Difference between revisions of "Node Provider Onboarding"
m |
m |
||
(76 intermediate revisions by 9 users not shown) | |||
Line 1: | Line 1: | ||
− | Learn how to be accepted by the NNS as a | + | Learn how to be accepted by the NNS as a Node Provider and onboard your nodes to the IC. |
− | + | Please allocate up to a week to complete this guide, as it may take several days for a proposal to be accepted by the NNS, and you may have to submit multiple NNS proposals. | |
− | + | '''Note that the following steps do not need to be performed on the node machine itself.''' You can complete them on your personal laptop. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | If you encounter issues through any of these steps, check the [[Node Provider Troubleshooting]] page. If that does not solve your problem, you are encouraged to ask for assistance in the [[Node Provider Matrix channel]]. | |
− | + | For regular operations after onboarding, please refer to [[Node Provider Maintenance Guide|Node Provider Maintenance Guide.]] | |
+ | |||
+ | == '''<big>Requirements</big>''' == | ||
+ | * Assure your node(s) meet the [[Node Provider Machine Hardware Guide|Node Provider Machine Hardware requirements.]] | ||
+ | * View the [[Node Provider Networking Guide|Node Provider Networking Guide.]] | ||
+ | * Setup a [https://www.ledger.com/ hardware wallet]. | ||
+ | *[https://shop.nitrokey.com/shop/product/nkhs2-nitrokey-hsm-2-7/ NitroKey HSM] (Optional, legacy—not recommended). | ||
+ | * 11 ICP (10 of which are to be staked for the NNS proposal deposit). | ||
+ | * Basic understanding of [[Neurons 101|neurons]], [https://internetcomputer.org/docs/current/tokenomics/nns/nns-staking-voting-rewards staking], and [[Governance of the Internet Computer|governance]] proposals, such as understanding what it means to stake a neuron for 8 years. | ||
== 1. Install the required tools == | == 1. Install the required tools == | ||
Line 24: | Line 23: | ||
==== MacOS ==== | ==== MacOS ==== | ||
− | # | + | # To install <code>ic-admin</code>, view the latest release version in the [https://github.com/dfinity/ic/releases/latest DFINITY/ic repo]. Then, use the following URL <syntaxhighlight lang="shell"> |
− | $ curl "https:// | + | $ curl -L "https://github.com/dfinity/ic/releases/download/[latest-release]/ic-admin-x86_64-darwin.gz" -o - | gunzip > ./ic-admin |
$ chmod +x ./ic-admin | $ chmod +x ./ic-admin | ||
− | </syntaxhighlight> | + | </syntaxhighlight>Replace <code>[latest-release]</code> with the most recent IC version, such as <code>release-2024-07-10_23-01-base</code>. |
# Verify the binary <syntaxhighlight lang="shell"> | # Verify the binary <syntaxhighlight lang="shell"> | ||
− | $ diff <(shasum -a 256 ./ic-admin | cut -d' ' -f1) <(echo | + | $ diff <(shasum -a 256 ./ic-admin | cut -d' ' -f1) <(echo 035abf8925bf54e067d13eee0a6205e883507d6138bcd232ec8069301a9b190a) && echo "ic-admin checksum matches" || echo "***ERROR***: ic-admin checksum does not match" |
</syntaxhighlight> | </syntaxhighlight> | ||
==== Linux ==== | ==== Linux ==== | ||
NOTE: The instructions below have been tested with the Ubuntu 20.04 release. | NOTE: The instructions below have been tested with the Ubuntu 20.04 release. | ||
− | # | + | # To install <code>ic-admin</code>, view the latest release version in the [https://github.com/dfinity/ic/releases/latest DFINITY/ic repo]. Then, use the following URL <syntaxhighlight lang="shell"> |
− | $ curl "https:// | + | $ curl -L "https://github.com/dfinity/ic/releases/download/[latest-release]/ic-admin-x86_64-linux.gz" -o - | gunzip > ./ic-admin |
− | $ chmod +x ./ic-admin | + | $ chmod +x ./ic-admin |
− | </syntaxhighlight> | + | </syntaxhighlight>Replace <code>[latest-release]</code> with the most recent IC version, such as <code>release-2024-07-10_23-01-base</code>. |
# Verify the binary <syntaxhighlight lang="shell"> | # Verify the binary <syntaxhighlight lang="shell"> | ||
− | $ diff <(shasum -a 256 ./ic-admin | cut -d' ' -f1) <(echo | + | $ diff <(shasum -a 256 ./ic-admin | cut -d' ' -f1) <(echo e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855) && echo "ic-admin checksum matches" || echo "***ERROR***: ic-admin checksum does not match" |
</syntaxhighlight> | </syntaxhighlight> | ||
===''' B. Install dfx '''=== | ===''' B. Install dfx '''=== | ||
− | # <code>dfx</code> is used to generate neuron hotkeys, among other things <syntaxhighlight lang="shell"> | + | #<code>dfx</code> is a CLI tool used to generate neuron hotkeys, among other things such as canister deployment and management. <syntaxhighlight lang="shell"> |
− | $ sh -ci "$(curl -fsSL https:// | + | $ sh -ci "$(curl -fsSL https://internetcomputer.org/install.sh)" |
</syntaxhighlight> | </syntaxhighlight> | ||
− | # Verify that dfx is up to date. <syntaxhighlight lang="shell"> | + | #Verify that <code>dfx</code> is up to date. <syntaxhighlight lang="shell"> |
$ export PATH=$HOME/bin:$PATH | $ export PATH=$HOME/bin:$PATH | ||
$ dfx upgrade | $ dfx upgrade | ||
$ dfx --version | $ dfx --version | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | |||
