Difference between revisions of "Node Deployment Guide (with an HSM)"
m |
m |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 109: | Line 109: | ||
Edit the config.ini file to add your network configuration. | Edit the config.ini file to add your network configuration. | ||
− | Note that '''all Node Providers are requested to deploy two nodes with IPv4 and a domain name for every data center they operate in | + | Note that '''all Node Providers are requested to deploy two nodes with IPv4 and a domain name for every data center they operate in'''. Node Providers should deploy IPv4 to the '''first two nodes in their first rack'''. |
− | + | # Set the appropriate value for the node_reward_type. | |
+ | #:[[File:Pasted Graphic 7.png|780px|screenshot]] | ||
+ | #:You can find the value to set by following [[Node Deployment config.ini]] | ||
+ | #: | ||
#Insert your IPv6 prefix and gateway. | #Insert your IPv6 prefix and gateway. | ||
− | #:[[File: | + | #:[[File:Pasted Graphic 8.png|780px|screenshot]] |
− | #:*The IPv6 prefix should consist of four groups of hexadecimal digits, separated by colons (':'). Each group can contain up to four hex digits. | + | #:* The IPv6 prefix should consist of four groups of hexadecimal digits, separated by colons (':'). Each group can contain up to four hex digits. |
− | #:* For example, a valid prefix could look like this: <code>2a00:fb01:400:200</code> | + | #:*For example, a valid prefix could look like this: <code>2a00:fb01:400:200</code> |
#:*'''Important:''' | #:*'''Important:''' | ||
#:**The prefix should not have a trailing ':' | #:**The prefix should not have a trailing ':' | ||
#:**IPv6 CIDR notation allows for a double colon ('::') to represent consecutive groups of zeroes in an address. However, the prefix configuration in this context does '''not''' support '::'. The '::' shorthand should '''not''' be used. Even if some groups are all zeros, they must be explicitly written out. | #:**IPv6 CIDR notation allows for a double colon ('::') to represent consecutive groups of zeroes in an address. However, the prefix configuration in this context does '''not''' support '::'. The '::' shorthand should '''not''' be used. Even if some groups are all zeros, they must be explicitly written out. | ||
#[Optional] Insert your IPv4 info and domain name. | #[Optional] Insert your IPv4 info and domain name. | ||
− | #:[[File: | + | #:[[File:Pasted Graphic 9.png|780px|screenshot]] |
#:*Configuring your node with IPv4 settings is optional, but if you do configure your node with IPv4 settings, you must also define the domain name for your node. | #:*Configuring your node with IPv4 settings is optional, but if you do configure your node with IPv4 settings, you must also define the domain name for your node. | ||
#:*'''Important:''' | #:*'''Important:''' | ||
− | #:**Please note that you '''must use a unique IPv4 address for each node you deploy | + | #:**Please note that you '''must use a unique IPv4 address for each node you deploy'''. This means that you cannot use a single IC-OS installation image to deploy multiple nodes (like you are able to do when just configuring IPv6 nodes). '''After each IPv4 node deployment, you must plug your IC-OS Installation USB stick back into your laptop and return to [[Node Deployment Guide#6. Add configuration|step 6]] in the node deployment guide to reconfigure your installation image.''' |
#:**You can add, remove, or update your node’s IPv4 address and domain name after completing node deployment using dfx commands. See [[Updating your node's IPv4 and domain name|here]] for details. | #:**You can add, remove, or update your node’s IPv4 address and domain name after completing node deployment using dfx commands. See [[Updating your node's IPv4 and domain name|here]] for details. | ||
#Save the changes. | #Save the changes. | ||
Line 128: | Line 131: | ||
#:*:[[File:mac_03.png|580px|screenshot]] | #:*:[[File:mac_03.png|580px|screenshot]] | ||
− | ==7. Connect Crash Cart== | + | |
− | #In order to configure the UEFI and initiate the installation of the IC-OS, please connect a crash cart to the physical machine. | + | == 7. Connect Crash Cart== |
+ | # In order to configure the UEFI and initiate the installation of the IC-OS, please connect a crash cart to the physical machine. | ||
