2022-03-18 Indy Container Meeting #35
- Github Forks
- Logging
- Trivy Scan → ID Union Slack Notifications
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
---|
Attendance
- Sebastian Schmittner (EECC)
- Sebastian Zickau (Stadt Köln)
- Guido Wischrop (MGM)
- Philipp Schlarb (esatus AG)
- Marquart Franz (Siemens)
- Robin Klemens (IFIS)
In Progress
Github Forks
- How to proceed with the fork at https://github.com/IDunion/indy-node-container ?
- Delete? (single source of truth)
- No!
- But: Do not contirbute to IDU version but to HL version
- :warning: → README!
- Archive?
- Keep, but automated fetch upstream?
- What about old images?
- keep old images not to break currently running setups
- productive systems will be using "local" copies anyway
- Explain somewhere? README?
- Mention IDU / HL
- Move IDU specific tools ( https://github.com/hyperledger/indy-node-container/blob/main/run/set_iptables_for_idu.sh ) to ID U repo... → Which?
- Delete? (single source of truth)
Ubuntu 20
- Ubuntu 20 / node 1.13.0~dev206 eventually runs into consensus problems
- do not use 1.13.0~dev206 for Debian images (for now)!
- Concretely: Need Ubuntu 20.04 systemd container
- https://github.com/hyperledger/indy-test-automation/blob/main/system_node_only/docker/node/Dockerfile.ubuntu-2004
- Hyperledger Indy has a Test Automation Suite which starts the Indy software as a systemd service in a container to simulate operation in a VM. Mainly it is about Pool Restart, Upgrade, Start & Stop Node
- Could probably be based on https://github.com/solita/docker-systemd/tree/master (which is not maintained anymore)
- other examples
- requires sysbox-runc: https://github.com/nestybox/dockerfiles/blob/master/ubuntu-focal-systemd/Dockerfile
- requires privileged mode: https://github.com/fauust/docker-systemd
- requires privileged mode: https://github.com/robertdebock/docker-ubuntu-systemd
See https://github.com/hyperledger/indy-test-automation/blob/main/system_node_only/docker_setup.py#L78
Update from @Robin today: Looks promising!
Release automation / Scans
- https://github.com/hyperledger/indy-node-container/issues/46
- Add Slack bot
- https://action-slack.netlify.app/usage was added to ID Union Slack
- Sebastian Zickau continues in a personal fork
- Notification working
Logging
- limit docker logs
- https://docs.docker.com/config/containers/logging/configure/
- TBD local / json-file
- document anyway!
- log rotation anyway!
logging:
driver: "json-file"
options:
max-file: "5"
max-size: "100m"
default log level?
mounting log files (
/var/log/indy
)- https://github.com/hyperledger/indy-node-container/blob/main/run/docker-compose.yml
- rotation?
- += run/README
journals stuff -> not!
Stale
Metrics
- Carlos: https://github.com/IDunion/indy-node-monitor
- https://github.com/WadeBarnes/indy-node-monitor/tree/monitoring-stack
- Existing Prometheus + Grafana setup by IFIS
Security
The node keys handling is currently sub optimal (env variable). Should be improved to e.g. file based setup: https://github.com/IDunion/indy-node-container/issues/52
- Cristian already has a nice setup elsewhere and offers to port it
- https://github.com/internet-sicherheit/sovrin-container
- Merge of IFIS repo?
Indy-Test-Automation
- Issue#102: Indy Node system tests depend on the Sovrin package
- Improve our own testing!
Support for non-docker setup
- Helm Charts
- Might geht interesting at some point in the future
- Potential Clients Spherity/MGM
- Might geht interesting at some point in the future
- Podman
Next Meeting
- Weekly Fri 9:15-10:00 (UTC+1)