chore: add current provisioning state before migration

2025-09-22 23:11:41 +01:00 · 2025-09-22 23:11:41 +01:00 · 50745b0f22
commit 50745b0f22
parent a9703b4748
660 changed files with 88126 additions and 0 deletions
--- a/taskservs/polkadot/node/default/env-polkadot-node.j2
+++ b/taskservs/polkadot/node/default/env-polkadot-node.j2
@ -0,0 +1,93 @@
+# Polkadot Node Environment Configuration
+# Generated by provisioning system
+
+POLKADOT_VERSION={{ polkadot_node.version }}
+POLKADOT_RUN_USER={{ polkadot_node.run_user.name }}
+POLKADOT_RUN_GROUP={{ polkadot_node.run_user.group }}
+POLKADOT_RUN_USER_HOME={{ polkadot_node.run_user.home }}
+POLKADOT_WORK_PATH={{ polkadot_node.work_path }}
+POLKADOT_CONFIG_PATH={{ polkadot_node.config_path }}
+POLKADOT_BIN_PATH={{ polkadot_node.bin_path }}
+POLKADOT_BASE_PATH={{ polkadot_node.base_path }}
+
+# Node Configuration
+POLKADOT_NODE_NAME={{ polkadot_node.name }}
+POLKADOT_NODE_TYPE={{ polkadot_node.node_type }}
+POLKADOT_SYNC_MODE={{ polkadot_node.sync_mode }}
+POLKADOT_ARCHIVE_MODE={{ polkadot_node.archive_mode | lower }}
+
+# Network Configuration
+POLKADOT_CHAIN={{ polkadot_node.network.chain }}
+POLKADOT_LISTEN_ADDR="{{ polkadot_node.network.listen_addr }}"
+{% if polkadot_node.network.public_addr is defined %}
+POLKADOT_PUBLIC_ADDR="{{ polkadot_node.network.public_addr }}"
+{% endif %}
+POLKADOT_MAX_PEERS={{ polkadot_node.network.max_peers }}
+POLKADOT_MAX_PEERS_LIGHT={{ polkadot_node.network.max_peers_light }}
+POLKADOT_RESERVED_ONLY={{ polkadot_node.network.reserved_only | lower }}
+
+# Bootnodes and Reserved Nodes
+{% if polkadot_node.network.bootnodes %}
+POLKADOT_BOOTNODES="{{ polkadot_node.network.bootnodes | join(',') }}"
+{% endif %}
+{% if polkadot_node.network.reserved_nodes %}
+POLKADOT_RESERVED_NODES="{{ polkadot_node.network.reserved_nodes | join(',') }}"
+{% endif %}
+
+# RPC Configuration
+POLKADOT_RPC_ENABLED={{ polkadot_node.rpc.enabled | lower }}
+POLKADOT_RPC_BIND_ADDR={{ polkadot_node.rpc.bind_addr }}
+POLKADOT_RPC_PORT={{ polkadot_node.rpc.port }}
+POLKADOT_WS_PORT={{ polkadot_node.rpc.ws_port }}
+POLKADOT_HTTP_PORT={{ polkadot_node.rpc.http_port }}
+POLKADOT_RPC_MAX_CONNECTIONS={{ polkadot_node.rpc.max_connections }}
+POLKADOT_RPC_CORS="{{ polkadot_node.rpc.cors | join(',') }}"
+POLKADOT_RPC_METHODS="{{ polkadot_node.rpc.methods | join(',') }}"
+{% if polkadot_node.rpc.rate_limit is defined %}
+POLKADOT_RPC_RATE_LIMIT={{ polkadot_node.rpc.rate_limit }}
+{% endif %}
+
+# Pruning Configuration