#Plug-in the VGA/Video, keyboard and IC-OS USB stick | #Plug-in the VGA/Video, keyboard and IC-OS USB stick | ||
#:[[File:08.png|580px|screenshot]] | #:[[File:08.png|580px|screenshot]] | ||
− | ==8. UEFI Setup and Boot Menu== | + | ==8. UEFI Setup and Boot Menu == |
Use the related page below to set up the BIOS/UEFI according to your hardware vendor. | Use the related page below to set up the BIOS/UEFI according to your hardware vendor. | ||
Line 149: | Line 153: | ||
Resume from this point when you are finished configuring the BIOS. | Resume from this point when you are finished configuring the BIOS. | ||
− | ==9. IC-OS Installation == | + | ==9. IC-OS Installation== |
#Please wait while the USB Installer is booting up. This process can take up to 3 minutes. | #Please wait while the USB Installer is booting up. This process can take up to 3 minutes. | ||
#:[[File:35-sm.png|580px|screenshot]] | #:[[File:35-sm.png|580px|screenshot]] | ||
Line 156: | Line 160: | ||
#Once you get asked to insert the HSM, please remove the keyboard and instead insert the HSM USB device. | #Once you get asked to insert the HSM, please remove the keyboard and instead insert the HSM USB device. | ||
#:[[File:37-sm.png|580px|screenshot]] | #:[[File:37-sm.png|580px|screenshot]] | ||
− | #If the installation finished successfully, it will initiate a reboot. 🚨 '''Please do not unplug the USB stick or HSM USB''' device at this point. 🚨 | + | # If the installation finished successfully, it will initiate a reboot. 🚨 '''Please do not unplug the USB stick or HSM USB''' device at this point. 🚨 |
#:[[File:38-sm.png|580px|screenshot]] | #:[[File:38-sm.png|580px|screenshot]] | ||
Line 162: | Line 166: | ||
==10. First Boot== | ==10. First Boot== | ||
Please remember to check the [[Troubleshooting Node Deployment Errors]] page if you encounter any errors. | Please remember to check the [[Troubleshooting Node Deployment Errors]] page if you encounter any errors. | ||
− | #The first boot of the IC-OS '''still requires the HSM USB device to be plugged in'''. Please wait to take out the device until further instructions. This step can take several minutes. | + | # The first boot of the IC-OS '''still requires the HSM USB device to be plugged in'''. Please wait to take out the device until further instructions. This step can take several minutes. |
#Once you see this message, you may unplug the HSM USB device, USB stick and VGA/Video. | #Once you see this message, you may unplug the HSM USB device, USB stick and VGA/Video. | ||
#:[[File:Node join message.png|580px|screenshot]] | #:[[File:Node join message.png|580px|screenshot]] | ||
Line 171: | Line 175: | ||
'''Note that if you do NOT see a "Join request successful" message, your node may still have successfully onboarded. Continue to the next step to attempt to verify node onboarding.''' | '''Note that if you do NOT see a "Join request successful" message, your node may still have successfully onboarded. Continue to the next step to attempt to verify node onboarding.''' | ||
− | ==11. Verify node onboarding== | + | == 11. Verify node onboarding== |
#Obtain your Node ID | #Obtain your Node ID |
Latest revision as of 17:30, 19 December 2024
This runbook covers all steps necessary to install the Internet Computer Operating System (IC-OS) using the legacy NitroKey HSM instructions. To use the non-HSM onboarding instructions, follow the IC-OS Installation Runbook.
The physical machine is expected to be racked and stacked according to its respective manual.
To complete these steps, you are expected to be physically present in the data center your machine(s) reside(s). Once you successfully onboarded your first node, you can bring up the other nodes in parallel.
If you encounter issues during any of these steps, consult the Troubleshooting Node Deployment Errors page.
⚠️ DFINITY does not offer live support for Node Providers attempting to deploy nodes.
1. Choose onboarding path (HSM vs no HSM)
If you chose the HSM Node Provider Onboarding Path, continue to the next step.
If you chose to onboard without a Nitrokey HSM, follow the IC-OS Installation Runbook to onboard your nodes.
2. Obtain requirements
- A USB (3.0 speed that can hold at least 4GB) to put the image file on.
- Faster USBs will allow the process to go much faster.
- The NitroKey HSM for your data center.
