• Github Forks

• Logging

• Trivy Scan → ID Union Slack Notifications

Attendance

• @Sebastian Schmittner (EECC)

• Sebastian Zickau (Stadt Köln)

• Guido Wischrop (MGM)

• @Philipp Schlarb (esatus AG)

• Marquart Franz (Siemens)

• @Robin Klemens (IFIS)

In Progress

Github Forks

• How to proceed with the fork at https://github.com/IDunion/indy-node-container  ?

  • Delete? (single source of truth)

    • No! 

    • But: Do not contirbute to IDU version but to HL version

      • :warning: → README!

    • Archive?

  • Keep, but automated fetch upstream?

  • What about old images?

    • keep old images not to break currently running setups

    • productive systems will be using "local" copies anyway

  • Explain somewhere? README?

    • Mention IDU / HL

  • Move IDU specific tools ( https://github.com/hyperledger/indy-node-container/blob/main/run/set_iptables_for_idu.sh ) to ID U repo... → Which?

Ubuntu 20

• Ubuntu 20 / node 1.13.0~dev206 eventually runs into consensus problems

  • do not use 1.13.0~dev206 for Debian images (for now)!

• Concretely: Need Ubuntu 20.04 systemd container

  • https://github.com/hyperledger/indy-test-automation/blob/main/system_node_only/docker/node/Dockerfile.ubuntu-2004

  • Hyperledger Indy has a Test Automation Suite which starts the Indy software as a systemd service in a container to simulate operation in a VM. Mainly it is about Pool Restart, Upgrade, Start & Stop Node

  • Could probably be based on https://github.com/solita/docker-systemd/tree/master (which is not maintained anymore)

  • other examples

    • requires sysbox-runc: https://github.com/nestybox/dockerfiles/blob/master/ubuntu-focal-systemd/Dockerfile

    • requires privileged mode: https://github.com/fauust/docker-systemd

    • requires privileged mode: https://github.com/robertdebock/docker-ubuntu-systemd

See https://github.com/hyperledger/indy-test-automation/blob/main/system_node_only/docker_setup.py#L78

Update from @Robin today: Looks promising!

Release automation / Scans

• https://github.com/hyperledger/indy-node-container/issues/46

• Add Slack bot

  • https://action-slack.netlify.app/usage was added to ID Union Slack

• Sebastian Zickau continues in a personal fork

  • https://github.com/zickau/indy-node-container/blob/main/.github/workflows/trivy_example.yml

• Notification working

  • to be integrated into https://github.com/hyperledger/indy-node-container/blob/main/.github/workflows/trivy-all.yml

Logging

• limit docker logs

  • https://docs.docker.com/config/containers/logging/configure/

  • TBD local / json-file

    • document anyway!

    • log rotation anyway!

logging: driver: "json-file" options: max-file: "5" max-size: "100m"

• default log level?

  • https://github.com/hyperledger/indy-node-container/blob/main/run/etc_indy/indy_config.py

  • set to 1

  • += run/README.md

  • See https://github.com/hyperledger/indy-node-container/pull/83

• mounting log files (/var/log/indy)

  • https://github.com/hyperledger/indy-node-container/blob/main/run/docker-compose.yml

  • rotation? 

    

  • += run/README

• journals stuff -> not!

Stale

Metrics

• Carlos: https://github.com/IDunion/indy-node-monitor

• https://github.com/WadeBarnes/indy-node-monitor/tree/monitoring-stack

• Existing Prometheus + Grafana setup by IFIS

Security

The node keys handling is currently sub optimal (env variable). Should be improved to e.g. file based setup: https://github.com/IDunion/indy-node-container/issues/52

• Cristian already has a nice setup elsewhere and offers to port it

  • https://github.com/internet-sicherheit/sovrin-container

  • Merge of IFIS repo?

Indy-Test-Automation

• Issue#102: Indy Node system tests depend on the Sovrin package

  • Improve our own testing!

Support for non-docker setup

• Helm Charts

  • Might geht interesting at some point in the future 

    

    • Potential Clients Spherity/MGM

• Podman

  • https://github.com/IDunion/indy-node-container/issues/48

Next Meeting

• Weekly Fri 9:15-10:00 (UTC+1)