Skip to content

Latest commit

 

History

History
826 lines (586 loc) · 55.5 KB

CHANGELOG.md

File metadata and controls

826 lines (586 loc) · 55.5 KB

Hyperledger Indy Node Release Notes

Disclosure

Although every attempt has been made to make this information as accurate as possible, please know there may be things that are omitted, not fully developed yet, or updates since this publication that were not included in the information below. Only the most pressing or significant items have been listed. For the entire list of tickets and or specific information about any given item, please visit the list at Hyperleder Indy's Jira. Once logged in, simply navigate to Projects > Indy.

1.6.78

Component Version Information

Components Version Numbers
indy-plenum 1.6.53
indy-anoncreds 1.0.11
indy-node 1.6.78

Major Fixes

Description Additional Information Ticket Number
Re-asking for ledger statuses and maximal consistency proofs is not canceled. INDY-1740
Bug in calling notifier methods in Restarter. INDY-1741
35 view changes were happened during 10 minutes after nodes failure because of invalid request. INDY-1696
Requests queue is not cleared in case of reject-nym transactions. INDY-1700
Throughput critically decreases without causing view_change. INDY-1672
Node can't catch up large ledger. INDY-1595
Unable to demote node in STN. INDY-1621
View changes happen when all responses should be rejected during load testing scenario. INDY-1653
Node doesn't write txns after disconnection from the rest nodes. INDY-1580
Throughput is degrading if backup primary is stopped. INDY-1618

Changes - Additions - Known Issues

Description Workaround Ticket
Switch off a replica that stopped because disconnected from a backup primary. INDY-1681
Extend load scripts emulating non-smooth load according to the changes in the core script. INDY-1667
Proof of stability under load. INDY-1607
Investigate Out of memory issues with the current load testing. INDY-1688
Do not re-verify signature for Propagates with already verified requests. INDY-1649
POA: Require multiple signatures for important transactions. INDY-1704
Support all FEEs txns in the load script. INDY-1665
Test domain transactions with FEEs. INDY-1661
3PC Batch should preserve the order of requests when applying PrePrepare on non-primary. INDY-1642
Ability to switch off (remove) replicas with no changes of F value. INDY-1680
A node should be able to participate in BLS multi-signature only if it has a valid proof of posession. INDY-1589
Make validator info as a hystorical data. INDY-1637
Known Issue: Upgrade failed on pool from 1.3.62 to 1.4.66. Note that INDY-1447 was fixed in indy-node 1.5.68, but it still presents in indy-node 1.3.62 and 1.4.66 code. So, some of the nodes may not to be upgraded during simultaneous pool-upgrade. If this problem will appear, stewards should perform manual upgrade of indy-node in accordance with this instruction:(!) To reduce the risk of reproducing INDY-1447, it is recommended to use old CLI for pool upgrade. INDY-1447

Upgrade Scripts:

Pool upgrade from indy-node 1.3.62 to indy-node 1.6.78 should be performed simultaneously for all nodes due to txn format changes.

Additional Information:

All indy-cli pools should be recreated with actual genesis files.

For more details about txn format changes see INDY-1421 .

There are possible OOM issues during 3+ hours of target load or large catch-ups at 8 GB RAM nodes pool so 32 GB is recommended.

1.6.73

Important: Several iterations were done very rapidly between the last release and this one. All of the changes, upgrades, etc... are included in this new release. Simply upgrading will include them all from 1.6.70 until 1.6.73. To see further, specific numerous changes, please reference the appropriate tickets in the Hyperledger Jira ticketing system.

Component Version Information

Components Version Numbers
indy-plenum 1.6.51
indy-anoncreds 1.0.11
indy-node 1.6.73

Major Fixes

Description Additional Information Ticket Number
Fixed and issue where the pool stopped writing after F change. INDY-1583
Fixed an issue where read_ledger was passing incorrectly formatted stdout and breaks convention INDY-1645
Fixed an issue where the node couldn't catch up a large ledger. INDY-1595
Fixed an issue where the Validator Info may hang for a couple of minutes. INDY-1603

