Skip to content

[doc] add configs and client description to bridge node runbook #19361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Sep 14, 2024
Merged

[doc] add configs and client description to bridge node runbook #19361

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
46236e9
rebase
longbowlu Sep 14, 2024
95bfc98
add metrics to config template
longbowlu Sep 14, 2024
f0110de
comments
longbowlu Sep 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 49 additions & 1 deletion bridge/runbook/validator_runbook.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ To double check your registered the correct metadata onchain, run
sui-bridge-cli view-bridge-registration --sui-rpc-url {SUI_FULLNODE_URL}
```

## Bridge Node

### Bridge Node Hardware Requirements

Suggested hardware requirements:
Expand All @@ -57,7 +59,7 @@ Suggested hardware requirements:
* Storage: 200GB
* Network: 100Mbps

### WAF Protection for Sui Bridge Server
### WAF Protection for Bridge Node

In order to protect against DDOS and attacks intended to expend validator resources, rate limit protection of the bridge server is required.
In addition to protection, this will give node operators fine-grained control over the rate of requests the receive, and observability into those requests.
Expand Down Expand Up @@ -91,3 +93,49 @@ backend bridgevalidator
```

If choosing to use an open source load-balancing option, make sure to set up metrics collection and alerting on the service.

### Bridge Node Config
Use `sui-bridge-cli` command to create a template. If you want to run `BridgeClient` (see the following section), pass `--run-client` as a parameter.

```
sui-bridge-cli create-bridge-node-config-template {PATH}
sui-bridge-cli create-bridge-node-config-template --run-client {PATH}
```

In the generated config:
* `server-listen-port` : the port that Bridge Node listens to handle requests
* `metrics-port`: port to export prometheus metrics
* `bridge-authority-key-path` is the path to the Bridge Validator key, generated from `sui-bridge-cli create-bridge-validator-key` from above command.
* `run-client`: if Bridge Client should be enabled in Bridge Node (more instructions for this below)
* `approved-governance-actions` : a list of governance actions that you want to support.
* `sui:sui-rpc-url`: Sui RPC URL
* `sui:sui-bridge-chain-id`: 0 for Sui Mainnet, 1 for Sui Testnet
* `eth:eth-rpc-url`: Ethereum RPC URL
* `eth:eth-bridge-proxy-address`: The proxy address for Bridge Solidity contracts on Ethereum.
* `eth:eth-bridge-chain-id`: 10 for Ethereum Mainnet, 11 for Sepolia Testnet
* `eth:eth-contracts-start-block-fallback`: The starting block BridgeNodes queries for from Ethereum FullNode. This number should be the block where Solidity contracts are deployed or slightly before.
* `metrics:push-url`: The url of the remote Sui metrics pipeline: `https://metrics-proxy.[testnet|mainnet].sui.io:8443/publish/metrics`

With `run-client: true`, these additional fields can be found in the generated config:
* `db-path`: path of BridgeClient DB, for BridgeClient
* `sui:bridge-client-key-path`: the file path of Bridge Client key. This key can be generated with `sui-bridge-cli create-bridge-client-key` as shown above. When `run-client` is true but `sui:bridge-client-key-path` not provided, it defaults to use Bridge Validator key to submit transactions on Sui. However this is not recommended for the sake of key separation.

### Bridge Client
`BridgeClient` orchestrates bridge transfer requests.
* It is **optional** to run for a `BridgeNode`.
* `BridgeClient` submits transaction on Sui Network. Thus when it's enabled, a Sui Account Key with enough SUI balance is needed.

To enable `bridge_client` feature on a `BridgeNode`, set the following parameters in `BridgeNodeConfig`:
```yaml
run-client: true
db-path: <PATH_TO_DB>
sui:
bridge-client-key-path: <PATH_TO_BRIDGE_CLIENT_KEY> # optional, when absent, use bridge-authority-key-path as the keypair for BridgeClient
```


To create a `BridgeClient` keypair, run
```
sui-bridge-cli create-bridge-client-key <PATH_TO_BRIDGE_CLIENT_KEY>
```
This prints the newly created Sui Address. Then we need to fund this address with some SUI for operations.
9 changes: 7 additions & 2 deletions crates/sui-bridge/src/utils.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@
use crate::abi::{
EthBridgeCommittee, EthBridgeConfig, EthBridgeLimiter, EthBridgeVault, EthSuiBridge,
};
use crate::config::{default_ed25519_key_pair, BridgeNodeConfig, EthConfig, SuiConfig};
use crate::config::{
default_ed25519_key_pair, BridgeNodeConfig, EthConfig, MetricsConfig, SuiConfig,
};
use crate::crypto::BridgeAuthorityKeyPair;
use crate::crypto::BridgeAuthorityPublicKeyBytes;
use crate::server::APPLICATION_JSON;
Expand Down Expand Up @@ -194,7 +196,10 @@ pub fn generate_bridge_node_config_and_write_to_file(
run_client,
db_path: None,
metrics_key_pair: default_ed25519_key_pair(),
metrics: None,
metrics: Some(MetricsConfig {
push_interval_seconds: None, // use default value
push_url: "metrics_proxy_url".to_string(),
}),
};
if run_client {
config.sui.bridge_client_key_path = Some(PathBuf::from("/path/to/your/bridge_client_key"));
Expand Down
Loading