+POLKADOT_PRUNING_ENABLED={{ polkadot_node.pruning.enabled | lower }}
+POLKADOT_PRUNING_MODE={{ polkadot_node.pruning.mode }}
+POLKADOT_BLOCKS_TO_KEEP={{ polkadot_node.pruning.blocks_to_keep }}
+POLKADOT_STATE_PRUNING={{ polkadot_node.pruning.state_pruning }}
+{% if polkadot_node.pruning.block_pruning is defined %}
+POLKADOT_BLOCK_PRUNING={{ polkadot_node.pruning.block_pruning }}
+{% endif %}
+
+# Execution and Performance
+POLKADOT_EXECUTION={{ polkadot_node.execution }}
+POLKADOT_WASM_EXECUTION={{ polkadot_node.wasm_execution }}
+POLKADOT_STATE_CACHE_SIZE={{ polkadot_node.state_cache_size }}
+POLKADOT_DB_CACHE={{ polkadot_node.db_cache }}
+
+# Logging Configuration
+POLKADOT_LOG_LEVEL={{ polkadot_node.log_level }}
+{% if polkadot_node.log_targets %}
+POLKADOT_LOG_TARGETS="{{ polkadot_node.log_targets | join(',') }}"
+{% endif %}
+
+# Telemetry Configuration
+POLKADOT_TELEMETRY_ENABLED={{ polkadot_node.telemetry.enabled | lower }}
+POLKADOT_TELEMETRY_URL="{{ polkadot_node.telemetry.url }}"
+POLKADOT_TELEMETRY_VERBOSITY={{ polkadot_node.telemetry.verbosity }}
+
+# WSS Configuration
+POLKADOT_WSS_ENABLED={{ polkadot_node.wss.enabled | lower }}
+{% if polkadot_node.wss.enabled %}
+POLKADOT_WSS_PORT={{ polkadot_node.wss.port }}
+POLKADOT_WSS_DOMAIN="{{ polkadot_node.wss.domain }}"
+POLKADOT_WSS_PROXY_TYPE={{ polkadot_node.wss.proxy_type }}
+POLKADOT_WSS_RATE_LIMIT={{ polkadot_node.wss.rate_limit }}
+
+# SSL Configuration for WSS
+POLKADOT_SSL_ENABLED={{ polkadot_node.wss.ssl.enabled | lower }}
+{% if polkadot_node.wss.ssl.enabled %}
+POLKADOT_SSL_CERT_FILE="{{ polkadot_node.wss.ssl.cert_file }}"
+POLKADOT_SSL_KEY_FILE="{{ polkadot_node.wss.ssl.key_file }}"
+{% if polkadot_node.wss.ssl.ca_file is defined %}
+POLKADOT_SSL_CA_FILE="{{ polkadot_node.wss.ssl.ca_file }}"
+{% endif %}
+{% endif %}
+{% endif %}
--- a/taskservs/polkadot/node/default/install-polkadot-node.sh
+++ b/taskservs/polkadot/node/default/install-polkadot-node.sh
@ -0,0 +1,311 @@
+#!/bin/bash
+# Info: Script to install Polkadot Node (Full, Light, Archive)
+# Author: Provisioning System
+# Release: 1.0
+# Date: 2025-07-24
+
+USAGE="install-polkadot-node.sh"
+[ "$1" == "-h" ] && echo "$USAGE" && exit 1
+
+[ -r "env-polkadot-node" ] && . ./env-polkadot-node
+
+POLKADOT_VERSION=${POLKADOT_VERSION:-latest}
+POLKADOT_NODE_TYPE=${POLKADOT_NODE_TYPE:-full}
+POLKADOT_CHAIN=${POLKADOT_CHAIN:-polkadot}
+
+# Determine architecture
+ARCH="$(uname -m)"
+case $ARCH in
+    x86_64) ARCH="x86_64" ;;
+    aarch64) ARCH="aarch64" ;;
+    *) echo "Unsupported architecture: $ARCH" && exit 1 ;;
