Substrate Operations Workshop

# Substrate Infrastructure and Operations  slides: https://hackmd.io/@nlWRE-3fQzmUnPRDIXb2Ag/ryKn1irtv#/ ---- ---- ## Outline - Acount Key Management - Node Protection - Monitoring & Metrics - Disaster Recovery ---- ## Key Management ---- ## Kinds of Keys ![](https://i.imgur.com/HUzKz3e.png) ---- ### Account Keys - Main Keys - Controller Keys - Proxy Keys ---- ### Main Keys - SR25519 or ED25519 - Multisig ---- ### Controller Keys - Used soley for Staking Operations - Can be separate from stash or not - May be deprecated in the future and have proxy keys everywhere ---- ### Proxy Keys ![](https://i.imgur.com/kllMIjl.png) ---- ### Proxy Keys - Non-Transfer - Governance - Staking - IdentityJudgement ---- ### Anonymous Proxies - "Pure Proxies" - Account with a private key - Anonymous proxy become the `Proxied` account and the creating account becomes the `Proxy` account ---- ### Time Delay Proxies ![](https://i.imgur.com/CRaI2x1.png) ---- ### Time Delay Proxies - Can announce and cancel transactions with a buffer of _x_ amount of blocks ---- ### Time Delay Proxies ![](https://i.imgur.com/c80D9Im.png) ---- ## Node Protection ---- ### Kinds of Nodes - Bootnodes - RPC Nodes - Validator Nodes - Collator Nodes - Full Nodes - Sentry Nodes (r.i.p) ---- ### RPC Protection - Firewalling - Restricting access to certain calls ---- ### Granular RPC Restriction ![](https://i.imgur.com/cMYU7qI.png) ---- ### General RPC Restriction ![](https://i.imgur.com/d6D8kLK.png) ---- ## DoS Protection ---- ### Sentry Nodes ![](https://i.imgur.com/6HXDwhK.png) ---- ### Polkadot Sentry Nodes ![](https://i.imgur.com/Ncjwddi.png) ---- ### Without Sentry Nodes - Validators can't be in private networks - Set up L4 TCP Proxy - Remote Signing ---- ### Remote Signing ![](https://i.imgur.com/4NfUajy.png) ---- ## Monitoring & Observability ---- ### Key Metrics - Consensus - Babe - Grandpa - Client - Peers & Connectivity - CPU & Memory usage - Enough File Space ---- ## Babe - Slot Authorship Allocations & Missed Slots ---- ## Babe Epoch Opportunities: ``` curl -H "Content-Type: application/json" -d '{"id":1, "jsonrpc":"2.0", "method": "babe_epochAuthorship", "params":[]}' http://localhost:9933 ``` - SlotIndex = UNIX_TIMESTAMP / slot_duration - In sync with block times unless slots are missed ---- ## Babe - Authorship Types - Primary - Secondary - Secondary VRF ---- ## Babe ![](https://i.imgur.com/5bF2wXX.png) ![](https://i.imgur.com/N2C7NzM.png) ---- ## Grandpa - Logs - Telemetry - Client Prometheus Metrics - Grandpa State Dump ---- ## Grandpa Telemetry: ![](https://i.imgur.com/pe4wQSL.png) ---- ## Grandpa Client: ![](https://i.imgur.com/MuFOzeu.png) ---- ## Grandpa State Dump: ![](https://i.imgur.com/3BEnAcO.png) ---- ## Disaster Recovery - Chain Bricks - Finality Halted - Validator Stalls ---- ## Other Things ---