Changes - Additions - Known Issues

Description Workaround Ticket
Made it so that the 3PC Batch should preserve the order of requests when applying PrePrepare on non-primary. INDY-1642
Made it so that Monitor takes into account requests not passing the dynamic validation when triggering view change. INDY-1643
Improved throughput calculation to reduce a chance of false positive View Changes. INDY-1565
Made it so that the performance of monitor is improved. INDY-1660
Made it so that Stewards, can have a script that can generates Proof of possession for their BLS key. That value can now be used in a NODE txn. INDY-1588
Added Support Proof of Possession for BLS keys. INDY-1389
Made it so that the average is not used when calculating total throughput/latency of backups. INDY-1582
Made it so that any client requests are discarded during view change. INDY-1564
Created a simple tool to show graphical representation of some common metrics. INDY-1568
Changed default configs for better performance and stability. INDY-1549
Known Issue: Upgrade failed on pool from 1.3.62 to 1.4.66. Note that INDY-1447 was fixed in indy-node 1.5.68, but it still presents in indy-node 1.3.62 and 1.4.66 code. So, some of the nodes may not to be upgraded during simultaneous pool-upgrade. If this problem will appear, stewards should perform manual upgrade of indy-node in accordance with this instruction:(!) To reduce the risk of reproducing INDY-1447, it is recommended to use old CLI for pool upgrade. INDY-1447

Upgrade Scripts:

Pool upgrade from indy-node 1.3.62 to indy-node 1.6.73 should be performed simultaneously for all nodes due to txn format changes.

Additional Information:

All indy-cli pools should be recreated with actual genesis files.

For more details about txn format changes see INDY-1421 .

There are possible OOM issues during 3+ hours of target load or large catch-ups at 8 GB RAM nodes pool so 32 GB is recommended.

1.6.70

Component Version Information

Components Version Numbers
indy-plenum 1.6.49
indy-anoncreds 1.0.11
indy-node 1.6.70

Major Fixes

Description Additional Information Ticket Number
Fixed and issue where several nodes (less than f) were getting ahead the rest ones under load. INDY-1473
Fixed an issue where the pool has stopped to write txns. INDY-1539
Fixed an issue where re-send messages to disconnected remotes. INDY-1497
Fixed an issue where the pool stopped writing under 20txns/sec load. INDY-1478
Fixed an issue where 1.3.62 -> 1.5.67 forced upgrade without one node in schedule failed. INDY-1519
Fixed an issue where tmp.log must have unique name. INDY-1502
Fixed an issue where a node needed to hook up to a lower viewChange. INDY-1199
Fixed an issue where the one of the nodes lagged behind others after forced view changes. INDY-1470
Made it so that View Change should not be triggered by re-sending Primary disconnected if Primary is not disconnected anymore. INDY-1544

Changes - Additions - Known Issues

Description Workaround Ticket
Made it so that as a Trustee running POOL_UPGRADE txn, you can specify any package depending on indy-node, so that the package with the dependencies get upgraded. INDY-1491
Made it so that Monitor is reset after the view change. INDY-1555
Made it so that GC by Checkpoints are not triggered during View Change. INDY-1545
Made it so that the validator info must show committed and uncommitted roots for all states. INDY-1542
Explored timing and execution time. INDY-1475
Memory leaks profiling. INDY-1493
Bound connection socket to NODE_IP INDY-1531
Enable TRACK_CONNECTED_CLIENTS_NUM option INDY-1496
Updated revocation registry delta value during REG_ENTRY_REVOC writing. INDY-1378
Support latest SDK in Indy Plenum and Node. INDY-1480
Latency measurements in monitor are windowed. INDY-1468
Trust anchor permissions are not needed for ledger writes. INDY-1528
Known Issue: Docker pool can't be built because of new python3-indy-crypto in sdk repo. The problem described in INDY-1517 will be fixed in the next release of indy-node. Workaround for this problem is to add python3-indy-crypto=0.4.1 to the list of packages to be installed. INDY-1517
Known Issue: Upgrade failed on pool from 1.3.62 to 1.4.66. Note that INDY-1447 was fixed in indy-node 1.5.68, but it still presents in indy-node 1.3.62 and 1.4.66 code. So, some of the nodes may not to be upgraded during simultaneous pool-upgrade. If this problem will appear, stewards should perform manual upgrade of indy-node in accordance with this instruction:(!) To reduce the risk of reproducing INDY-1447, it is recommended to use old CLI for pool upgrade. INDY-1447

Upgrade Scripts:

Pool upgrade from indy-node 1.3.62 to indy-node 1.6.70 should be performed simultaneously for all nodes due to txn format changes.

Additional Information:

All indy-cli pools should be recreated with actual genesis files.

For more details about txn format changes see INDY-1421 .

