/sbom/
  • 

Logging

• Stale PR https://github.com/hyperledger/indy-node-container/pull/83

• Discussion today:
  • Rather document how to edit the https://github.com/hyperledger/indy-node-container/blob/main/run/etc_indy/indy_config.py then overwriting those variables at container start through init script
  • Network Name → same!?
  • Definietly keep READE + docker logging explanation
  • → sesinsible default for logging in docker compose
  • Sebastian Schmittner

Stale

Metrics

• Carlos: https://github.com/IDunion/indy-node-monitor
• https://github.com/WadeBarnes/indy-node-monitor/tree/monitoring-stack
• Existing Prometheus + Grafana setup by IFIS

Security

The node keys handling is currently sub optimal (env variable). Should be improved to e.g. file based setup: https://github.com/IDunion/indy-node-container/issues/52

• Cristian already has a nice setup elsewhere and offers to port it
  • https://github.com/internet-sicherheit/sovrin-container
  • Merge of IFIS repo?

Indy-Test-Automation

• Issue#102: Indy Node system tests depend on the Sovrin package
  • Improve our own testing!

Support for non-docker setup

• Helm Charts
  • Might geht interesting at some point in the future 
    • Potential Clients Spherity/MGM
• Podman
  • https://github.com/IDunion/indy-node-container/issues/48

Next Meeting

• Next meeting: 2022-09-01 17:00-18:00