4.0 KiB
Perfect! I've successfully created comprehensive Polkadot taskservs for the provisioning system. Here's what was built:
🔗 Polkadot Node Taskserv (polkadot-node)
Created files:
- taskservs/polkadot-node/kcl/polkadot-node.k - Complete KCL schema definitions
- taskservs/polkadot-node/default/provisioning.toml - Service metadata
- taskservs/polkadot-node/default/env-polkadot-node.j2 - Environment configuration
- taskservs/polkadot-node/default/install-polkadot-node.sh - Installation script
- taskservs/polkadot-node/default/prepare - Preparation and validation script
- taskservs/polkadot-node/default/setup-ssl.sh.j2 - SSL/TLS setup script
Features:
- Node Types: Full, Light, and Validator nodes
- Pruning Options:
- State pruning (configurable blocks to keep)
- Block pruning (optional)
- Archive mode (no pruning)
- Sync Modes: Full, Fast, Warp synchronization
- Networks: Polkadot, Kusama, Westend support
- RPC Services: WebSocket and HTTP endpoints with rate limiting
- WSS Support: Secure WebSocket with Nginx proxy and SSL/TLS
- Performance: Configurable cache sizes and execution strategies
🚀 Polkadot Bootnode Taskserv (polkadot-bootnode)
Created files:
- taskservs/polkadot-bootnode/kcl/polkadot-bootnode.k - KCL schema definitions
- taskservs/polkadot-bootnode/default/provisioning.toml - Service metadata
- taskservs/polkadot-bootnode/default/env-polkadot-bootnode.j2 - Environment configuration
- taskservs/polkadot-bootnode/default/install-polkadot-bootnode.sh - Installation script
- taskservs/polkadot-bootnode/default/prepare - Preparation and validation script
- taskservs/polkadot-bootnode/default/setup-ssl.sh.j2 - SSL/TLS setup script
Features:
- Dedicated Ports: P2P (30310), WS (30311), WSS (30312)
- Network Discovery: Helps nodes find peers and join networks
- Multi-Protocol: Direct P2P, WebSocket, and Secure WebSocket connections
- Node Key Management: Automatic ED25519 key generation and peer ID extraction
- Connection Info: Generates bootnode connection strings for other nodes
🔒 Secure WebSocket (WSS) Support
Both taskservs include comprehensive WSS support:
SSL/TLS Configuration
- Let's Encrypt: Automatic certificate generation and renewal
- Self-Signed: Manual certificate generation for development
- Certificate Management: Automatic renewal hooks and validation
Nginx Proxy Setup
- Rate Limiting: Configurable request limits per minute
- Security Headers: Proper SSL configuration and ciphers
- WebSocket Tunneling: Proper upgrade headers and connection handling
- Load Balancing: Ready for multi-node deployments
Connection Examples
Polkadot Node
wss://node.example.com:443
Polkadot Bootnode
wss://bootnode.example.com:30312
📋 Usage Examples
Deploy Full Node (Pruned)
./core/nulib/provisioning taskserv create polkadot-node
Deploy Archive Node
Configure archive_mode: true in KCL configuration
./core/nulib/provisioning taskserv create polkadot-node
Deploy Bootnode with WSS
Configure wss.enabled: true and ssl certificates
./core/nulib/provisioning taskserv create polkadot-bootnode
🔧 Key Configuration Options
Node Types & Pruning
- node_type: full, light, validator
- archive_mode: true/false
- pruning.mode: state, block, both
- pruning.blocks_to_keep: number of blocks to retain
Network Configuration
- chain: polkadot, kusama, westend
- bootnodes: array of bootnode addresses
- max_peers: maximum peer connections
WSS Configuration
- wss.enabled: enable secure WebSocket support
- wss.domain: domain name for SSL certificate
- ssl.cert_file: SSL certificate path
- ssl.key_file: SSL private key path
All services are automatically discovered by the provisioning system and can be deployed using:
- ./core/nulib/provisioning taskserv create polkadot-node
- ./core/nulib/provisioning taskserv create polkadot-bootnode
These taskservs provide production-ready Polkadot infrastructure with comprehensive security, monitoring, and configuration options.