1.5.67

Component Version Information

Components Version Numbers
indy-plenum 1.5.47
indy-anoncreds 1.0.11
indy-node 1.5.67

Major Fixes

Description Additional Information Ticket Number
Fixed and issue where logs were appearing in the old CLI. INDY-1471
Fixed an issue where there were numerous blacklists under high loads. INDY-1461
Fixed an issue where the pool stopped writing after 1114k txns (different view_no). INDY-1460
Fixed an issue where the "AttributeError: NoneType object has no attribute 'request' during load"; was appearing. INDY-1464
Fixed an issue where the validator-info was reading an empty file. INDY-1406
Fixed an issue where validator-info -v --json wasn't producing valid JSON. INDY-1443
Fixed an issue where the first Pre-Prepare message had incorrect state trie root right after view_change (on master replica). INDY-1459
Fixed an issue where the pool could not order transactions because Node set incorrect watermarks after its restart. INDY-1455
Fixed an issue where the pool stopped working due to several incomplete view changes. INDY-1454
Fixed an issue where the node crashes on _remove_stashed_checkpoints. INDY-1427
Fixed an issue where memory was running out during non-completed viewChange process (under load). INDY-1360
Fixed an issue where part of nodes continued ordering txns after incorrect state trie under load. INDY-1422
Fixed an issue where the upgrade failed on pool from 1.3.62 to 1.4.66. INDY-1447
Fixed an issue where a forced upgrade from 1.3.62 -> 1.5.67 without one node in schedule failed. INDY-1519

Changes - Additions - Known Issues

Description Workaround Ticket
Implemented periodic restart of client stack to allow new clients to connect. INDY-1431
Got rid of peersWithoutRemotes. INDY-1467
High Watermark on backup may be reset to 300. INDY-1462
We now allow optional field in node-to-node and client-to-node. INDY-1494
Catchup during view change may last forever under the load. INDY-1463
Propagate Primary mode should not be set for already started view change. INDY-1458
Catchup needs to be finished during high load. INDY-1450
Included reviewed logging strings in Indy. INDY-1416
Added benchmark performance impact of recorder tool. INDY-1483
Decreased the amount of logging with INFO level. INDY-1311
Made it so that throughput measurements in monitor should are windowed. INDY-1435
Limited the number of requested PROPAGATES in MessageRequests. INDY-1386
Made it so that any client requests during view change are not processed. INDY-1453
Made it so that a node must send LEDGER_STATUS with correct last ordered 3PC after catch-up. INDY-1452
Fixed calculation of prepared certificates during View Change. INDY-1385
Made it so that catchup should not be interrupted by external events. INDY-1404
Known Issue: Upgrade failed on pool from 1.3.62 to 1.4.66. Note that INDY-1447 was fixed in indy-node 1.5.68, but it still presents in indy-node 1.3.62 and 1.4.66 code. So, some of the nodes may not to be upgraded during simultaneous pool-upgrade. If this problem will appear, stewards should perform manual upgrade of indy-node in accordance with this instruction: (!) To reduce the risk of reproducing INDY-1447, it is recommended to use old CLI for pool upgrade. INDY-1447

Upgrade Scripts:

Pool upgrade from indy-node 1.3.62 should be performed simultaneously for all nodes due to txn format changes.

Additional Information:

All indy-cli pools should be recreated with actual genesis files. For more details about txn format changes see INDY-1421.

1.4.66

Component Version Information

Components Version Numbers
indy-plenum 1.4.45
indy-anoncreds 1.0.11
indy-node 1.4.66

Major Fixes

Description Additional Information Ticket Number
Fixed and issues where one of the nodes stopped writing after 44287 txns with errors in status. INDY-1410
Fixed an issue where the pool stopped accepting transactions on 5731 txns (1 sec delays, no logging). INDY-1365
Fixed an issue where the pool stopped writing after ~300,000 txns from 5 clients INDY-1315
Fixed an issue where STN was not accepting transactions with only one node down. INDY-1351
Fixed an issue where the pool stops taking txns at ~178k txns written in ledger. INDY-1260
Fixed an issue where ReqIdrToTxn does not store information about the ledger. INDY-1327
Made simple Timeout fixes of the current View Change protocol. INDY-1341
Fixed an issue where the migration fails in case of upgrade to version with new transactions format. INDY-1379
Fixed an issue where --network parameter of read_ledger doesn't work. INDY-1318
Fixed an issue where the /var/log/indy/validator-info.log was inappropriately owned by root. INDY-1310
Created a fix around the issues found in the current logic of catch-up. INDY-1298
Fixed GetValidatorInfo so it has correct validation for signature and permissions. INDY-1363
Fixed an issue where there was an unhandled exception during node working. INDY-1316
Fixed an issue where validator-info and read_ledger were giving inconsistent responses in node on provisional. INDY-1219
Fixed an issue where the pool stops taking txns at 3000 writing connections. INDY-1259