- [Optional] A USB hub
- This is helpful at some data centers for simultaneously connecting keyboard, mouse, Nitrokey, etc.
- It is recommended that each server has a label with the BMC's MAC address for ease of identification in future dashboard upgrades.
3. Download installation image
Download the latest release of the IC-OS USB Installer Image and the corresponding checksum from the Internet Computer Dashboard Releases.
- Note that you should always use a release from the last 6 weeks (newer is better) in order to ensure that your node can correctly correct to the network.
4. Verify checksum and unarchive file
Mac OS X
- Open the Terminal and type:
shasum -a 256 ~/Downloads/disk-img.tar.zst
- Compare the calculated checksum with the IC-OS installation image checksum file downloaded in the previous step. Warning: Only continue if they are identical, otherwise please post your issue in the Node Provider Matrix channel.
- Open the Terminal and type:
tar xzvf ~/Downloads/disk-img.tar.zst
- Open the Terminal and type:
Linux / Ubuntu
- Open the Terminal and type:
sha256sum ~/Downloads/disk-img.tar.zst
- Compare the calculated checksum with the IC-OS installation image checksum file downloaded in the previous step. Warning: Only continue if they are identical, otherwise please post your issue in the Node Provider Matrix channel.
- Open the Terminal and type:
tar xzvf ~/Downloads/disk-img.tar.zst
- Open the Terminal and type:
Windows
- Open PowerShell and type:
Get-FileHash -Algorithm SHA256 .\Downloads\disk-img.tar.zst
- Compare the calculated checksum with the IC-OS installation image checksum file downloaded in the previous step. Warning: Only continue if they are identical, otherwise please post your issue in the Node Provider Matrix channel.
- Open PowerShell and type:
tar xzvf .\Downloads\disk-img.tar.zst
- Open PowerShell and type:
5. Create Bootable USB Stick
Mac OS X
- Open the Terminal and type:
diskutil list
- All available drives should be shown. Identify which device corresponds to your USB stick. You may need to unmount the USB drive:
sudo diskutil unmount /dev/YOUR_USB_DEVICE_MOUNTED_PARTITION # E.g. /dev/disk4s1
- Replace /dev/YOUR_USB_DEVICE with the device that corresponds to your USB stick. Additionally, replace the path to your downloaded IC-OS disk.img file. Warning: You risk losing your own data if you specify a wrong drive.
- If you get a “device is busy” error from the dd command, you can try running the following command to unmount all of the partitions on the disk, then re-run the dd command:
sudo dd if=/Users/YOUR_USER_NAME/Downloads/disk.img of=/dev/YOUR_USB_DEVICE bs=1M status=progress
sudo diskutil unmountDisk /dev/YOUR_USB_DEVICE # E.g. /dev/disk4
Linux / Ubuntu
- Open the Terminal and type
blkid
- All available drives should be shown. Identify which device corresponds to your USB stick. You may need to unmount the USB drive:
sudo umount /dev/YOUR_USB_DEVICE_MOUNTED_PARTITION # E.g. /dev/sdb1
- Replace /dev/YOUR_USB_DEVICE with the device that corresponds to your USB stick. Additionally, replace the path to your downloaded IC-OS disk.img file. Warning: You risk losing your own data if you specify a wrong drive.
sudo dd if=/home/YOUR_USER_NAME/Downloads/disk.img of=/dev/YOUR_USB_DEVICE bs=1M status=progress
Windows
- Download and install Rufus Portable
- Start Rufus
- Select the USB stick under device and select the previously downloaded IC-OS disk image and press start
- You may see some warnings. Make sure you don't have any other USBs in your computer and chose OK
- The "Ready" bar will go from left to right as it completes.
6. Add configuration
A. Open Config.ini in a text editor
Mac OS X
- Open Finder. You should now be able to see the CONFIG partition. If it's not visible, remove the USB and insert it again.
- Double-click
config.ini
to open it in TextEdit.
Linux
- Open the File Manager. You should now be able to see the CONFIG partition. If it's not visible, remove the USB and insert it again.
- Double-click
config.ini
to open it in KWrite.
Windows
- Open the Disk Management utility with a right click on the Start menu.
- Right click the CONFIG partition.
