跳到主要内容

🚄 Setup and run a Collator

Installation > Configuration > Running > Sync > Session keys > Bond

🔑 Collator session keys

To collate on the Manta chain, two accounts/keys are required at any given time:

  • Collator Account: This is the account that holds the collator bond. it is also the account that the collator's share of transaction fees will be deposited into. the bond cannot be spent while the account is collating. the keys for this account should be protected carefully and should never exist on the filesystem of the collator node.
  • Nimbus Session Key: This is a disposable account used to identify your individual node and blocks it has produced with other nodes on the network. Substrate stores this key in the parachain keystore on the filesystem of the collator node (/var/lib/substrate/chains/manta/keystore) when either of the author_insertKey or author_rotateKeys RPC methods are called. As this is a hot-wallet key that can be abused to impersonate your node if leaked (potentially leading to slashing of deposited funds in the future) it is good practice to infrequently rotate the session key - typically every half year, once per session at most.

Both keys are associated with one another to create a bond-node pair for transaction fee reward payouts and (in the future) slashing.

In addition, your node might have two additional keys in storage:

  • Aura Session Key: Now-unused key to decide eligibility to author blocks before v3.3.0
  • VRF Session Key: Placeholder for a future VRF-based block proposer assignment mechanism that is inactive as of v3.2.1. The future mechanism will use the key you set here, so if you set it now, you won't have to touch the node later when it is enabled.
danger

Both of the following methods (insert, rotate) use an unsafe RPC call to set the node session key. In order to use them, you must stop the node if running and start it with a --rpc-methods=unsafe CLI parameter. This mode of operation is unsafe when exposed to the public internet, restart the node without this CLI parameter when done.

This command demonstrates a session key insertion using a key created with

  • Build/Install subkey for your platform
  • Install the jq utility for your platform
  • Generate a Nimbus (nmbs) key and insert/check payloads with subkey/jq
    #!/bin/bash
    subkey generate \
    --scheme sr25519 \
    --network manta \
    --output-type json \
    --words 12 \
    > ./nmbs.json
    echo '{
    "jsonrpc":"2.0",
    "id":1,
    "method":"author_insertKey",
    "params": [
    "nmbs",
    "nmbs mnemonic phrase",
    "nmbs hex public key"
    ]
    }' | jq \
    --arg mnemonic "$(jq -r .secretPhrase ./nmbs.json)" \
    --arg hex "$(jq -r .publicKey ./nmbs.json)" \
    '. | .params[1] = $mnemonic | .params[2] = $hex' > ./insert-nmbs.json
    echo '{
    "jsonrpc":"2.0",
    "id":1,
    "method":"author_hasKey",
    "params": [
    "nmbs hex public key",
    "nmbs"
    ]
    }' | jq \
    --arg hex "$(jq -r .publicKey ./nmbs.json)" \
    '. | .params[0] = $hex' > ./check-nmbs.json
  • Generate a VRF (rand) key and insert/check payloads with subkey/jq
    #!/bin/bash
    subkey generate \
    --scheme sr25519 \
    --network manta \
    --output-type json \
    --words 12 \
    > ./rand.json
    echo '{
    "jsonrpc":"2.0",
    "id":1,
    "method":"author_insertKey",
    "params": [
    "rand",
    "rand mnemonic phrase",
    "rand hex public key"
    ]
    }' | jq \
    --arg mnemonic "$(jq -r .secretPhrase ./rand.json)" \
    --arg hex "$(jq -r .publicKey ./rand.json)" \
    '. | .params[1] = $mnemonic | .params[2] = $hex' > ./insert-rand.json
    echo '{
    "jsonrpc":"2.0",
    "id":1,
    "method":"author_hasKey",
    "params": [
    "rand hex public key",
    "rand"
    ]
    }' | jq \
    --arg hex "$(jq -r .publicKey ./rand.json)" \
    '. | .params[0] = $hex' > ./check-rand.json
  • Execute the author_insertKey RPC payloads
    #!/bin/bash
    for key in nmbs rand; do
    curl \
    --header 'Content-Type: application/json;charset=utf-8' \
    --data @./insert-${key}.json \
    http://localhost:9133
    done
  • Validation: Check that the session keys stored in the node match the generated ones (below command returns a "result":true field)
    #!/bin/bash
    for key in nmbs rand; do
    has_key=$(curl \
    -s \
    --header 'Content-Type: application/json;charset=utf-8' \
    --data @./check-${key}.json \
    http://localhost:9133 )
    echo "${key}: ${has_key}"
    done
  • Validation: Check that node logs show your node is running with role: AUTHORITY (check the timestamps)
    #!/bin/bash
    journalctl -u manta.service -g AUTHORITY
  • Note down the publicKey fields from nmbs.json and rand.json and/or back-up these key files to a secure, offline location
  • Cleanup: Remove secrets from the filesystem that were created in earlier steps
    #!/bin/bash
    rm ./nmbs.json ./rand.json ./insert-nmbs.json ./insert-rand.json
note

Verify that your node does NOT show log lines like 2022-07-19 17:24:18 [Parachain] 🔏 No Nimbus keys available. We will not be able to author.
If it does even after restarting the node the procedure above failed, redo the above steps following the instructions closely.

Bind collator account to the Session Keys

note

If your collator node logs do not contain both [Relaychain] 💤 Idle and [Parachain] 💤 Idle messages, your node is still syncing. DO NOT BIND a collator account to session key if sync is incomplete. Doing so may result in ejection of your collator.

Account binding is done on-chain. The simplest way to do this is using polkadot.js.

  • Load manta/developer/extrinsics in a browser: session.setkeys() :::
    • In the first box, labelled "using the selected account", select the collator account holding the collator MANTA bond.
    • In the second (dropdown) box labelled "submit the following extrinsic", select session.
    • In the third (dropdown) box, select setKeys(keys, proof) :::
    • In the fifth box, labelled nimbus: NimbusPrimitivesNimbusCryptoPublic, enter the hex public key of the Nimbus session key you generated earlier.
    • In the sixth box, labelled vrf: SessionKeyPrimitivesVrfVrfCryptoPublic, enter the hex public key of the VRF session key you generated earlier.
    • In the seventh box labelled proof: Bytes, enter the hex public key of the Nimbus session key again.
    • Click on the Submit Transaction button and wait for confirmation (a green tick), to appear in the upper right corner of the browser window.
  • Verfy that the collator account and the Session keys are bound by loading manta/developer/chain state in a browser: session.nextkeys() :::
    • In the first (dropdown) box, labelled "selected state query", select session.
    • In the second (dropdown) box, select nextKeys(AccountId32): Option<MantaRuntimeOpaqueSessionKeys>.
    • In the third (dropdown) box, select the collator account holding the MANTA collator bond.
    • Leave the include option checkbox selected.
    • Leave the blockhash to query at box set to the default 0x value.
    • Click on the small plus (+) icon to the right of the second dropdown box.
    • Verify that a new box labelled session.nextKeys(AccountId32): Option<MantaRuntimeOpaqueSessionKeys> appears and contains a json object whose,nimbus and vrf values are set to the hex public keys generated earlier.