Difference between revisions of "Removing a Node From the Registry"

From Internet Computer Wiki
Jump to: navigation, search
(Add context)
m (Updated guide for with HSM key)
 
(2 intermediate revisions by one other user not shown)
Line 11: Line 11:
 
== Steps ==
 
== Steps ==
 
# Ensure that the node does not exist in any subnet.
 
# Ensure that the node does not exist in any subnet.
 +
## If the node is in a subnet - request help on the [[Node Provider Matrix channel|matrix channel]].
 +
## As a last resort, unplugging the node will work. Please alert the matrix channel you are doing this.
 
# If applicable, get the HSM (NodeOperator Key) from the data center. Skip if you used a `pem` file to create the node operator record.
 
# If applicable, get the HSM (NodeOperator Key) from the data center. Skip if you used a `pem` file to create the node operator record.
 
## Insert it into a computer that has DFX installed and has internet access.
 
## Insert it into a computer that has DFX installed and has internet access.
Line 16: Line 18:
  
 
=== IF USING PHYSICAL HSM: ===
 
=== IF USING PHYSICAL HSM: ===
<code>$ dfx identity new node-operator-hsm --hsm-key-id 01 --hsm-pkcs11-lib-path /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
+
#Configure dfx identity (Optional)
 +
#*MacOS<syntaxhighlight lang="shell">
 +
$ dfx identity new node-operator-hsm --hsm-key-id 01 --hsm-pkcs11-lib-path /Library/OpenSC/lib/opensc-pkcs11.so
 +
</syntaxhighlight>
 +
#*Linux<syntaxhighlight lang="shell">
 +
$ dfx identity new node-operator-hsm --hsm-key-id 01 --hsm-pkcs11-lib-path /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
 +
</syntaxhighlight>
 +
#'''Set the Identity Globally''': You can set the identity globally using the <code>dfx identity</code> command, and then run the <code>dfx canister</code> command without the <code>--identity</code> flag.<syntaxhighlight lang="shell">
 +
dfx identity use node-operator-hsm
 +
</syntaxhighlight>
 +
#Set HSM PIN Globally<syntaxhighlight lang="shell">
 +
export DFX_HSM_PIN=358138
 +
</syntaxhighlight>
 +
#'''Run the Command After Setting the PIN''': Once you’ve set the environment variable, you can run the <code>dfx canister</code> command again:<syntaxhighlight lang="shell">
 +
dfx canister --network ic  --identity node-operator-hsm call rwlgt-iiaaa-aaaaa-aaaaa-cai remove_node_directly '(record { node_id = principal "YOUR NODE ID" })'
 +
</syntaxhighlight>
  
$ dfx canister --network ic  --identity node-operator-hsm call rwlgt-iiaaa-aaaaa-aaaaa-cai remove_node_directly '(record { node_id = principal "NODE_ID" })'</code>
+
===IF USING NO HSM:===
 
 
=== IF USING NO HSM: ===
 
 
<code>$ dfx identity import node_operator node_operator_private_key.pem --storage-mode=plaintext
 
<code>$ dfx identity import node_operator node_operator_private_key.pem --storage-mode=plaintext
  
 
$ dfx canister --network ic  --identity node_operator call rwlgt-iiaaa-aaaaa-aaaaa-cai remove_node_directly '(record { node_id = principal "NODE_ID" })'</code>
 
$ dfx canister --network ic  --identity node_operator call rwlgt-iiaaa-aaaaa-aaaaa-cai remove_node_directly '(record { node_id = principal "NODE_ID" })'</code>
  
=== When the node is ready to be re-registered: ===
+
===When the node is ready to be re-registered:===
* If it was healthy, has had no problems, and does not need firmware or anything else updated, then simply re-insert the HSM and reboot the server, and it will rejoin with the same node ID principal it was deployed with.
+
*If it was healthy, has had no problems, and does not need firmware or anything else updated, then simply re-insert the HSM and reboot the server, and it will rejoin with the same node ID principal it was deployed with.
* If it had problems, had hardware replaced, had firmware updated, etc., then please do a fresh redeployment.
+
*If it had problems, had hardware replaced, had firmware updated, etc., then please do a fresh redeployment.
  
  

Latest revision as of 17:14, 20 August 2024

Removing a node from the registry via DFX

When is this necessary?

Node operator records allow for some number of nodes to be joined to the network. This is called the node allowance. Redeploying the same machine will result in the node generating the same IPv6 address. When joining the network any old node-id associated with this address will be removed - and the node allowance will not be affected.

But if the BMC changes - because of a motherboard replacement for example - a new IPv6 address will be generated. In this case the node will appear new to the network upon joining. If the number of nodes deployed matches the node allowance, no new nodes can join.

In this case - the old node-id must be removed.

Steps

  1. Ensure that the node does not exist in any subnet.
    1. If the node is in a subnet - request help on the matrix channel.
    2. As a last resort, unplugging the node will work. Please alert the matrix channel you are doing this.
  2. If applicable, get the HSM (NodeOperator Key) from the data center. Skip if you used a `pem` file to create the node operator record.
    1. Insert it into a computer that has DFX installed and has internet access.
  3. Using the terminal, execute the following command (Where NODE_ID is the principal as shown on the dashboard of the node to remove):

IF USING PHYSICAL HSM:

  1. Configure dfx identity (Optional)
    • MacOS
      $ dfx identity new node-operator-hsm --hsm-key-id 01 --hsm-pkcs11-lib-path /Library/OpenSC/lib/opensc-pkcs11.so
      
    • Linux
      $ dfx identity new node-operator-hsm --hsm-key-id 01 --hsm-pkcs11-lib-path /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
      
  2. Set the Identity Globally: You can set the identity globally using the dfx identity command, and then run the dfx canister command without the --identity flag.
    dfx identity use node-operator-hsm
    
  3. Set HSM PIN Globally
    export DFX_HSM_PIN=358138
    
  4. Run the Command After Setting the PIN: Once you’ve set the environment variable, you can run the dfx canister command again:
    dfx canister --network ic  --identity node-operator-hsm call rwlgt-iiaaa-aaaaa-aaaaa-cai remove_node_directly '(record { node_id = principal "YOUR NODE ID" })'
    

IF USING NO HSM:

$ dfx identity import node_operator node_operator_private_key.pem --storage-mode=plaintext

$ dfx canister --network ic  --identity node_operator call rwlgt-iiaaa-aaaaa-aaaaa-cai remove_node_directly '(record { node_id = principal "NODE_ID" })'

When the node is ready to be re-registered:

  • If it was healthy, has had no problems, and does not need firmware or anything else updated, then simply re-insert the HSM and reboot the server, and it will rejoin with the same node ID principal it was deployed with.
  • If it had problems, had hardware replaced, had firmware updated, etc., then please do a fresh redeployment.


Return to Node Provider Documentation

Return to Node Provider Troubleshooting