Maintenance of bootnodes - gatotech

[miloskriz]

Dear all, hello!

Please consider the following changes to the bootnode information for the chains indicated below:

• Polkadot: Update of url + port for gatotech's bootnode. Removal of unsecure websocket endpoint.
• Kusama: Update of url + port for gatotech's bootnode. Removal of unsecure websocket endpoint.
• Westend: Update of url + port for gatotech's bootnode. Removal of unsecure websocket endpoint.

(These bootnodes were originally added in PR #6499)

The changes have been tested at length and can be quickly checked with the following commands:

# Polkadot
polkadot --no-hardware-benchmarks --no-mdns --chain polkadot --reserved-only --reserved-nodes "/dns/boot-cr.gatotech.network/tcp/33100/p2p/12D3KooWK4E16jKk9nRhvC4RfrDVgcZzExg8Q3Q2G7ABUUitks1w"
polkadot --no-hardware-benchmarks --no-mdns --chain polkadot --reserved-only --reserved-nodes "/dns/boot-cr.gatotech.network/tcp/35100/wss/p2p/12D3KooWK4E16jKk9nRhvC4RfrDVgcZzExg8Q3Q2G7ABUUitks1w"

# Kusama
polkadot --no-hardware-benchmarks --no-mdns --chain kusama --reserved-only --reserved-nodes "/dns/boot-cr.gatotech.network/tcp/33200/p2p/12D3KooWRNZXf99BfzQDE1C8YhuBbuy7Sj18UEf7FNpD8egbURYD"
polkadot --no-hardware-benchmarks --no-mdns --chain kusama --reserved-only --reserved-nodes "/dns/boot-cr.gatotech.network/tcp/35200/wss/p2p/12D3KooWRNZXf99BfzQDE1C8YhuBbuy7Sj18UEf7FNpD8egbURYD"

# Westend
polkadot --no-hardware-benchmarks --no-mdns --chain westend --reserved-only --reserved-nodes "/dns/boot-cr.gatotech.network/tcp/33300/p2p/12D3KooWQGR1vUhoy6mvQorFp3bZFn6NNezhQZ6NWnVV7tpFgoPd"
polkadot --no-hardware-benchmarks --no-mdns --chain westend --reserved-only --reserved-nodes "/dns/boot-cr.gatotech.network/tcp/35300/wss/p2p/12D3KooWQGR1vUhoy6mvQorFp3bZFn6NNezhQZ6NWnVV7tpFgoPd"

Note: Bootnode support via previous endpoints will continue to be provided for a while even after this request is merged into a new binary version, to allow the networks to progressively upgrade to the new endpoints.

Many thanks!! have a great week!!

Best regards

Milos

[ggwpez]

We now got a check for the bootnodes and it reported one failure:. You can check it by clicking on the check_bootnodes CI output. I restarted it, maybe that helps.

[!] Bad bootnodes found for polkadot-new-chainspec:
    /dns/boot-cr.gatotech.network/tcp/[35](https://github.com/paritytech/polkadot/actions/runs/5176320840/jobs/9324991806?pr=7331#step:4:36)100/wss/p2p/12D3KooWK4E16jKk9nRhvC4RfrDVgcZzExg8Q3Q2G7ABUUitks1w

[miloskriz]

Thanks for the heads-up @ggwpez!!!

I can confirm that the rough test using --reserved-only method is still resulting OK for the Westend wss endpoint:

# trying "reserved-only" method:

$ polkadot --no-hardware-benchmarks --no-mdns --chain westend --reserved-only --reserved-nodes "/dns/boot-cr.gatotech.network/tcp/35300/wss/p2p/12D3KooWQGR1vUhoy6mvQorFp3bZFn6NNezhQZ6NWnVV7tpFgoPd"