− | |||
− | |||
− | + | ==2. Create Node Provider hotkey == | |
− | |||
− | |||
− | |||
+ | #Create an identity for the Node Provider h'''otkey''' <syntaxhighlight lang="shell"> | ||
+ | $ dfx identity new --storage-mode=plaintext node-provider-hotkey | ||
− | + | Created identity: "node-provider-hotkey". | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | $ dfx --identity node-provider-hotkey identity get-principal | |
− | + | xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx | |
− | #: | + | # example node-provider-hotkey: wuyst-x5tpn-g5wri-mp3ps-vjtba-de3xs-w5xgb-crvek-tucbe-o5rqi-mae |
− | |||
− | |||
− | |||
− | |||
− | + | </syntaxhighlight>'''You will need the Node Provider hotkey in the next steps.''' | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | '''Note''': The Node Provider hotkey is NOT the Node Provider principal. This is the hotkey that is used for the NNS proposal submissions only. | |
− | + | '''Note''': You may be prompted to enter a passphrase when creating your identity and accessing your identity principal. Take note of the passphrase you choose. | |
− | |||
− | == | + | ==3. Create and Manage Neuron via NNS Frontend Dapp and Internet Identity== |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | #Send at least 11 ICP tokens to your hardware wallet address. | |
+ | #Navigate to the Neurons tab and create a Neuron by staking at least 10 ICP from your hardware wallet. Staking more ICP is acceptable, but 10 is the minimum needed for this process, and you must have a little more for transaction fees. | ||
+ | #<u>IMPORTANT!</u> Confirm the transaction on your hardware wallet. | ||
+ | #:[[File:-docs-stake_neuron_1.png|1024px|stake neuron]] | ||
+ | #After the Neuron has been created successfully, confirm to "Add NNS Dapp as hotkey" in the dialogue and on your hardware wallet, and close the dialog after the action completes. | ||
+ | #:[[File:-docs-stake_neuron_2.png|1024px|neuron id]] | ||
+ | #Set the dissolve delay to at least 6 months, and confirm the choice in the dialogue and on your hardware wallet. After the action completes, you can close the "Follow Neurons". | ||
+ | #:[[File:dissolve_delay.png|480px|neuron id]] | ||
+ | #You will now see a Neuron listed with its ID. Copy the Neuron ID, since you will need it in the next steps to place the necessary proposals. | ||
+ | #:[[File:Neuron id.png|1024px]] | ||
− | + | ==4. Add hotkeys== | |
+ | |||
+ | #Select the Neuron you just created to open Neuron management view and press “Add hotkey” button. | ||
+ | #:[[File:Hotkey 1.png|873x873px]] | ||
+ | # A dialog will pop up where you can enter the hotkey you generated in step 2.1 (output from command <code>dfx --identity node-provider-hotkey identity get-principal</code>). This will allow you to submit NNS proposals using <code>ic-admin</code> and will not be used for anything else.<br> | ||
+ | #:Press the '''confirm''' button and confirm the transactions on your hardware wallet.<br> | ||
+ | #:[[File:Hotkey 2.png|899x899px]] | ||
+ | #Get the Ledger Hardware Wallet Principal Id: Navigate back to ICP page and select your Ledger hardware wallet account. You will need to use this Ledger Hardware Wallet principal as the Node Provider principal in order to get the rewards directly into the secure hardware wallet. | ||
+ | #:[[File:Node provider principal 1.png|1024px]] | ||
+ | #:[[File:Node provider principal 2.png|800px]] | ||
+ | #Copy and save this Node Provider principal by clicking on the copy icon after the principal id. You'll need it in the next steps. <syntaxhighlight lang="shell"> | ||
+ | $ NODE_PROVIDER_PRINCIPAL=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx | ||
+ | # Input ledger Hardware Wallet principal, from the NNS FrontEnd dapp https://nns.ic0.app/ | ||
− | + | # example: $ NODE_PROVIDER_PRINCIPAL=fharn-5vyi2-4xb4a-64yyi-3jpmj-pga23-mxy25-d5uim-fqcro-eoefh-tae | |
− | : | ||
− | |||
− | |||
− | |||
</syntaxhighlight> | </syntaxhighlight> | ||
− | |||
− | === Onboarding without a NitroKey HSM | + | ==5. Choose onboarding path (HSM vs no HSM)== |
+ | Onboarding '''without''' a NitroKey HSM is the current onboarding path. In particular, node providers onboarding [[Node Provider Machine Hardware Guide|Gen 2 hardware]] must onboard '''without''' a NitroKey HSM. If you will be onboarding '''without''' a NitroKey HSM, continue to the next step. | ||
+ | |||
+ | If the legacy procedure is required for your onboarding (which should only be the case in rare and exceptional situations), follow the [[NitroKey HSM onboarding instructions]] and then '''return to step 8.''' | ||
− | # '''''Ensure dfx is at least version 0.14.''''' Node Operator keys created with older versions of dfx '''will fail to join the IC'''. Run:<syntaxhighlight lang="bash"> | + | ==6. Setup the Node Operator keys == |
− | $ | + | #'''''Ensure dfx is at least version 0.14.''''' Node Operator keys created with older versions of dfx '''will fail to join the IC'''. Run:<syntaxhighlight lang="bash"> |