+esac
+
+# Set download URL based on version
+if [ "$POLKADOT_VERSION" = "latest" ]; then
+    POLKADOT_URL="https://github.com/paritytech/polkadot/releases/latest/download"
+    POLKADOT_BINARY="polkadot"
+else
+    POLKADOT_URL="https://github.com/paritytech/polkadot/releases/download/${POLKADOT_VERSION}"
+    POLKADOT_BINARY="polkadot"
+fi
+
+POLKADOT_BIN_PATH=${POLKADOT_BIN_PATH:-/usr/local/bin/polkadot}
+POLKADOT_SYSTEMCTL_MODE=${POLKADOT_SYSTEMCTL_MODE:-enabled}
+
+POLKADOT_CONFIG_PATH=${POLKADOT_CONFIG_PATH:-/etc/polkadot}
+POLKADOT_WORK_PATH=${POLKADOT_WORK_PATH:-/var/lib/polkadot}
+POLKADOT_BASE_PATH=${POLKADOT_BASE_PATH:-/var/lib/polkadot/data}
+
+POLKADOT_RUN_USER=${POLKADOT_RUN_USER:-polkadot}
+POLKADOT_RUN_GROUP=${POLKADOT_RUN_GROUP:-polkadot}
+POLKADOT_RUN_USER_HOME=${POLKADOT_RUN_USER_HOME:-/home/polkadot}
+
+POLKADOT_NODE_NAME=${POLKADOT_NODE_NAME:-polkadot-node}
+POLKADOT_ARCHIVE_MODE=${POLKADOT_ARCHIVE_MODE:-false}
+
+echo "Installing Polkadot Node ${POLKADOT_VERSION} (${POLKADOT_NODE_TYPE})..."
+
+# Install dependencies
+echo "Installing dependencies..."
+if command -v apt-get >/dev/null 2>&1; then
+    apt-get update
+    apt-get install -y curl ca-certificates jq nginx certbot python3-certbot-nginx
+elif command -v yum >/dev/null 2>&1; then
+    yum update -y
+    yum install -y curl ca-certificates jq nginx certbot python3-certbot-nginx
+elif command -v dnf >/dev/null 2>&1; then
+    dnf update -y
+    dnf install -y curl ca-certificates jq nginx certbot python3-certbot-nginx
+else
+    echo "Package manager not found. Please install dependencies manually."
+    exit 1
+fi
+
+# Create user and group
+if ! id "$POLKADOT_RUN_USER" &>/dev/null; then
+    groupadd -r "$POLKADOT_RUN_GROUP"
+    useradd -r -g "$POLKADOT_RUN_GROUP" -d "$POLKADOT_RUN_USER_HOME" -s /bin/bash -c "Polkadot service user" "$POLKADOT_RUN_USER"
+fi
+
+# Create directories
+mkdir -p "$POLKADOT_CONFIG_PATH"
+mkdir -p "$POLKADOT_WORK_PATH"
+mkdir -p "$POLKADOT_BASE_PATH"
+mkdir -p "$POLKADOT_RUN_USER_HOME"
+
+# Download and install Polkadot binary
+cd /tmp
+echo "Downloading Polkadot binary from ${POLKADOT_URL}/${POLKADOT_BINARY}..."
+curl -L -o polkadot "${POLKADOT_URL}/${POLKADOT_BINARY}"
+
+if [ ! -f "polkadot" ]; then
+    echo "Failed to download Polkadot binary"
+    exit 1
+fi
+
+# Install binary
+chmod +x polkadot
+mv polkadot "$(dirname "$POLKADOT_BIN_PATH")/"
+
+# Generate node key if not exists
+if [ ! -f "$POLKADOT_CONFIG_PATH/node-key" ]; then
+    echo "Generating node key..."