# it results in success!!:

2023-06-05 12:30:50 Parity Polkadot
2023-06-05 12:30:50 ✌️  version 0.9.42-9b1fc27cec4
2023-06-05 12:30:50 ❤️  by Parity Technologies <admin@parity.io>, 2017-2023
2023-06-05 12:30:50 📋 Chain specification: Westend
2023-06-05 12:30:50 🏷  Node name: sore-tank-3414
2023-06-05 12:30:50 👤 Role: FULL
2023-06-05 12:30:50 💾 Database: RocksDb at /home/mkriz/.local/share/polkadot/chains/westend2/db/full
2023-06-05 12:30:50 ⛓  Native runtime: westend-9420 (parity-westend-0.tx21.au2)
2023-06-05 12:30:55 🏷  Local node identity is: 12D3KooWF93L7VVVVgPRjjMbcwUEq36CqDXM1WKkSUyobp28G5Hm
2023-06-05 12:30:55 💻 Operating system: linux
2023-06-05 12:30:55 💻 CPU architecture: x86_64
2023-06-05 12:30:55 💻 Target environment: gnu
2023-06-05 12:30:55 💻 CPU: AMD EPYC 7443 24-Core Processor
2023-06-05 12:30:55 💻 CPU cores: 2
2023-06-05 12:30:55 💻 Memory: 3923MB
2023-06-05 12:30:55 💻 Kernel: 5.15.0-71-generic
2023-06-05 12:30:55 💻 Linux distribution: Ubuntu 22.04.2 LTS
2023-06-05 12:30:55 💻 Virtual machine: yes
2023-06-05 12:30:55 📦 Highest known block at #34304
2023-06-05 12:30:55 〽️ Prometheus exporter started at 127.0.0.1:9615
2023-06-05 12:30:55 Running JSON-RPC HTTP server: addr=127.0.0.1:9933, allowed origins=["http://localhost:*", "http://127.0.0.1:*", "https://localhost:*", "https://127.0.0.1:*", "https://polkadot.js.org"]
2023-06-05 12:30:55 Running JSON-RPC WS server: addr=127.0.0.1:9944, allowed origins=["http://localhost:*", "http://127.0.0.1:*", "https://localhost:*", "https://127.0.0.1:*", "https://polkadot.js.org"]
2023-06-05 12:31:00 ⚙️  Syncing, target=#16133336 (1 peers), best: #36960 (0x5c9e…ea86), finalized #36864 (0xcef5…0af0), ⬇ 152.7kiB/s ⬆ 2.6kiB/s
2023-06-05 12:31:05 ⚙️  Syncing 793.2 bps, target=#16133337 (1 peers), best: #40926 (0x360d…c7f1), finalized #40791 (0x612b…2848), ⬇ 224.7kiB/s ⬆ 2.6kiB/s
2023-06-05 12:31:10 ⚙️  Syncing 633.0 bps, target=#16133338 (1 peers), best: #44091 (0xb19c…8edc), finalized #44032 (0xe000…e379), ⬇ 182.2kiB/s ⬆ 2.1kiB/s
(...)

A quick check to the offloading of the adequate SSL certificate was also performed:

# testing the SSL certificate using the "curl" method:

$ curl https://boot-cr.gatotech.network:35300 -vvI

#result in success!

*   Trying 138.59.133.248:35300...
* Connected to boot-cr.gatotech.network (138.59.133.248) port 35300 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=*.gatotech.network
*  start date: May 21 16:57:17 2023 GMT
*  expire date: Aug 19 16:57:16 2023 GMT
*  subjectAltName: host "boot-cr.gatotech.network" matched cert's "*.gatotech.network"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> HEAD / HTTP/1.1
> Host: boot-cr.gatotech.network:35300
> User-Agent: curl/7.81.0
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS alert, close notify (256):
* Empty reply from server
* Closing connection 0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (52) Empty reply from server

finally, using a Westend's modified chain-spec (from this repo where all bootnodes has been removed), a final test was made using the --bootnodes flag:

# passing the "bootnodes" option to a sanitised Westend chain-spec

$ polkadot --no-hardware-benchmarks --no-mdns --chain ~/westend.json --bootnodes "/dns/boot-cr.gatotech.network/tcp/35300/wss/p2p/12D3KooWQGR1vUhoy6mvQorFp3bZFn6NNezhQZ6NWnVV7tpFgoPd"