+ | $ dfxvm update | ||
$ dfx --version | $ dfx --version | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | # Create a new principal with dfx:<syntaxhighlight lang="shell"> | + | #Create a new principal with dfx:<syntaxhighlight lang="shell"> |
$ dfx identity new --storage-mode=plaintext node_operator | $ dfx identity new --storage-mode=plaintext node_operator | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | # Confirm <code>node_operator</code> identity was created successfully:<syntaxhighlight lang="shell"> | + | #Confirm <code>node_operator</code> identity was created successfully:<syntaxhighlight lang="shell"> |
$ dfx identity list | $ dfx identity list | ||
</syntaxhighlight>This list ''should'' contain <code>node_operator</code>. | </syntaxhighlight>This list ''should'' contain <code>node_operator</code>. | ||
− | # Copy new key to a known location:<syntaxhighlight lang="shell"> | + | #Copy new key to a known location:<syntaxhighlight lang="shell"> |
$ cp ~/.config/dfx/identity/node_operator/identity.pem ./node_operator_private_key.pem | $ cp ~/.config/dfx/identity/node_operator/identity.pem ./node_operator_private_key.pem | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | #Check the contents of the <code>node_operator_private_key.pem</code> file and double check that it contains the following contents. It is imperative that the first line has <code>-----BEGIN EC PRIVATE KEY-----</code>. If it does not, make sure you use the latest <code>dfx</code> version and that you followed the instructions precisely.<syntaxhighlight lang="shell"> | ||
+ | ❯ cat ./node_operator_private_key.pem | ||
+ | -----BEGIN EC PRIVATE KEY----- | ||
+ | [3 lines of base64 encoded private key, e.g. n2Nhp68YcQpuS0u96r...] | ||
+ | -----END EC PRIVATE KEY----- | ||
+ | </syntaxhighlight>Note: you must retain access to the <code>node_operator_private_key.pem</code> file for when you onboard nodes in '''[https://wiki.internetcomputer.org/wiki/Node_Provider_Roadmap#Milestone_Five:_Node_Machine_Onboarding roadmap milestone five.]''' | ||
− | == | + | ==7. Get the node operator principal== |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | #Get the principal:<syntaxhighlight lang="shell"> | |
− | |||
− | |||
− | # Get the principal:<syntaxhighlight lang="shell"> | ||
$ NODE_OPERATOR_PRINCIPAL=$(dfx --identity node_operator identity get-principal) | $ NODE_OPERATOR_PRINCIPAL=$(dfx --identity node_operator identity get-principal) | ||
$ echo $NODE_OPERATOR_PRINCIPAL | $ echo $NODE_OPERATOR_PRINCIPAL | ||
Line 167: | Line 138: | ||
uqquy-76uhn-2mys5-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx | uqquy-76uhn-2mys5-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | '''You will need the node operator principal in the next steps.''' | ||
− | == | + | ==8. Register your Node Provider principal to the network== |
− | + | In the next codeblock: | |
− | + | *Replace the <code>NODE_PROVIDER_NAME</code> value with the name of the entity that will provide the nodes. | |
− | + | *Replace the <code>NODE_PROVIDER_PRINCIPAL</code> value with the Ledger Hardware Wallet principal that you got from the NNS Frontend Dapp (step 4.4) | |
− | + | *Replace the <code>NEURON_ID</code> value with your neuron ID from the NNS Frontend Dapp (step 3.6) | |
− | |||
− | |||
− | </ | ||
− | |||
− | |||
− | </ | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | *'''''IMPORTANT:''''' Please make sure that you also update the <code>--summary</code> and include a link to the forum discussion, your company's web page, and/or to another place that can convince the voting community that you are making a legitimate request. You must also include the file hash for the [[Node Provider Self-declaration|self declaration and proof of identity documents]], or the proposal will be rejected. This way you will avoid the community voting NO to your proposal and you losing your staked ICPs. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | * '''''IMPORTANT:''''' Please make sure that you also update the <code>--summary</code> and include a link to the forum discussion, your company's web page, and/or to another place that can convince the voting community that you are making a legitimate request. This way you will avoid the community voting NO to your proposal and you losing | ||
− | # Create the Proposal <syntaxhighlight lang="shell"> | + | ##Create the Proposal <syntaxhighlight lang="shell"> |
$ NODE_PROVIDER_NAME="My Company" | $ NODE_PROVIDER_NAME="My Company" | ||
− | $ NODE_PROVIDER_PRINCIPAL= | + | $ NODE_PROVIDER_PRINCIPAL=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx |
− | $ NEURON_ID= | + | $ NEURON_ID=XXXXXXXXXXXXXXXXXXXX |
$ ./ic-admin \ | $ ./ic-admin \ | ||
--nns-url https://ic0.app \ | --nns-url https://ic0.app \ | ||
Line 204: | Line 158: | ||
--proposer $NEURON_ID \ | --proposer $NEURON_ID \ | ||
--proposal-title "Register a node provider '${NODE_PROVIDER_NAME}'" \ | --proposal-title "Register a node provider '${NODE_PROVIDER_NAME}'" \ | ||