+    "$POLKADOT_BIN_PATH" key generate-node-key --file "$POLKADOT_CONFIG_PATH/node-key"
+fi
+
+# Set ownership
+chown -R "$POLKADOT_RUN_USER:$POLKADOT_RUN_GROUP" "$POLKADOT_WORK_PATH"
+chown -R "$POLKADOT_RUN_USER:$POLKADOT_RUN_GROUP" "$POLKADOT_BASE_PATH"
+chown -R "$POLKADOT_RUN_USER:$POLKADOT_RUN_GROUP" "$POLKADOT_RUN_USER_HOME"
+chown -R "$POLKADOT_RUN_USER:$POLKADOT_RUN_GROUP" "$POLKADOT_CONFIG_PATH"
+
+# Build node arguments based on configuration
+NODE_ARGS="--chain $POLKADOT_CHAIN"
+NODE_ARGS="$NODE_ARGS --name $POLKADOT_NODE_NAME"
+NODE_ARGS="$NODE_ARGS --base-path $POLKADOT_BASE_PATH"
+
+# Configure node type and pruning
+case "$POLKADOT_NODE_TYPE" in
+    "light")
+        NODE_ARGS="$NODE_ARGS --light"
+        ;;
+    "full")
+        if [ "$POLKADOT_ARCHIVE_MODE" = "true" ]; then
+            NODE_ARGS="$NODE_ARGS --pruning archive"
+        else
+            # Use pruning settings
+            if [ "${POLKADOT_PRUNING_ENABLED:-true}" = "true" ]; then
+                NODE_ARGS="$NODE_ARGS --pruning ${POLKADOT_STATE_PRUNING:-256}"
+                if [ -n "$POLKADOT_BLOCK_PRUNING" ]; then
+                    NODE_ARGS="$NODE_ARGS --blocks-pruning $POLKADOT_BLOCK_PRUNING"
+                fi
+            fi
+        fi
+        ;;
+    "validator")
+        NODE_ARGS="$NODE_ARGS --validator"
+        if [ "$POLKADOT_ARCHIVE_MODE" != "true" ] && [ "${POLKADOT_PRUNING_ENABLED:-true}" = "true" ]; then
+            NODE_ARGS="$NODE_ARGS --pruning ${POLKADOT_STATE_PRUNING:-256}"
+        fi
+        ;;
+esac
+
+# Network configuration
+NODE_ARGS="$NODE_ARGS --listen-addr ${POLKADOT_LISTEN_ADDR:-/ip4/0.0.0.0/tcp/30333}"
+
+if [ -n "$POLKADOT_PUBLIC_ADDR" ]; then
+    NODE_ARGS="$NODE_ARGS --public-addr $POLKADOT_PUBLIC_ADDR"
+fi
+
+if [ -n "$POLKADOT_BOOTNODES" ]; then
+    IFS=',' read -ra BOOTNODES <<< "$POLKADOT_BOOTNODES"
+    for bootnode in "${BOOTNODES[@]}"; do
+        NODE_ARGS="$NODE_ARGS --bootnode $bootnode"
+    done
+fi
+
+if [ -n "$POLKADOT_RESERVED_NODES" ]; then
+    IFS=',' read -ra RESERVED <<< "$POLKADOT_RESERVED_NODES"
+    for reserved in "${RESERVED[@]}"; do
+        NODE_ARGS="$NODE_ARGS --reserved-node $reserved"
+    done
+fi
+
+if [ "${POLKADOT_RESERVED_ONLY:-false}" = "true" ]; then
+    NODE_ARGS="$NODE_ARGS --reserved-only"
+fi
+
+# RPC configuration
+if [ "${POLKADOT_RPC_ENABLED:-true}" = "true" ]; then
+    NODE_ARGS="$NODE_ARGS --rpc-bind-addr ${POLKADOT_RPC_BIND_ADDR:-127.0.0.1}"
+    NODE_ARGS="$NODE_ARGS --rpc-port ${POLKADOT_RPC_PORT:-9944}"
+    NODE_ARGS="$NODE_ARGS --rpc-cors ${POLKADOT_RPC_CORS:-all}"
+    NODE_ARGS="$NODE_ARGS --rpc-methods ${POLKADOT_RPC_METHODS:-safe}"
+    NODE_ARGS="$NODE_ARGS --rpc-max-connections ${POLKADOT_RPC_MAX_CONNECTIONS:-100}"
+fi
+
+# Performance settings
+NODE_ARGS="$NODE_ARGS --execution ${POLKADOT_EXECUTION:-wasm}"
+NODE_ARGS="$NODE_ARGS --wasm-execution ${POLKADOT_WASM_EXECUTION:-compiled}"
