2022-09-16 Indy Container Meeting #44
IP Tables scripts
Node Controlle
Container build from smaller images
Ubuntu20 Indy node test image
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
|---|
Attendance
@Sebastian Schmittner (EECC)
@Christian Bormann (Robert Bosch GmbH)
@Philipp Schlarb (esatus AG) <p.schlarb@esatus.com>
@Franz, Marquart (FT RPD SSP) (Deactivated)
Christian Fries (EECC)
Cristian Kubis
In Progress
IP Tables script:
https://github.com/hyperledger/indy-node-container/blob/main/run/set_iptables.sh
Scripts including DDOS protection already merged. Improvements under ways:
https://github.com/hyperledger/indy-node-container/issues/102
Add to README: flush Chain (default docker) before running the script
Indy Node Controller
Current problem: Podman dependency removed since `apt-get install -y podman` requires `dbus-user-session` which then requires `systemd`
Podman is used (at least by IFIS)!
actually we only need podman cli → better package?
other base image?
https://github.com/hyperledger/indy-node-container/issues/112
@Cristian Kubis
The Upgrade Prozess in Indy needs to be improved in order to propperly support upgrading containers
Discuss https://github.com/hyperledger/indy-node-container/issues/108
Problem: No explizit IPs in default run setting
The principal Controller solution mounting the host docker socket into the controller container might be re-discussed as well
Tagging of Container releases
Include indy node version
For upgrade!
Release less flavours
Container
Use smaller base images
python-slim + pypi indy packages?
Phillipp: Caution: pypi packages are not identical to deb versions
differences regarding config files for indy-node (https://github.com/hyperledger/indy-node/blob/ubuntu-20.04-upgrade/build-scripts/ubuntu-2004/prepare-package.sh)
Stale
Issues
https://github.com/hyperledger/indy-node-container/issues/96
probably resolved?
Maintainers.md: https://github.com/hyperledger/indy-node-container/issues/98
Network connectivity test script
Idea: Script to test that IP Tables rules are as they should be
At least check that node can connect (TCP lvl) to all other nodes
Bonus: Check that connection from outside is not possible
Still 2do
Load Test Script by @Christian Bormann
on hold
Alerting
Sebastian Z finished work on slack alerting action.
Send webhook to @Sebastian Schmittner → Forward to @Stephen Curranto add to github repo, then MR github action
Replace scan → github security alerts or do both?
BOTH
@Sebastian Schmittner
Logging
Stale PR https://github.com/hyperledger/indy-node-container/pull/83
Discussion today:
Rather document how to edit the https://github.com/hyperledger/indy-node-container/blob/main/run/etc_indy/indy_config.py then overwriting those variables at container start through init script
Network Name → same!?
Definietly keep READE + docker logging explanation
→ sesinsible default for logging in docker compose
@Sebastian Schmittner
Metrics
https://github.com/WadeBarnes/indy-node-monitor/tree/monitoring-stack
Existing Prometheus + Grafana setup by IFIS
Security
The node keys handling is currently sub optimal (env variable). Should be improved to e.g. file based setup: https://github.com/IDunion/indy-node-container/issues/52
Cristian already has a nice setup elsewhere and offers to port it
Merge of IFIS repo?
Indy-Test-Automation
Issue#102: Indy Node system tests depend on the Sovrin package
Improve our own testing!
Support for non-docker setup
Helm Charts
Might geht interesting at some point in the future
Potential Clients Spherity/MGM
Podman
Next Meeting
Next meeting: 2022-09-30 9:15 (Berlin time)