− | --summary "Register a node provider '${NODE_PROVIDER_NAME}', in line with the announcement and discussion at https://forum.dfinity.org/t/..." \ | + | --summary "Register a node provider '${NODE_PROVIDER_NAME}', in line with the announcement and discussion at <https://forum.dfinity.org/t/...>. The self-declaration documentation is available at <https://wiki.internetcomputer.org/wiki/...> with SHA256 hash <SHA256>. The proof of identity is available at <https://wiki.internetcomputer.org/wiki/...> with SHA256 hash <SHA256>." \ |
--node-provider-pid "$NODE_PROVIDER_PRINCIPAL" | --node-provider-pid "$NODE_PROVIDER_PRINCIPAL" | ||
− | </syntaxhighlight> | + | </syntaxhighlight>Note: make sure <code>${NODE_PROVIDER_NAME}</code> is presented in single quotes, so the IC dashboard can pick up and display the correct Node Provider name. |
− | # Find the proposal on https://dashboard.internetcomputer.org/governance and '''wait until it is executed before proceeding to next step.''' | + | #Find the proposal on https://dashboard.internetcomputer.org/governance and '''wait until it is executed before proceeding to next step.''' |
+ | #In order to expedite the speed of your proposal's approval, it is best to create a post in this [https://forum.dfinity.org/t/new-node-provider-proposals/16643/69 forum thread] to raise awareness of your proposal. You can use this as a [https://docs.google.com/document/d/1nKy5hKiF72a4NCHvpgij-Np9pbtR5KOBbF1W6qr-nds/edit?usp=sharing template] for the post. | ||
+ | |||
− | + | ''See guide for [[Troubleshooting Failed NNS proposals]]'' | |
− | |||
− | |||
− | [[ | ||
− | === Create a data center record for a new DC === | + | ==9. Register your datacenter to the network (if necessary)== |
+ | #Search for your data center on https://dashboard.internetcomputer.org/centers. | ||
+ | #*If you found the datacenter that is hosting your nodes, remember its ID, and skip the following section. Otherwise, proceed with the registration of a new DC record. | ||
+ | #:[[File:dc_id.png|1041x1041px|alt=]] | ||
+ | ===Create a data center record for a new DC=== | ||
In the next block of code: | In the next block of code: | ||
− | * Replace the <code> | + | *Replace the <code>NEURON_ID</code> value with your neuron ID from the NNS Frontend Dapp (step 3.6) |
− | * Replace the JSON fields from <code>–data-centers-to-add</code> argument and their corresponding values in <code>--summary</code> | + | *Replace the JSON fields from the <code>–data-centers-to-add</code> argument and their corresponding values in <code>--summary</code>: |
− | + | **<code>"id"</code> represents the city that your datacenter is in and is formulated as a combination of two letters representing the city and an incrementing number. Search data center IDs on https://dashboard.internetcomputer.org, and find a combination of two letters and a number that’s not yet registered. Examples: | |
− | ** dl1 (Dallas, no IDs with “dl” prefix) | + | ***dl1 (Dallas, no IDs with “dl” prefix) |
− | ** zh10 (Zurich, numbers 0-9 are already registered) | + | ***zh10 (Zurich, numbers 0-9 are already registered) |
− | [[File:dc_id.png|1024px]] | + | **:[[File:dc_id.png|1024px]] |
− | + | **<code>"region"</code> represents the local region of a datacenter and is formulated as a three-part string divided by commas. The three parts making the string are continent, country code, and region, in the given order. Examples: | |
− | * <code>"region"</code> represents the local region of a datacenter and is formulated as a three-part string divided by commas. The three parts making the string are continent, country code, and region, in the given order. Examples: | + | ***North America,US,Florida |
− | ** North America,US,Florida | + | ***Europe,DE,Bavaria |
− | ** Europe,DE,Bavaria | + | ***Asia,SG,Singapore |
− | ** Asia,SG,Singapore | + | **:[[File:datacenter_region.png|1024px]] |
− | [[File:datacenter_region.png|1024px]] | + | **<code>"owner"</code> The entity that provides your datacenter facilities. |
− | + | ***Search https://dashboard.internetcomputer.org for existing data center providers. | |
− | * <code>"owner"</code> The entity that provides your datacenter facilities. | + | *** If there’s match, make sure you use the same exact some name for your datacenter. |
− | ** Search https://dashboard.internetcomputer.org for existing data center providers. | + | ***Otherwise, name the data center owner to your best knowledge. |
− | ** If there’s match, make sure you use the same exact some name for your datacenter. | + | **:[[File:datacenter_owner.png|1024px]] |
− | ** Otherwise, name the data center owner to your best knowledge. | + | **<code>"gps"</code> GPS coordinates. |
− | [[File:datacenter_owner.png|1024px]] | + | ***Find your datacenter on https://www.google.com/maps/. |
− | + | ***Right click on location, and select the GPS coordinates (first item in the menu) in order to copy them. | |
− | * <code>"gps"</code> GPS coordinates. | + | **:[[File:maps.png|310x310px|alt=Getting GPS coordinates|Getting GPS coordinates]] |
− | ** Find your datacenter on https://www.google.com/maps/. | ||