+NODE_ARGS="$NODE_ARGS --state-cache-size ${POLKADOT_STATE_CACHE_SIZE:-67108864}"
+NODE_ARGS="$NODE_ARGS --db-cache ${POLKADOT_DB_CACHE:-1024}"
+
+# Telemetry
+if [ "${POLKADOT_TELEMETRY_ENABLED:-true}" = "true" ]; then
+    NODE_ARGS="$NODE_ARGS --telemetry-url '${POLKADOT_TELEMETRY_URL:-wss://telemetry.polkadot.io/submit/} ${POLKADOT_TELEMETRY_VERBOSITY:-0}'"
+fi
+
+# Sync mode
+case "${POLKADOT_SYNC_MODE:-warp}" in
+    "full")
+        NODE_ARGS="$NODE_ARGS --sync full"
+        ;;
+    "fast")
+        NODE_ARGS="$NODE_ARGS --sync fast"
+        ;;
+    "warp")
+        NODE_ARGS="$NODE_ARGS --sync warp"
+        ;;
+esac
+
+# Logging
+NODE_ARGS="$NODE_ARGS --log ${POLKADOT_LOG_LEVEL:-info}"
+
+# Create systemd service file
+cat > /etc/systemd/system/polkadot-node.service << EOF
+[Unit]
+Description=Polkadot Node (${POLKADOT_NODE_TYPE})
+Documentation=https://docs.polkadot.network/
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=$POLKADOT_RUN_USER
+Group=$POLKADOT_RUN_GROUP
+Environment=RUST_LOG=${POLKADOT_LOG_LEVEL:-info}
+WorkingDirectory=$POLKADOT_WORK_PATH
+ExecStart=$POLKADOT_BIN_PATH $NODE_ARGS
+Restart=always
+RestartSec=10
+
+# Security settings
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=$POLKADOT_WORK_PATH $POLKADOT_BASE_PATH $POLKADOT_CONFIG_PATH
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+
+# Resource limits
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Setup WSS proxy if enabled
+if [ "${POLKADOT_WSS_ENABLED:-false}" = "true" ]; then
+    echo "Setting up secure WebSocket proxy..."
+    
+    # Create nginx configuration for WSS
+    cat > /etc/nginx/sites-available/polkadot-wss << EOF
+server {
+    listen ${POLKADOT_WSS_PORT:-443} ssl http2;
+    server_name ${POLKADOT_WSS_DOMAIN};
+
+    # SSL configuration
+    ssl_certificate ${POLKADOT_SSL_CERT_FILE};
+    ssl_certificate_key ${POLKADOT_SSL_KEY_FILE};
+    
+    # SSL settings
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    # Rate limiting
+    limit_req_zone \$binary_remote_addr zone=wss_limit:10m rate=${POLKADOT_WSS_RATE_LIMIT:-100}r/m;
+    limit_req zone=wss_limit burst=20 nodelay;
+
+    location / {
+        proxy_pass http://127.0.0.1:${POLKADOT_RPC_PORT:-9944};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        
+        # WebSocket specific
+        proxy_read_timeout 86400;
+        proxy_send_timeout 86400;
+    }
+}
+EOF
+
+    # Enable site
+    ln -sf /etc/nginx/sites-available/polkadot-wss /etc/nginx/sites-enabled/
+    
+    # Test nginx configuration
+    nginx -t && systemctl restart nginx
+fi
+
+# Enable and start service
+systemctl daemon-reload
+systemctl "$POLKADOT_SYSTEMCTL_MODE" polkadot-node.service
+
+if [ "$POLKADOT_SYSTEMCTL_MODE" = "enabled" ]; then
+    systemctl start polkadot-node.service
+    
+    # Wait a moment for service to start
+    sleep 5
+fi
+
+echo "Polkadot Node installation completed!"
