Difference between revisions of "New Subnet Creation"

Revision as of 20:34, 22 November 2022

Adding/Registering new nodes

We new describe a series of steps that need to be followed to add a new node to the Internet Computer.

Node provider purchases a NitroKey (a Hardware Security Module), generates a public-key/secret-key pair, and submits an NNS proposal to add his public key to the NNS registry. The community votes on the proposal. If the majority accept the proposal, then the node provider's credentials are added to the NNS registry. From now on, the NNS canisters trust the messages signed by the node provider's secret key. The entire process is specified in the node provider onboarding article.
Node provider purchases node hardware with the recommended specifications and places it in a data center rack that meets the recommended specifications.
The node doesn't yet have any operating system. The node provider needs to install the IC-OS operating system on the node. The detailed procedure can be found in the IC-OS installation runbook articles (Installation for SuperMicro, Installation for Dell Poweredge).
The node provider inserts the NitroKey usb stick into the node machine. The NitroKey contains the secret key of corresponding to the node provider's registered public key.
The node provider then switches on the node to boot the IC-OS operation system, which starts a few processes including orchestrator, crypto and http adapter processes.
The crypto process finds that it never generated any cryptographic key material before. The crypto process then generates new cryptographic keys. This includes node signing key, NIDKG key, ECDSA key, TLS key, etc.
The cryptographic key material need to be registered with the NNS registry. For this, the crypto process sends the keys to the orchestrator, which then crafts a message containing the key material, signs the message with the node provider's signing key present in the NitroKey, and sends the message to the NNS registry canister.
The NNS registry canister creates a record for the new node and stores its cryptographic key material.
The node is now registered in the Internet Computer, but not yet assigned to any subnet.

@@ Line 1: / Line 1: @@
-== Adding new nodes ==
+== Adding/Registering new nodes ==
 We new describe a series of steps that need to be followed to add a new node to the Internet Computer.
 * Node provider purchases a NitroKey (a Hardware Security Module), generates a public-key/secret-key pair, and submits an NNS proposal to add his public key to the NNS registry. The community votes on the proposal. If the majority accept the proposal, then the node provider's credentials are added to the NNS registry. From now on, the NNS canisters trust the messages signed by the node provider's secret key. The entire process is specified in the [https://wiki.internetcomputer.org/wiki/Node_Provider_Onboarding node provider onboarding article].
@@ Line 7: / Line 7: @@
 * The node provider then switches on the node to boot the IC-OS operation system, which starts a few processes including orchestrator, crypto and http adapter processes.
 * The crypto process finds that it never generated any cryptographic key material before. The crypto process then generates new cryptographic keys. This includes node signing key, NIDKG key, ECDSA key, TLS key, etc.
-* The crypto process sends the keys to the orchestrator, which then creates
+* The cryptographic key material need to be registered with the NNS registry. For this, the crypto process sends the keys to the orchestrator, which then crafts a message containing the key material, signs the message with the node provider's signing key present in the NitroKey, and sends the message to the NNS registry canister.
+* The NNS registry canister creates a record for the new node and stores its cryptographic key material.
+* The node is now registered in the Internet Computer, but not yet assigned to any subnet.