− | ** Right click on location, and select the GPS coordinates (first item in the menu) in order to copy them. | ||
− | [[File:maps.png| | ||
− | |||
− | # Create the proposal: <syntaxhighlight lang="shell"> | + | #Create the proposal: <syntaxhighlight lang="shell"> |
− | $ NEURON_ID= | + | $ NEURON_ID=XXXXXXXXXXXXXXXXXXXX |
$ ./ic-admin \ | $ ./ic-admin \ | ||
--nns-url https://ic0.app \ | --nns-url https://ic0.app \ | ||
Line 258: | Line 211: | ||
] | ] | ||
}' | }' | ||
− | </syntaxhighlight> | + | </syntaxhighlight>'''Remember to replace all the values of both the arguments <code>–data-centers-to-add</code> and <code>--summary</code>''' |
− | # Find the proposal on https://dashboard.internetcomputer.org/governance and wait until it's executed before proceeding to next step. | + | #Find the proposal on https://dashboard.internetcomputer.org/governance and wait until it's executed before proceeding to next step. |
+ | #In order to expedite the speed of your proposal's approval, it is best to create a post in this [https://forum.dfinity.org/t/new-node-provider-proposals/16643/69 forum thread] to raise awareness of your proposal. You can use this as a [https://docs.google.com/document/d/1Hg0tI9O5__Tp4qKrNKuTADsQT7Z47I6aAFXbiDimG_U/edit?usp=sharing template] for the post. | ||
+ | |||
+ | |||
+ | ''See guide for [[Troubleshooting Failed NNS proposals]]'' | ||
+ | |||
+ | ==10. Create a node operator record== | ||
+ | '''''IMPORTANT''':'' Before submitting the Node Operator record, please go through the description of [[Validation of Candidate Node Machines]] to validate whether additional node machines are needed for decentralization of the IC-network. | ||
+ | |||
+ | * Create a pdf with the outcome of running the optimization model and the steps that allow the community to reproduce the validation check. | ||
+ | * Include the pdf in the wiki page that includes the NP documents (self-declaration and proof-of-identity document) | ||
+ | * Include a link to the pdf as well as the hash of the document in the Node Operator record proosal. | ||
+ | |||
− | |||
In the next codeblock: | In the next codeblock: | ||
− | * Replace the <code>NEURON_ID</code> | + | *Replace the <code>NEURON_ID</code> value with your neuron ID from the NNS Frontend Dapp (step 3.6). |
− | * Replace the <code>NODE_PROVIDER_PRINCIPAL</code> | + | *Replace the <code>NODE_PROVIDER_PRINCIPAL</code> value with the Ledger Hardware Wallet principal that you got from the NNS Frontend Dapp (step 4.4). |
+ | *Replace the <code>NODE_OPERATOR_PRINCIPAL</code> value with your node operator principal (step 7.1). '''Important''': if you are adding an additional node operator record because you will deploy nodes in another data center, please make sure to create a new node operator principal first (steps 6 and 7). A node operator principal can only be tied to 1 data center. | ||
+ | *Replace the <code>NODE_PROVIDER_NAME</code> value with the name of the entity that will provide the nodes. | ||
+ | *Replace the <code>NODE_ALLOWANCE</code> variable value with number of nodes you are providing. | ||
* Replace the <code>DC_ID</code> variable value with id of your datacenter. | * Replace the <code>DC_ID</code> variable value with id of your datacenter. | ||
− | |||
# Create the proposal: <syntaxhighlight lang="shell"> | # Create the proposal: <syntaxhighlight lang="shell"> | ||
− | $ NEURON_ID= | + | $ NEURON_ID=XXXXXXXXXXXXXXXXXXXX |
− | $ NODE_PROVIDER_PRINCIPAL= | + | $ NODE_PROVIDER_PRINCIPAL=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx |
− | $ NODE_OPERATOR_PRINCIPAL= | + | $ NODE_OPERATOR_PRINCIPAL=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx |
$ NODE_PROVIDER_NAME="My Company" | $ NODE_PROVIDER_NAME="My Company" | ||
$ NODE_ALLOWANCE=8 | $ NODE_ALLOWANCE=8 | ||
Line 281: | Line 247: | ||
propose-to-add-node-operator \ | propose-to-add-node-operator \ | ||
$NODE_PROVIDER_PRINCIPAL \ | $NODE_PROVIDER_PRINCIPAL \ | ||
− | --summary "Node provider '$NODE_PROVIDER_NAME' is adding $NODE_ALLOWANCE nodes in the $DC_ID data center" \ | + | --summary "Node provider '$NODE_PROVIDER_NAME' is adding $NODE_ALLOWANCE nodes in the $DC_ID data center. The result of the canidate node machine validation and exact configuration run is available at <https://wiki.internetcomputer.org/wiki/...> with SHA256 hash <SHA256>." \ |
--proposer $NEURON_ID \ | --proposer $NEURON_ID \ | ||
--node-operator-principal-id $NODE_OPERATOR_PRINCIPAL \ | --node-operator-principal-id $NODE_OPERATOR_PRINCIPAL \ | ||
Line 287: | Line 253: | ||
--dc-id $DC_ID | --dc-id $DC_ID | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | #Find the proposal on https://dashboard.internetcomputer.org/governance and wait until it's executed before proceeding to next step. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | ''See guide for [[Troubleshooting Failed NNS proposals]]'' | |
− | |||
− |
Latest revision as of 16:11, 1 September 2024
Learn how to be accepted by the NNS as a Node Provider and onboard your nodes to the IC.