Changes - Additions - Known Issues

Description Workaround Ticket
Reviewed and replaced assert with exceptions in indy-plenum where needed. INDY-810
Tuned RocksDB options for the best performance. INDY-1245
Created a migration guide from Indy-node 1.3 to 1.4. INDY-1392
Сhanged a key in the requests map and field reqIdr in Pre Prepare and Ordered. INDY-1370
Investigated issues found during load testing of 25-nodes pool with increased timeouts for catchups and viewchange. INDY-1400
We now support binding on separate NICs for Client-to-Node and Node-to-Node communication. INDY-1332
Added short checkpoints stabilization without matching digests. INDY-1329
Added indy-crypto package to the hold list. INDY-1323
Removed ledger status based catch-up trigger together with the wrong catch-up workflow. INDY-1297
Read-ledger without storage copy in case of RocksDB (RocksDB read-only mode support). INDY-1243
Applied state machine to Catchup code. INDY-971
Refactored the common Request structure. INDY-1124
Refactored the common transactions structure. INDY-1123
We now support the new libindy with changed txn format. INDY-1319
Explored config parameters to find the best performance/stability settings. INDY-1334
Extended the Validator Info tool to provide more information about the current state of the pool. INDY-1175
A Steward needs to be able to get validator-info from all nodes. INDY-1184
Modified existing load scripts for a better load testing. INDY-1279
Performed a migration from LevelDB to RocksDB INDY-1244
A Trustee needs to be able to restart the pool in critical situations. INDY-1173
Move the log compression into separate process. INDY-1275
Known Issue: There's an incorrect read_ledger info with seq_no parameter. INDY-1415
Known Issue: Pool upgrade should be performed simultaneously for all nodes due to txn format changes. All indy-cli pools should be recreated with actual genesis files.
List of breaking changes for migration from indy-node 1.3 to 1.4: 1.3-1.4 Migration Guide

Upgrade Scripts:

Pool upgrade should be performed simultaneously for all nodes due to txn format changes.

All indy-cli pools should be recreated with actual genesis files.

CLI Upgrading:

Old CLI (indy):

upgrade from 1.3 to 1.4 version delete ~.ind-cli/networks/<network_name>/data folder replace both old genesis files by new ones (from 1.4 node)

New CLI (indy-cli):

upgrade from 1.4 to 1.5 version recreate indy-cli pool using 1.4 pool genesis file (from 1.4 node)

Additional Information:

List of breaking changes for migration from indy-node 1.3 to 1.4:

https://github.com/hyperledger/indy-node/blob/master/docs/1.3\_to\_1.4\_migration\_guide.md

IndyNode 1.4 and LibIndy 1.5 compatibility:

General

By default LibIndy 1.5 will be compatible with IndyNode 1.3 (current stable), and not 1.4 (the new one).

LibIndy 1.5 can become compatible with IndyNode 1.4 if indy_set_protocol_version(2) is called during app initialization.

Guideline for teams and apps

Applications can freely update to LibIndy 1.5 and still use stable Node 1.3

If an app wants to work with the latest master or Stable Node 1.4, then they need to support breaking changes (there are not so many, mostly a new reply for write txns as txn format is changed, see 1.3_to_1.4_migration_guide.md)

call indy_set_protocol_version(2) during app initialization

Use https://github.com/hyperledger/indy-sdk/blob/b4a2bb82087e2eafe5e55bddb20a3069e5fb7d0b/cli/README.md#old-python-based-cli-migration to export dids from your old CLI wallet to the new one (new indy-cli).

1.3.62

Component Version Information

Components Version Numbers
indy-plenum 1.2.42
indy-anoncreds 1.0.11
indy-node 1.3.62

Major Fixes

Description Additional Information Ticket Number
Fixed an issue where the STN was losing consensus. INDY-1256
Fixed an issue where we were unable to use the read_ledger tool with the parameter "to". INDY-1284
Fixed the upgrade from 1.2.223 (1.3.55 stable analogue) to 1.3.410 (rocksdb) wasn't working. INDY-1330

Changes - Additions - Known Issues

Description Workaround Ticket
Support was added for supervisord. https://github.com/hyperledger/indy-node/pull/588
Indy-node dependencies are fixed.

Upgrade Scripts:

None for this release.

Additional Information:

None at this time.