# it results in success!!:

2023-06-05 12:39:33 Parity Polkadot
2023-06-05 12:39:33 ✌️  version 0.9.42-9b1fc27cec4
2023-06-05 12:39:33 ❤️  by Parity Technologies <admin@parity.io>, 2017-2023
2023-06-05 12:39:33 📋 Chain specification: Westend
2023-06-05 12:39:33 🏷  Node name: ordinary-crayon-9113
2023-06-05 12:39:33 👤 Role: FULL
2023-06-05 12:39:33 💾 Database: RocksDb at /home/mkriz/.local/share/polkadot/chains/westend2/db/full
2023-06-05 12:39:33 ⛓  Native runtime: westend-9420 (parity-westend-0.tx21.au2)
2023-06-05 12:39:38 🏷  Local node identity is: 12D3KooWF93L7VVVVgPRjjMbcwUEq36CqDXM1WKkSUyobp28G5Hm
2023-06-05 12:39:38 💻 Operating system: linux
2023-06-05 12:39:38 💻 CPU architecture: x86_64
2023-06-05 12:39:38 💻 Target environment: gnu
2023-06-05 12:39:38 💻 CPU: AMD EPYC 7443 24-Core Processor
2023-06-05 12:39:38 💻 CPU cores: 2
2023-06-05 12:39:38 💻 Memory: 3923MB
2023-06-05 12:39:38 💻 Kernel: 5.15.0-71-generic
2023-06-05 12:39:38 💻 Linux distribution: Ubuntu 22.04.2 LTS
2023-06-05 12:39:38 💻 Virtual machine: yes
2023-06-05 12:39:38 📦 Highest known block at #45633
2023-06-05 12:39:38 〽️ Prometheus exporter started at 127.0.0.1:9615
2023-06-05 12:39:38 Running JSON-RPC HTTP server: addr=127.0.0.1:9933, allowed origins=["http://localhost:*", "http://127.0.0.1:*", "https://localhost:*", "https://127.0.0.1:*", "https://polkadot.js.org"]
2023-06-05 12:39:38 Running JSON-RPC WS server: addr=127.0.0.1:9944, allowed origins=["http://localhost:*", "http://127.0.0.1:*", "https://localhost:*", "https://127.0.0.1:*", "https://polkadot.js.org"]
2023-06-05 12:39:40 🔍 Discovered new external address for our node: /ip4/138.59.133.248/tcp/30333/ws/p2p/12D3KooWF93L7VVVVgPRjjMbcwUEq36CqDXM1WKkSUyobp28G5Hm
2023-06-05 12:39:43 ⚙️  Syncing, target=#16133424 (6 peers), best: #49275 (0x339d…d766), finalized #49191 (0x64a3…1db2), ⬇ 285.1kiB/s ⬆ 9.5kiB/s
2023-06-05 12:39:48 ⚙️  Syncing 1025.0 bps, target=#16133424 (8 peers), best: #54400 (0x4c71…1bb3), finalized #54272 (0xc6f2…a342), ⬇ 326.2kiB/s ⬆ 12.9kiB/s
2023-06-05 12:39:53 ⚙️  Syncing 998.2 bps, target=#16133425 (10 peers), best: #59391 (0x93bb…0351), finalized #58880 (0x9788…d03f), ⬇ 308.5kiB/s ⬆ 8.4kiB/s
2023-06-05 12:39:58 ⚙️  Syncing 955.6 bps, target=#16133426 (14 peers), best: #64169 (0xd5f1…9fe2), finalized #64000 (0xc5d1…b454), ⬇ 279.3kiB/s ⬆ 12.5kiB/s
(...)

Disclaimer: no tests were carried out in regards of the ability of smodot instances being able to connect to this endpoint.

Do you think that maybe there is something going on with the automated Github test that is refusing to connect to this endpoint?

Thanks again!!

Milos

[miloskriz]

Dear @ggwpez, dear team,

Could you please re-run the checks for the bootnodes?

Please note that I just realised that the issue was in polkadot's WSS connection (instead of Westend as I initially thought)..

A quick correction to the SSL offloading fixed the issue.

Many thanks for your help on this, and for considering this PR for further processing!!

Best regards

Milos

[ggwpez]

Yes the check is green now. Thanks @miloskriz!