Please allocate up to a week to complete this guide, as it may take several days for a proposal to be accepted by the NNS, and you may have to submit multiple NNS proposals.
Note that the following steps do not need to be performed on the node machine itself. You can complete them on your personal laptop.
If you encounter issues through any of these steps, check the Node Provider Troubleshooting page. If that does not solve your problem, you are encouraged to ask for assistance in the Node Provider Matrix channel.
For regular operations after onboarding, please refer to Node Provider Maintenance Guide.
Requirements
- Assure your node(s) meet the Node Provider Machine Hardware requirements.
- View the Node Provider Networking Guide.
- Setup a hardware wallet.
- NitroKey HSM (Optional, legacy—not recommended).
- 11 ICP (10 of which are to be staked for the NNS proposal deposit).
- Basic understanding of neurons, staking, and governance proposals, such as understanding what it means to stake a neuron for 8 years.
1. Install the required tools
A. Install ic-admin
ic-admin
is the tool used to create and submit NNS proposals.
MacOS
- To install
ic-admin
, view the latest release version in the DFINITY/ic repo. Then, use the following URLReplace$ curl -L "https://github.com/dfinity/ic/releases/download/[latest-release]/ic-admin-x86_64-darwin.gz" -o - | gunzip > ./ic-admin $ chmod +x ./ic-admin
[latest-release]
with the most recent IC version, such asrelease-2024-07-10_23-01-base
. - Verify the binary
$ diff <(shasum -a 256 ./ic-admin | cut -d' ' -f1) <(echo 035abf8925bf54e067d13eee0a6205e883507d6138bcd232ec8069301a9b190a) && echo "ic-admin checksum matches" || echo "***ERROR***: ic-admin checksum does not match"
Linux
NOTE: The instructions below have been tested with the Ubuntu 20.04 release.
- To install
ic-admin
, view the latest release version in the DFINITY/ic repo. Then, use the following URLReplace$ curl -L "https://github.com/dfinity/ic/releases/download/[latest-release]/ic-admin-x86_64-linux.gz" -o - | gunzip > ./ic-admin $ chmod +x ./ic-admin
[latest-release]
with the most recent IC version, such asrelease-2024-07-10_23-01-base
. - Verify the binary
$ diff <(shasum -a 256 ./ic-admin | cut -d' ' -f1) <(echo e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855) && echo "ic-admin checksum matches" || echo "***ERROR***: ic-admin checksum does not match"
B. Install dfx
dfx
is a CLI tool used to generate neuron hotkeys, among other things such as canister deployment and management.$ sh -ci "$(curl -fsSL https://internetcomputer.org/install.sh)"
- Verify that
dfx
is up to date.$ export PATH=$HOME/bin:$PATH $ dfx upgrade $ dfx --version
2. Create Node Provider hotkey
- Create an identity for the Node Provider hotkey You will need the Node Provider hotkey in the next steps.
$ dfx identity new --storage-mode=plaintext node-provider-hotkey Created identity: "node-provider-hotkey". $ dfx --identity node-provider-hotkey identity get-principal xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx # example node-provider-hotkey: wuyst-x5tpn-g5wri-mp3ps-vjtba-de3xs-w5xgb-crvek-tucbe-o5rqi-mae
Note: The Node Provider hotkey is NOT the Node Provider principal. This is the hotkey that is used for the NNS proposal submissions only.
Note: You may be prompted to enter a passphrase when creating your identity and accessing your identity principal. Take note of the passphrase you choose.
3. Create and Manage Neuron via NNS Frontend Dapp and Internet Identity
- Send at least 11 ICP tokens to your hardware wallet address.
- Navigate to the Neurons tab and create a Neuron by staking at least 10 ICP from your hardware wallet. Staking more ICP is acceptable, but 10 is the minimum needed for this process, and you must have a little more for transaction fees.
- IMPORTANT! Confirm the transaction on your hardware wallet.
- After the Neuron has been created successfully, confirm to "Add NNS Dapp as hotkey" in the dialogue and on your hardware wallet, and close the dialog after the action completes.