1.3.56

Component Version Information

Components Version Numbers
indy-node 1.3.56

Major Fixes

Description Additional Information Ticket Number
The Node was restarting because of an "Out of memory" error. INDY-1238
The pool was not working after not simultaneous manual pool upgrades. INDY-1197
When adding a new schema, field 'attr_names' of schema json can be an empty list. INDY-1169
This prevents an Identity Owner from creating a schema or claimDef. INDY-1111
There was the same primary for both instances 0 and 1. INDY-1112
The node logs were being duplicated in syslog. INDY-1102
It was possible to create several nodes with the same alias. INDY-1148
There was ambiguous behavior after node demotion. INDY-1179
One of the nodes were not responding to libindy after several running load tests. INDY-1180
When returning N-F nodes to the pool, "View change" was not occurring if the Primary node was stopped. INDY-1151
There was a failed restart after getting the "unhandled exception (KeyError)". INDY-1152
Fixed a bug where you were unable to install indy-node if sdk repo is in sources.list INDY-1269

Changes - Additions - Known Issues

Description Workaround Ticket
Made it so that a developer can distinguish logs of each replica. INDY-1186
Made it so a developer, can track the path of each request. INDY-1187
Made it so that you can use RocksDB as a key-value storage. INDY-1205
Refactored the common Request structure. INDY-1124
Made it so that it supports anoncreds revocation in Indy. INDY-680
Made it so that it supports REVOC_REG_DEF transaction. INDY-1134
Made it so that it supports GET_REVOC_REG_DEF request. INDY-1135
Made it so that it supports REVOC_REG_ENTRY transaction. INDY-1136
Made it so that it supports GET_REVOC_REG request. INDY-1137
Made it so that it supports getting state root by timestamp. INDY-1138
Got rid of the RAET code. INDY-1057
Incubation: Move CI part of pipelines to Hyperledger infrastructure. INDY-837
Made it so that a user can revoke a connection by rotating the new key to nothing. INDY-582
Known Issue: Define the policy how to restore node from the state when it's stashing all the reqs and there is a risk of running out of memory. INDY-1250
Known Issue: Re-promoted node cannot hook up to a lower viewChange. INDY-1199
Known Issue: One of the nodes does not respond to libindy after several running load test. INDY-1180
Known Issue: One node fails behind others during the load_test with a high load. INDY-1188
Known Issue: Pool can be broken by primary node reboot in case of network issues between nodes. Note: RocksDB was added as dependency (INDY-1205). It is used for revocation, but the rest part of node functionality is still using LevelDB. INDY-1256

Upgrade Scripts

None for this release.

Additional Information:

None at this time.

1.3.55

Important: Upgrade to this version should be performed simultaneously for all nodes (with force=True).

Component Version Information

Components Version Numbers
indy-plenum 1.2.34
indy-anoncreds 1.0.11
indy-node 1.3.55

Major Fixes

Description Additional Information Ticket Number
Transactions were missing from the config ledger after the upgrade. INDY-799
The node was broken after a load_test.py run. INDY-960
The pool stopped taking transactions after sending 1,000 simultaneous transactions. INDY-911
The pool stopped working: Node services stop with 1,000 simultaneous clients doing GET_NYM reads INDY-986
The node is broken after adding it to the pool. INDY-948
The generate_indy_pool_transactions command can be run only by an indy user. INDY-1048
Made it so that updates to existing Schemas are not allowed. INDY-1035
The pool was unable to write txns after two nodes adding. INDY-1018
Fixed a bug where it was possible to override CLAIM_DEF for existing schema-did pair. INDY-1083
Fixed a bug where here was a huge amount of calls and a lot of execution time in kv_store.py. INDY-1077
One of added nodes wasn't catching up. INDY-1029
The pool stopped working and lost consensus while new node was performing a catch-up. INDY-1025
Performing a View Change on large pools of 19 or more nodes can cause pool to stop functioning. INDY-1054
Performing a View Change issue stopped the pool from accepting new transactions. INDY-1034
We were unable to send transactions in STN. INDY-1076 INDY-1079
Replica.lastPrePrepareSeqNo may not be reset on view change. INDY-1061
We were unable to send an upgrade transaction without including demoted nodes. INDY-897
The Nym request to STN was resulting in inconsistent responses. INDY-1069
The validator node was being re-promoted during view change. INDY-959
There was a false cancel message during an upgrade. INDY-1078
Transactions were being added to nodes in STN during system reboot.. INDY-1045
There were problems with nodes demotion during load test. INDY-1033
The node monitoring tool (email plugin) wasn't working. INDY-995
ATTRIB transaction with ENC and HASH wasn't working. INDY-1074
When returning N-F nodes to the pool, View Change does not occur if Primary node is stopped. INDY-1151
We were unable to recover write consensus at n-f after f+1 descent. INDY-1166
Newly upgraded STN fails to accept transactions (pool has been broken after upgrade because of one not upgraded node). INDY-1183
We were unable to submit upgrade transactions to STN. INDY-1190