+echo "Service: polkadot-node.service"
+echo "Node type: $POLKADOT_NODE_TYPE"
+echo "Chain: $POLKADOT_CHAIN"
+echo "Archive mode: $POLKADOT_ARCHIVE_MODE"
+echo "RPC endpoint: ws://${POLKADOT_RPC_BIND_ADDR:-127.0.0.1}:${POLKADOT_RPC_PORT:-9944}"
+
+if [ "${POLKADOT_WSS_ENABLED:-false}" = "true" ]; then
+    echo "WSS endpoint: wss://${POLKADOT_WSS_DOMAIN}:${POLKADOT_WSS_PORT:-443}"
+fi
+
+echo "Configuration: $POLKADOT_CONFIG_PATH/"
+echo "Data directory: $POLKADOT_BASE_PATH"
+echo "Node key: $POLKADOT_CONFIG_PATH/node-key"
+
+# Display service status
+if systemctl is-active --quiet polkadot-node.service; then
+    echo "✅ Polkadot node service is running"
+else
+    echo "⚠️  Polkadot node service status:"
+    systemctl status polkadot-node.service --no-pager -l
+fi
+
+# Cleanup
+cd /
+rm -rf /tmp/polkadot
--- a/taskservs/polkadot/node/default/prepare
+++ b/taskservs/polkadot/node/default/prepare
@ -0,0 +1,140 @@
+#!/bin/bash
+# Info: Polkadot Node preparation script
+# Author: Provisioning System
+# Release: 1.0
+
+echo "Preparing Polkadot Node installation..."
+
+# Load environment variables
+[ -r "env-polkadot-node" ] && . ./env-polkadot-node
+
+# Check if required tools are available
+command -v curl >/dev/null 2>&1 || { echo "curl is required but not installed." >&2; exit 1; }
+command -v systemctl >/dev/null 2>&1 || { echo "systemctl is required but not installed." >&2; exit 1; }
+
+# Validate configuration
+if [ -z "$POLKADOT_VERSION" ]; then
+    echo "POLKADOT_VERSION must be set" >&2
+    exit 1
+fi
+
+# Validate node type
+case "${POLKADOT_NODE_TYPE:-full}" in
+    "full"|"light"|"validator")
+        echo "Node type: ${POLKADOT_NODE_TYPE}"
+        ;;
+    *)
+        echo "Invalid node type: ${POLKADOT_NODE_TYPE}" >&2
+        exit 1
+        ;;
+esac
+
+# Validate chain
+case "${POLKADOT_CHAIN:-polkadot}" in
+    "polkadot"|"kusama"|"westend")
+        echo "Chain: ${POLKADOT_CHAIN}"
+        ;;
+    *)
+        echo "Invalid chain: ${POLKADOT_CHAIN}" >&2
+        exit 1
+        ;;
+esac
+
+# Check available disk space based on node type and pruning
+case "${POLKADOT_NODE_TYPE:-full}" in
+    "light")
+        REQUIRED_SPACE=1000000  # 1GB
+        ;;
+    "full")
+        if [ "${POLKADOT_ARCHIVE_MODE:-false}" = "true" ]; then
+            REQUIRED_SPACE=500000000  # 500GB for archive
+        else
+            REQUIRED_SPACE=50000000   # 50GB for pruned
+        fi
+        ;;
+    "validator")
+        REQUIRED_SPACE=100000000  # 100GB for validator
+        ;;
+esac
+
+AVAILABLE_SPACE=$(df "${POLKADOT_BASE_PATH:-/var/lib/polkadot/data}" 2>/dev/null | awk 'NR==2 {print $4}' || echo "0")
+if [ "$AVAILABLE_SPACE" -ne "0" ] && [ "$AVAILABLE_SPACE" -lt "$REQUIRED_SPACE" ]; then
+    echo "Warning: Insufficient disk space for ${POLKADOT_NODE_TYPE} node"
+    echo "Available: $(($AVAILABLE_SPACE / 1024))MB, Recommended: $(($REQUIRED_SPACE / 1024))MB"
+fi
+
+# Check port availability
+PORTS=(
+    "${POLKADOT_RPC_PORT:-9944}"