- Set the dissolve delay to at least 6 months, and confirm the choice in the dialogue and on your hardware wallet. After the action completes, you can close the "Follow Neurons".
- You will now see a Neuron listed with its ID. Copy the Neuron ID, since you will need it in the next steps to place the necessary proposals.
4. Add hotkeys
- Select the Neuron you just created to open Neuron management view and press “Add hotkey” button.
- A dialog will pop up where you can enter the hotkey you generated in step 2.1 (output from command
dfx --identity node-provider-hotkey identity get-principal
). This will allow you to submit NNS proposals usingic-admin
and will not be used for anything else.
- Get the Ledger Hardware Wallet Principal Id: Navigate back to ICP page and select your Ledger hardware wallet account. You will need to use this Ledger Hardware Wallet principal as the Node Provider principal in order to get the rewards directly into the secure hardware wallet.
- Copy and save this Node Provider principal by clicking on the copy icon after the principal id. You'll need it in the next steps.
$ NODE_PROVIDER_PRINCIPAL=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx # Input ledger Hardware Wallet principal, from the NNS FrontEnd dapp https://nns.ic0.app/ # example: $ NODE_PROVIDER_PRINCIPAL=fharn-5vyi2-4xb4a-64yyi-3jpmj-pga23-mxy25-d5uim-fqcro-eoefh-tae
5. Choose onboarding path (HSM vs no HSM)
Onboarding without a NitroKey HSM is the current onboarding path. In particular, node providers onboarding Gen 2 hardware must onboard without a NitroKey HSM. If you will be onboarding without a NitroKey HSM, continue to the next step.
If the legacy procedure is required for your onboarding (which should only be the case in rare and exceptional situations), follow the NitroKey HSM onboarding instructions and then return to step 8.
6. Setup the Node Operator keys
- Ensure dfx is at least version 0.14. Node Operator keys created with older versions of dfx will fail to join the IC. Run:
$ dfxvm update $ dfx --version
- Create a new principal with dfx:
$ dfx identity new --storage-mode=plaintext node_operator
- Confirm
node_operator
identity was created successfully:This list should contain$ dfx identity list
node_operator
. - Copy new key to a known location:
$ cp ~/.config/dfx/identity/node_operator/identity.pem ./node_operator_private_key.pem
- Check the contents of the
node_operator_private_key.pem
file and double check that it contains the following contents. It is imperative that the first line has-----BEGIN EC PRIVATE KEY-----
. If it does not, make sure you use the latestdfx
version and that you followed the instructions precisely.Note: you must retain access to the❯ cat ./node_operator_private_key.pem -----BEGIN EC PRIVATE KEY----- [3 lines of base64 encoded private key, e.g. n2Nhp68YcQpuS0u96r...] -----END EC PRIVATE KEY-----
node_operator_private_key.pem
file for when you onboard nodes in roadmap milestone five.
7. Get the node operator principal
- Get the principal:
$ NODE_OPERATOR_PRINCIPAL=$(dfx --identity node_operator identity get-principal) $ echo $NODE_OPERATOR_PRINCIPAL uqquy-76uhn-2mys5-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx
You will need the node operator principal in the next steps.
8. Register your Node Provider principal to the network
In the next codeblock:
- Replace the
NODE_PROVIDER_NAME
value with the name of the entity that will provide the nodes. - Replace the
NODE_PROVIDER_PRINCIPAL
value with the Ledger Hardware Wallet principal that you got from the NNS Frontend Dapp (step 4.4) - Replace the
NEURON_ID
value with your neuron ID from the NNS Frontend Dapp (step 3.6)
- IMPORTANT: Please make sure that you also update the
--summary
and include a link to the forum discussion, your company's web page, and/or to another place that can convince the voting community that you are making a legitimate request. You must also include the file hash for the self declaration and proof of identity documents, or the proposal will be rejected. This way you will avoid the community voting NO to your proposal and you losing your staked ICPs.
- Create the Proposal Note: make sure
$ NODE_PROVIDER_NAME="My Company" $ NODE_PROVIDER_PRINCIPAL=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx $ NEURON_ID=XXXXXXXXXXXXXXXXXXXX $ ./ic-admin \ --nns-url https://ic0.app \ -s ~/.config/dfx/identity/node-provider-hotkey/identity.pem \ propose-to-add-or-remove-node-provider add \ --proposer $NEURON_ID \ --proposal-title "Register a node provider '${NODE_PROVIDER_NAME}'" \ --summary "Register a node provider '${NODE_PROVIDER_NAME}', in line with the announcement and discussion at <https://forum.dfinity.org/t/...>. The self-declaration documentation is available at <https://wiki.internetcomputer.org/wiki/...> with SHA256 hash <SHA256>. The proof of identity is available at <https://wiki.internetcomputer.org/wiki/...> with SHA256 hash <SHA256>." \ --node-provider-pid "$NODE_PROVIDER_PRINCIPAL"
${NODE_PROVIDER_NAME}
is presented in single quotes, so the IC dashboard can pick up and display the correct Node Provider name.
- Create the Proposal
- Find the proposal on https://dashboard.internetcomputer.org/governance and wait until it is executed before proceeding to next step.
