Controller issues
Indy Node Upgrade
Meeting time

	Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct.

	Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct.

Attendance

@Sebastian Schmittner (EECC)
@Christian Bormann (Robert Bosch GmbH)
@Philipp Schlarb (esatus AG) <p.schlarb@esatus.com>
@Franz, Marquart (FT RPD SSP) (Deactivated)
Christian Fries (EECC)

In Progress

Indy 1.12.6 Upgrade

Christian (B) has tried upgrading via the docker based node controller. Upgrade failed. See https://github.com/hyperledger/indy-node-container/issues/108
Otherwise the recent container releases with the 1.12.5 and 1.12.6 upgrades are running well

Indy Node Controller

The Upgrade Prozess in Indy needs to be improved in order to propperly support upgrading containers
The principal Controller solution mounting the host docker socket into the controller container might be re-discussed as well

Tagging of Container releases

Include indy node version
For upgrade!

Issues

https://github.com/hyperledger/indy-node-container/issues/96
- probably resolved?
Maintainers.md: https://github.com/hyperledger/indy-node-container/issues/98
- https://github.com/hyperledger/indy-node-container/pull/109

IP Tables script:

https://github.com/hyperledger/indy-node-container/blob/main/run/set_iptables.sh
Add to README: flush Chain (default docker) before running the script
Check that DROP rule is automatically moved to correct position
- https://github.com/hyperledger/indy-node-container/issues/102
Note: There will be an update for the IP Table rule (conn limit per IP for port 9702) in early September

Network connectivity test script

Idea: Script to test that IP Tables rules are as they should be

At least check that node can connect (TCP lvl) to all other nodes
Bonus: Check that connection from outside is not possible

Still 2do

Load Test Script by @Christian Bormann

on hold

Meeting time slot

Back to FR 9:15-10:00 (Berlin) for now
Change back to US friendly when anyone from US is interested in joining

Stale

Alerting

Sebastian Z finished work on slack alerting action.
Send webhook to @Sebastian Schmittner → Forward to @Stephen Curranto add to github repo, then MR github action
Replace scan → github security alerts or do both?
- BOTH
- @Sebastian Schmittner

Logging

Stale PR https://github.com/hyperledger/indy-node-container/pull/83
Discussion today:
- Rather document how to edit the https://github.com/hyperledger/indy-node-container/blob/main/run/etc_indy/indy_config.py then overwriting those variables at container start through init script
- Network Name → same!?
- Definietly keep READE + docker logging explanation
- → sesinsible default for logging in docker compose
- @Sebastian Schmittner

Metrics

Carlos: https://github.com/IDunion/indy-node-monitor
https://github.com/WadeBarnes/indy-node-monitor/tree/monitoring-stack
Existing Prometheus + Grafana setup by IFIS

Security

The node keys handling is currently sub optimal (env variable). Should be improved to e.g. file based setup: https://github.com/IDunion/indy-node-container/issues/52

Cristian already has a nice setup elsewhere and offers to port it
- https://github.com/internet-sicherheit/sovrin-container
- Merge of IFIS repo?

Indy-Test-Automation

Issue#102: Indy Node system tests depend on the Sovrin package
- Improve our own testing!

Support for non-docker setup

Helm Charts
- Might geht interesting at some point in the future
  - Potential Clients Spherity/MGM
Podman
- https://github.com/IDunion/indy-node-container/issues/48

Next Meeting

Next meeting: 2022-09-16 9:15 (Berlin time)

2022-09-01 Indy Container Meeting #43