+    "${POLKADOT_WS_PORT:-9944}"
+    "${POLKADOT_HTTP_PORT:-9933}"
+    "30333"  # P2P port
+)
+
+for port in "${PORTS[@]}"; do
+    if command -v netstat >/dev/null 2>&1; then
+        if netstat -tuln | grep -q ":$port "; then
+            echo "Warning: Port $port appears to be in use"
+        fi
+    elif command -v ss >/dev/null 2>&1; then
+        if ss -tuln | grep -q ":$port "; then
+            echo "Warning: Port $port appears to be in use"
+        fi
+    fi
+done
+
+# Validate pruning configuration
+if [ "${POLKADOT_ARCHIVE_MODE:-false}" = "true" ] && [ "${POLKADOT_PRUNING_ENABLED:-true}" = "true" ]; then
+    echo "Error: Cannot enable both archive mode and pruning" >&2
+    exit 1
+fi
+
+# Validate WSS configuration
+if [ "${POLKADOT_WSS_ENABLED:-false}" = "true" ]; then
+    if [ -z "$POLKADOT_WSS_DOMAIN" ]; then
+        echo "Error: WSS enabled but domain not configured" >&2
+        exit 1
+    fi
+    
+    if [ "${POLKADOT_SSL_ENABLED:-false}" != "true" ]; then
+        echo "Error: WSS requires SSL to be enabled" >&2
+        exit 1
+    fi
+    
+    if [ -z "$POLKADOT_SSL_CERT_FILE" ] || [ -z "$POLKADOT_SSL_KEY_FILE" ]; then
+        echo "Error: SSL certificate files not configured" >&2
+        exit 1
+    fi
+    
+    echo "WSS configuration validated for domain: $POLKADOT_WSS_DOMAIN"
+fi
+
+# Check memory requirements
+if command -v free >/dev/null 2>&1; then
+    FREE_MEMORY=$(free -m | awk '/^Mem:/{print $7}')
+    MIN_MEMORY=2048
+    
+    case "${POLKADOT_NODE_TYPE:-full}" in
+        "validator"|"full")
+            MIN_MEMORY=4096
+            ;;
+        "light")
+            MIN_MEMORY=1024
+            ;;
+    esac
+    
+    if [ "$FREE_MEMORY" -lt "$MIN_MEMORY" ]; then
+        echo "Warning: Insufficient memory for ${POLKADOT_NODE_TYPE} node"
+        echo "Available: ${FREE_MEMORY}MB, Recommended: ${MIN_MEMORY}MB"
+    fi
+fi
+
+echo "Preparation completed successfully."
+echo ""
+echo "Node configuration:"
+echo "- Type: ${POLKADOT_NODE_TYPE:-full}"
+echo "- Chain: ${POLKADOT_CHAIN:-polkadot}"
+echo "- Archive mode: ${POLKADOT_ARCHIVE_MODE:-false}"
+echo "- Pruning enabled: ${POLKADOT_PRUNING_ENABLED:-true}"
+echo "- WSS enabled: ${POLKADOT_WSS_ENABLED:-false}"
+echo "- Data path: ${POLKADOT_BASE_PATH:-/var/lib/polkadot/data}"
--- a/taskservs/polkadot/node/default/provisioning.toml
+++ b/taskservs/polkadot/node/default/provisioning.toml
@ -0,0 +1,2 @@
+info = "polkadot-node"
+release = "1.0"
--- a/taskservs/polkadot/node/default/setup-ssl.sh.j2
+++ b/taskservs/polkadot/node/default/setup-ssl.sh.j2
@ -0,0 +1,108 @@
+#!/bin/bash
+# Info: SSL setup script for Polkadot Node WSS
+# Author: Provisioning System
+
+set -e
+
+DOMAIN="{{ polkadot_node.wss.domain }}"
+SSL_CERT_FILE="{{ polkadot_node.wss.ssl.cert_file }}"
+SSL_KEY_FILE="{{ polkadot_node.wss.ssl.key_file }}"
+EMAIL=${SSL_EMAIL:-admin@${DOMAIN}}
+
+echo "Setting up SSL certificates for Polkadot Node WSS..."