- In order to expedite the speed of your proposal's approval, it is best to create a post in this forum thread to raise awareness of your proposal. You can use this as a template for the post.
See guide for Troubleshooting Failed NNS proposals
9. Register your datacenter to the network (if necessary)
- Search for your data center on https://dashboard.internetcomputer.org/centers.
- If you found the datacenter that is hosting your nodes, remember its ID, and skip the following section. Otherwise, proceed with the registration of a new DC record.
Create a data center record for a new DC
In the next block of code:
- Replace the
NEURON_ID
value with your neuron ID from the NNS Frontend Dapp (step 3.6) - Replace the JSON fields from the
–data-centers-to-add
argument and their corresponding values in--summary
:"id"
represents the city that your datacenter is in and is formulated as a combination of two letters representing the city and an incrementing number. Search data center IDs on https://dashboard.internetcomputer.org, and find a combination of two letters and a number that’s not yet registered. Examples:- dl1 (Dallas, no IDs with “dl” prefix)
- zh10 (Zurich, numbers 0-9 are already registered)
"region"
represents the local region of a datacenter and is formulated as a three-part string divided by commas. The three parts making the string are continent, country code, and region, in the given order. Examples:- North America,US,Florida
- Europe,DE,Bavaria
- Asia,SG,Singapore
"owner"
The entity that provides your datacenter facilities.- Search https://dashboard.internetcomputer.org for existing data center providers.
- If there’s match, make sure you use the same exact some name for your datacenter.
- Otherwise, name the data center owner to your best knowledge.
"gps"
GPS coordinates.- Find your datacenter on https://www.google.com/maps/.
- Right click on location, and select the GPS coordinates (first item in the menu) in order to copy them.
- Create the proposal: Remember to replace all the values of both the arguments
$ NEURON_ID=XXXXXXXXXXXXXXXXXXXX $ ./ic-admin \ --nns-url https://ic0.app \ -s ~/.config/dfx/identity/node-provider-hotkey/identity.pem \ propose-to-add-or-remove-data-centers \ --summary "Register a Flexential datacenter as dl1 in North America,US,Texas" \ --skip-confirmation \ --proposer $NEURON_ID \ --data-centers-to-add '{ "id": "dl1", "region": "North America,US,Texas", "owner": "Flexential", "gps": [ 33.00803, -96.66614 ] }'
–data-centers-to-add
and--summary
- Find the proposal on https://dashboard.internetcomputer.org/governance and wait until it's executed before proceeding to next step.
- In order to expedite the speed of your proposal's approval, it is best to create a post in this forum thread to raise awareness of your proposal. You can use this as a template for the post.
See guide for Troubleshooting Failed NNS proposals
10. Create a node operator record
IMPORTANT: Before submitting the Node Operator record, please go through the description of Validation of Candidate Node Machines to validate whether additional node machines are needed for decentralization of the IC-network.
- Create a pdf with the outcome of running the optimization model and the steps that allow the community to reproduce the validation check.
- Include the pdf in the wiki page that includes the NP documents (self-declaration and proof-of-identity document)
- Include a link to the pdf as well as the hash of the document in the Node Operator record proosal.
In the next codeblock:
- Replace the
NEURON_ID
value with your neuron ID from the NNS Frontend Dapp (step 3.6). - Replace the
NODE_PROVIDER_PRINCIPAL
value with the Ledger Hardware Wallet principal that you got from the NNS Frontend Dapp (step 4.4). - Replace the
NODE_OPERATOR_PRINCIPAL
value with your node operator principal (step 7.1). Important: if you are adding an additional node operator record because you will deploy nodes in another data center, please make sure to create a new node operator principal first (steps 6 and 7). A node operator principal can only be tied to 1 data center. - Replace the
NODE_PROVIDER_NAME
value with the name of the entity that will provide the nodes. - Replace the
NODE_ALLOWANCE
variable value with number of nodes you are providing. - Replace the
DC_ID
variable value with id of your datacenter.
- Create the proposal:
$ NEURON_ID=XXXXXXXXXXXXXXXXXXXX $ NODE_PROVIDER_PRINCIPAL=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx $ NODE_OPERATOR_PRINCIPAL=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx $ NODE_PROVIDER_NAME="My Company" $ NODE_ALLOWANCE=8 $ DC_ID=dl1 $ ./ic-admin \ --nns-url https://ic0.app \ -s ~/.config/dfx/identity/node-provider-hotkey/identity.pem \ propose-to-add-node-operator \ $NODE_PROVIDER_PRINCIPAL \ --summary "Node provider '$NODE_PROVIDER_NAME' is adding $NODE_ALLOWANCE nodes in the $DC_ID data center. The result of the canidate node machine validation and exact configuration run is available at <https://wiki.internetcomputer.org/wiki/...> with SHA256 hash <SHA256>." \ --proposer $NEURON_ID \ --node-operator-principal-id $NODE_OPERATOR_PRINCIPAL \ --node-allowance $NODE_ALLOWANCE \ --dc-id $DC_ID
- Find the proposal on https://dashboard.internetcomputer.org/governance and wait until it's executed before proceeding to next step.
See guide for Troubleshooting Failed NNS proposals