Changes - Additions - Known Issues

Description Workaround Ticket
Added indy-sdk test dependency to plenum and use indy-sdk for plenum tests. INDY-900 INDY-901
Published docker images to dockerhub. INDY-962
Simplified the view change code. INDY-480
Refactored config.py to reflect file folder re-factoring for Incubation. INDY-878
Added Abstract Observers Support. INDY-628
Updated information in "Getting Started with Indy". INDY-1062
Updated information in "Setting Up a Test Indy Network in VMs". INDY-1062
Add iptables rules to limit the number of clients connections. INDY-1087
Knowledge transfer on Indy build processes. INDY-1088
Incubation: Move CI part of pipelines to Hyperledger infrastructure. INDY-837
Made it so that a user can revoke a connection by rotating the new key to nothing. INDY-582
Client needs to be able to make sure that we have the latest State Proof. INDY-928
Created it so that anyone could have access to an up-to-date Technical overview of plenum and indy. INDY-1022
Known Issue: Pool has lost consensus after primary demotion (with 4 nodes setup only). INDY-1163
Known Issue: Ambiguous behavior after node demotion. INDY-1179
Known Issue: One of the nodes does not respond to libindy after several running load test. INDY-1180
Known Issue: Pool does not work after not simultaneous manual pool upgrades. INDY-1197
Known Issue: Pool stops working if the primary node was not included to schedule in the upgrade transaction. INDY-1198

Additional Information:

Node promoting is not recommended for 1.3.52 version according to known issues because backup protocol instances may work incorrectly until next view change.

As mentioned above, upgrade to this version should be performed simultaneously for all nodes (with force=True).

1.2.50

Component Version Information

Components Version Numbers
indy-plenum 1.2.29
indy-anoncreds 1.0.11
indy-node 1.2.50

Major Fixes

Description Additional Information Ticket Number
A node was maintaining a pace with the network exactly 12 transactions behind. INDY-759
New nodes added to an existing pool were unable to sync ledgers with the pool. INDY-895
Scheduled upgrades were happening at the current time on some of the nodes. INDY-231
Some nodes were not restarting after a canceled pool upgrade. INDY-157
A node was getting the wrong upgrade_log entries after restarting and was running the wrong upgrade. INDY-917
An earlier pool_upgrade was not happening when there was an upgrade to schedule to happen in the future. INDY-701
A validator was running instance change continually on the live pool. INDY-932
New nodes added to an existing pool were unable to participate in consensus after the upgrade. INDY-909
The node logs were repeating the message, "NodeRequestSuspiciousSpike suspicious spike has been noticed." INDY-541
Unable to catch up the agent if a validator was down. INDY-941
The pool was unable to write nyms after BLS keys enabling. INDY-958
The last pool node is failed to upgrade; during a pool upgrade. INDY-953
State Proof creating is fixed. INDY-954
State Proof verifying is fixed. INDY-949

Changes - Additions - Known Issues

Description Workaround Ticket
Signed State implementation INDY-670
State Proofs implementation INDY-790
Removed all non-Indy branding from the indy-plenum repo. INDY-829
Removed all non-Indy branding from the indy-anoncreds repo. INDY-855
Removed all non-Indy branding from the indy-node repo. INDY-830
Backward compatibility of nodes with state proofs support with old clients. INDY-877
Support of multiple pool networks by Indy Node. INDY-831
Support of multiple pool networks by Indy Client (CLI). INDY-832
Created proper file folder paths for system service. INDY-833
Client needs to be able to send read requests to one Node only. INDY-927
Client needs to be able to make sure that we have the latest State Proof. INDY-928
Known Issue: Node is broken after load_test.py run INDY-960

Additional Information:

Mapping of all file/folder changes are located here.

Upgrade Steps

  1. Send Pool Upgrade command so all nodes upgrade.

  2. Sometime later each Steward will need to do the following steps to add their BLS Keys:

Steps to Add BLS Keys

From the Validator Node:

  1. Generate a new 32-byte seed for the bls key (we recommend pwgen):

$ sudo apt install pwgen

$ pwgen -s -y -B 32 1

If the output has a single-quote symbol ('), rerun until it doesn't.

NOTE: This is not your Steward or Node seed.

  1. Record the seed somewhere secure.

  2. Switch to the indy user.

$ sudo su - indy

  1. Configure the BLS key.

$ init_bls_keys --name <NODE_ALIAS> --seed '<SEED>'

The --seed is the seed you generated above, and will be used to create the BLS key.