+
+# Function to setup Let's Encrypt certificate
+setup_letsencrypt() {
+    echo "Setting up Let's Encrypt certificate for $DOMAIN..."
+    
+    # Stop nginx temporarily
+    systemctl stop nginx 2>/dev/null || true
+    
+    # Generate certificate
+    certbot certonly --standalone \
+        --non-interactive \
+        --agree-tos \
+        --email "$EMAIL" \
+        -d "$DOMAIN"
+    
+    # Copy certificates to expected locations
+    cp "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" "$SSL_CERT_FILE"
+    cp "/etc/letsencrypt/live/$DOMAIN/privkey.pem" "$SSL_KEY_FILE"
+    
+    # Set proper permissions
+    chmod 644 "$SSL_CERT_FILE"
+    chmod 600 "$SSL_KEY_FILE"
+    chown root:root "$SSL_CERT_FILE" "$SSL_KEY_FILE"
+    
+    echo "Let's Encrypt certificate installed successfully"
+}
+
+# Function to generate self-signed certificate
+setup_selfsigned() {
+    echo "Generating self-signed certificate for $DOMAIN..."
+    
+    openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+        -keyout "$SSL_KEY_FILE" \
+        -out "$SSL_CERT_FILE" \
+        -subj "/C=US/ST=State/L=City/O=Organization/CN=$DOMAIN"
+    
+    # Set proper permissions
+    chmod 644 "$SSL_CERT_FILE"
+    chmod 600 "$SSL_KEY_FILE"
+    chown root:root "$SSL_CERT_FILE" "$SSL_KEY_FILE"
+    
+    echo "Self-signed certificate generated successfully"
+}
+
+# Create certificate directories
+mkdir -p "$(dirname "$SSL_CERT_FILE")"
+mkdir -p "$(dirname "$SSL_KEY_FILE")"
+
+# Setup certificate based on preference
+case "${SSL_METHOD:-letsencrypt}" in
+    "letsencrypt")
+        setup_letsencrypt
+        ;;
+    "selfsigned")
+        setup_selfsigned
+        ;;
+    *)
+        echo "Invalid SSL method: ${SSL_METHOD}"
+        echo "Use 'letsencrypt' or 'selfsigned'"
+        exit 1
+        ;;
+esac
+
+# Verify certificates
+if [ -f "$SSL_CERT_FILE" ] && [ -f "$SSL_KEY_FILE" ]; then
+    echo "SSL certificates installed:"
+    echo "Certificate: $SSL_CERT_FILE"
+    echo "Private key: $SSL_KEY_FILE"
+    
+    # Test certificate
+    openssl x509 -in "$SSL_CERT_FILE" -noout -text | grep -E "(Subject:|Issuer:|Not After:)"
+else
+    echo "Error: SSL certificate setup failed"
+    exit 1
+fi
+
+# Setup certificate renewal for Let's Encrypt
+if [ "${SSL_METHOD:-letsencrypt}" = "letsencrypt" ]; then
+    # Create renewal hook
+    cat > /etc/letsencrypt/renewal-hooks/deploy/polkadot-node.sh << 'EOF'
+#!/bin/bash
+# Copy renewed certificates
+cp "/etc/letsencrypt/live/{{ polkadot_node.wss.domain }}/fullchain.pem" "{{ polkadot_node.wss.ssl.cert_file }}"
+cp "/etc/letsencrypt/live/{{ polkadot_node.wss.domain }}/privkey.pem" "{{ polkadot_node.wss.ssl.key_file }}"
+
+# Reload nginx
+systemctl reload nginx
+
+echo "Polkadot Node SSL certificates renewed"
+EOF
+    
+    chmod +x /etc/letsencrypt/renewal-hooks/deploy/polkadot-node.sh
+    echo "Certificate auto-renewal configured"
+fi
+
+echo "SSL setup completed successfully!"