- Select Change drive letter or paths...
- Select any letter from the drop-down list.
- Click OK.
- You should now be able to see the CONFIG partition in your Windows Explorer. Select the
config.ini
configuration file. - Click on Edit to open it.
B. Edit Config.ini
Edit the config.ini file to add your network configuration.
Note that all Node Providers are requested to deploy two nodes with IPv4 and a domain name for every data center they operate in. Node Providers should deploy IPv4 to the first two nodes in their first rack.
- Set the appropriate value for the node_reward_type.
- You can find the value to set by following Node Deployment config.ini
- Insert your IPv6 prefix and gateway.
-
- The IPv6 prefix should consist of four groups of hexadecimal digits, separated by colons (':'). Each group can contain up to four hex digits.
- For example, a valid prefix could look like this:
2a00:fb01:400:200
- Important:
- The prefix should not have a trailing ':'
- IPv6 CIDR notation allows for a double colon ('::') to represent consecutive groups of zeroes in an address. However, the prefix configuration in this context does not support '::'. The '::' shorthand should not be used. Even if some groups are all zeros, they must be explicitly written out.
-
- [Optional] Insert your IPv4 info and domain name.
-
- Configuring your node with IPv4 settings is optional, but if you do configure your node with IPv4 settings, you must also define the domain name for your node.
- Important:
- Please note that you must use a unique IPv4 address for each node you deploy. This means that you cannot use a single IC-OS installation image to deploy multiple nodes (like you are able to do when just configuring IPv6 nodes). After each IPv4 node deployment, you must plug your IC-OS Installation USB stick back into your laptop and return to step 6 in the node deployment guide to reconfigure your installation image.
- You can add, remove, or update your node’s IPv4 address and domain name after completing node deployment using dfx commands. See here for details.
-
- Save the changes.
7. Connect Crash Cart
- In order to configure the UEFI and initiate the installation of the IC-OS, please connect a crash cart to the physical machine.
- Plug-in the VGA/Video, keyboard and IC-OS USB stick
8. UEFI Setup and Boot Menu
Use the related page below to set up the BIOS/UEFI according to your hardware vendor.
Important: Do NOT enable the RAID bios setting. Doing so will cause issues with the IC-OS installation.
Resume from this point when you are finished configuring the BIOS.
9. IC-OS Installation
- Please wait while the USB Installer is booting up. This process can take up to 3 minutes.
- The IC-OS installation starts. Please keep an eye on the progress. This part can take up to 10 minutes. Please remember to check the Troubleshooting Node Deployment Errors page if you encounter any errors.
- Once you get asked to insert the HSM, please remove the keyboard and instead insert the HSM USB device.
- If the installation finished successfully, it will initiate a reboot. 🚨 Please do not unplug the USB stick or HSM USB device at this point. 🚨
10. First Boot
Please remember to check the Troubleshooting Node Deployment Errors page if you encounter any errors.
- The first boot of the IC-OS still requires the HSM USB device to be plugged in. Please wait to take out the device until further instructions. This step can take several minutes.
- Once you see this message, you may unplug the HSM USB device, USB stick and VGA/Video.
Congratulations! Your machine successfully joined the Internet Computer! The machine has joined the IC and the Node Provider will start receiving rewards!
Note that if you do NOT see a "Join request successful" message, your node may still have successfully onboarded. Continue to the next step to attempt to verify node onboarding.
11. Verify node onboarding
- Obtain your Node ID
- Your Node ID should have been outputted in the previous step. If it wasn't, please wait at least 10 minutes to see if the node ID is logged to the console.
- Verify that your node was successfully onboarded by checking its status on the dashboard
- The dashboard can be searched by your Node Provider principal. There, you should see the Node ID of your node.
- If the status of your node is either “Awaiting Subnet” or “Active in Subnet,” congratulations! Your machine successfully joined the Internet Computer!
- If the status of your node is NOT either “Awaiting Subnet” or “Active in Subnet”, or if it is NOT listed under your Node Provider principal, you should consult the Troubleshooting Node Deployment Errors page.
- If deploying with IPv4, verify that IPv4 was successfully configured
If you are failing to verify your node onboarding, consult the Troubleshooting Node Deployment Errors page.