Example with Seed:

$ init_bls_keys --name Node1 --seed 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

Capture the stdout at the end of the output, which looks like the following, and record it.

BLS Public key is 3AfkzUZVn2WT9mxW2zQXMgX39FXSY5qzohnMVpdvNS5KSath1YG5Ux4u9ubTFTaP6W55XX9Yx7xPWeYos489oyY53WzwNBG7X4o32ESnZ9xacLmNsQLBjqc6oqpWGTbEXv4edFTrZ88n93sEh4fjFhQMumaXxDfWJgd9aj7KCSpf38F

  1. Exit the indy user.

$ exit

From the CLI Node:

  1. Manually upgrade the CLI.

$ sudo apt update

$ sudo apt upgrade

  1. Launch the CLI.

$ indy

The first time running the upgraded CLI you will be prompted to migrate your previous settings. Answer "Yes."

  1. Connect to the pool.

indy> connect live

  1. Set your Steward as the signer in the CLI.

indy@live> use DID <Steward DID>

Example:

indy@live> use DID Th7MpTaRZVRYnPiabds81Y

Note: If your DID is not found in the wallet, you will need to use your steward seed:

indy@live> new key with seed <steward_seed>

  1. Now you will send a node transaction like what you did when you added the node to the pool. You will add the BLS key as a new parameter to the transaction to update the pool ledger with this additional public key. For 'dest', use the same base58 value for this that was used when you initially onboarded your VM onto the provisional pool.

indy@live> send NODE dest=<node_dest> data={'alias':'<node name>','blskey': '<key_generated_by_init_bls_keys>'}

Example:

indy@live> send NODE dest=Gw6pDLhcBcoQesN72qfotTgFa7cbuqZpkX3Xo6pLhPhv data={'alias':'Node1','blskey': '3AfkzUZVn2WT9mxW2zQXMgX39FXSY5qzohnMVpdvNS5KSath1YG5Ux4u9ubTFTaP6W55XX9Yx7xPWeYos489oyY53WzwNBG7X4o32ESnZ9xacLmNsQLBjqc6oqpWGTbEXv4edFTrZ88n93sEh4fjFhQMumaXxDfWJgd9aj7KCSpf38F'}

Note: The 'node_dest' value can be found on the node with sudo read_ledger --type pool.

Questions and Answers

BLS Keys for State Proofs

What does BLS stand for?

Boneh-Lynn-Shacham - The BLS signature scheme is used to verify that a signer is authentic.

How does the CLI use State Proof for confirmation?

When the CLI requests information about a transaction it checks the BLS signatures to verify the transaction was written by nodes that are part of the validator pool. The CLI sends a request to one node (arbitrary one). If the Reply doesn't have a State Proof, or the reply is incorrect/invalid, then CLI falls back to sending requests to all Nodes and waiting for f+1 equal Replies.

What if not all nodes in the pool have BLS signing keys for a transaction?

Transactions only get signed if all nodes reaching consensus can sign it (>= n-f Nodes with correct BLS signatures).

Can the bls_seed be any 32 character seed like the Steward seed?

Yes.

When adding a new node to an existing pool where do I find my BLS key?

When initializing your node using init_indy_node the output will display the keys for the node including the BLS key. It can be found in /var/lib/indy/<network_name>/keys/<node_name>/bls_keys/bls_pk file (e.g.: /var/lib/indy/sandbox/keys/Node1/bls_keys/bls_pk)

When you send the transaction to add the new node to the pool it will also contain the BLS key in the transaction shown in this example.

Example of send node command with BLS for 5th node in test pool:

send NODE dest=4Tn3wZMNCvhSTXPcLinQDnHyj56DTLQtL61ki4jo2Loc data= {'client_port': 9702, 'client_ip': '10.0.0.105', 'alias': 'Node5', 'node_ip': '10.0.0.105', 'node_port': 9701, 'services': ['VALIDATOR'], 'blskey':'2RdajPq6rCidK5gQbMzSJo1NfBMYiS3e44GxjTqZUk3RhBdtF28qEABHRo4MgHS2hwekoLWRTza9XiGEMRCompeujWpX85MPt87WdbTMysXZfb7J1ZXUEMrtE5aZahfx6p2YdhZdrArFvTmFWdojaD2V5SuvuaQL4G92anZ1yteay3R'}

Can I use a seed when generating my BLS keys?

For a new node when using init_indy_node if you specify a seed for this script that same seed is used to generate your BLS keys.

For existing nodes being upgraded to 1.2.50, which includes state proofs, you would use the script init_bls_keys where you can specify a 32-character seed on the command line.

init_bls_keys --name <NODE_ALIAS> --seed '<SEED>'

After running init_bls_keys, Stewards of existing nodes will be required use their CLI node to update their validator's information on the ledger to include the bls keys:

send NODE dest=<node_dest> data={'alias':'<node name>', 'blskey': '<key_generated_by_init_bls_keys>'}

Multi-network and indy_config.py

Where do I find the configuration file settings?

With file and folder changes the new location for indy_config.py is in the directory location /etc/indy/. The configuration file has a new setting called "NETWORK_NAME" which is used to identify which network and associated genesis transaction files to use, such as sandbox or live. If adding a new node to a live pool, change this setting before initializing the node. The genesis files are now located in their own directory based off the network name "/var/lib/indy/NETWORK_NAME". The defaults are live, local, and sandbox. Setting the "NETWORK_NAME" in the indy_config.py file will determine which network is used. The default setting in the indy_config.py file is ""NETWORK_NAME=sandbox".

1.1.43

Component Version Information

Components Version Numbers
indy-plenum 1.1.27
indy-anoncreds 1.0.10
indy-node 1.1.43

Major Fixes

Description Additional Information Ticket Number
Added a migration script which eliminates redundant fields with null values from legacy transactions in the domain ledger. INDY-895 INDY-869
Added a constraint on version field of POOL_UPGRADE transaction that denies values lower than the current installed version. INDY-895 INDY-869
Added prevention of upgrade to a lower version to Upgrader class. INDY-895 INDY-869
Fixed a bug in Upgrader class in search for a POOL_UPGRADE cancel transaction for the last POOL_UPGRADE start transaction. INDY-895 INDY-869
Added a test verifying prevention of upgrade to a lower version. INDY-895 INDY-869
Corrected existing tests according to introduced prevention of upgrade to a lower version. INDY-895 INDY-869

1.1.37

Component Version Information

Components Version Numbers
indy-plenum 1.1.27
indy-anoncreds 1.0.10
indy-node 1.1.37

Major Fixes

Description Additional Information Ticket Number
Stewards can now demote and promote their own nodes. INDY-410
Fixed problem with timezones for timestamp in a transaction. INDY-466
Limited incoming message size from 128k to 128MB (Temporary solution). INDY-25
Fixed send CLAIM_DEF command. INDY-378
Masked private information in the CLI logs/output. INDY-725
Fixes crashes on ubuntu 17.04. INDY-8
Python interpreter is executed in optimized mode. INDY-211
Memory leak fixes. INDY-223
Some minor stability fixes.
Fixed a problem with migration during manual upgrades. INDY-808
Fixed a problem with the message length limitation. This was a permanent solution of INDY-25. INDY-765
Fixed a problem when the pool was writing transactions when more than F nodes were stopped. INDY -786
Fixed a problem when the pool was broken after processing lots of transactions at once. INDY-760
Fixed a problem when the pool doesn't come back to consensus in cases when less than n-f nodes are alive. INDY-804
Partially fixed a problem when the pool responded with outdated data. INDY-761

Changes - Additions - Known Issues

Description Workaround Ticket
New ledger serialization is supported and Leveldb is used as a storage for all ledgers : msgpack is used for the ledger serialization (both transaction log and merkle tree).
The new serialization change created changes to the directory structure for the nodes. The directory name changes are located on a node under .sovrin/data/nodes/<node name>/<directories>. The change removes the ledger files as plain text files and creates them as binary files. A new tool was created to view the ledger entries called read_ledger. This tool also provides you with a count of the transactions. To learn more about this tool and to see a list of available commands, run this as the sovrin user: read_ledger --h
Genesis transaction files are renamed adding a _genesis to the end of each file name.
Added the commands to the POOL_UPGRADE to support downgrade and re-installation. However both have issues and should not be used at this time. INDY-735 INDY-755
Fixes to upgrade procedure, in particular an issue which caused an infinite loop. INDY-316
A new CLI command was added to ease the process of rotating a verification key (verkey). The command is change current key or change current key with seed xxxxx.
Improvements to log messages.
In your sources.list you only need the entry "deb https://repo.evernym.com/deb xenial stable".
Implemented a command line tool to provide validator status. INDY-715
"Debug" mode for tests was moved to parameter. INDY-716
Log levels were changed on some debug level messages to an info level. INDY-800
If the pool loses enough nodes and cannot reach consensus when enough nodes become available, the pool will still not reach consensus. If you restart all the nodes in the pool, it will start reaching consensus again. INDY-849