Difference between revisions of "Node Provider Onboarding"

Learn how to be accepted by the NNS as a Node Provider and onboard your nodes to the IC.

Please allocate up to a week to complete this guide, as it may take several days for a proposal to be accepted by the NNS, and you may have to submit multiple NNS proposals.

Note that the following steps do not need to be performed on the node machine itself. You can complete them on your personal laptop.

If you encounter issues through any of these steps, check the Node Provider Troubleshooting page. If that does not solve your problem, you are encouraged to ask for assistance in the Node Provider Matrix channel.

For regular operations after onboarding, please refer to Node Provider Maintenance Guide

❗️❗️❗️DFINITY does not offer live support for Node Providers attempting to onboard nodes.

Requirements

• Node Provider Machine Hardware Guide
• Node Provider Networking Guide
• Hardware wallet
• NitroKey HSM (Optional, legacy—not recommended)
• 11 ICP (10 of which are to be staked for the NNS proposal deposit)
• Basic understanding of neurons, staking, and governance proposals. For instance, understanding what it means to stake a neuron for 8 years.

1. Install the required tools

A. Install ic-admin

ic-admin is the tool used to create and submit NNS proposals.

MacOS

1. Retrieve the file

   $ curl "https://download.dfinity.systems/ic/7445081734e6d896d090295967d50710975c4f25/openssl-static-binaries/x86_64-darwin/ic-admin.gz" -o - | gunzip > ./ic-admin
   $ chmod +x ./ic-admin
   

2. Verify the binary

   $ diff <(shasum -a 256 ./ic-admin | cut -d' ' -f1) <(echo 3f75026d2f28f171068e332a42c82a2795c93fbf5ab351baef30b30eb901cdba) && echo "ic-admin checksum matches" || echo "***ERROR***: ic-admin checksum does not match"
   

Linux

NOTE: The instructions below have been tested with the Ubuntu 20.04 release.

1. Retrieve the file

   $ curl "https://download.dfinity.systems/ic/7445081734e6d896d090295967d50710975c4f25/openssl-static-binaries/x86_64-linux/ic-admin.gz" -o - | gunzip > ./ic-admin
   $ chmod +x ./ic-admin
   

2. Verify the binary

   $ diff <(shasum -a 256 ./ic-admin | cut -d' ' -f1) <(echo e29bb9cc462e800b8b960ad49c412e5f5fdbb5ae2ae9fde0c13058422ba32802) && echo "ic-admin checksum matches" || echo "***ERROR***: ic-admin checksum does not match"
   

B. Install dfx

1. dfx is used to generate neuron hotkeys, among other things

   $ sh -ci "$(curl -fsSL https://smartcontracts.org/install.sh)"
   

2. Verify that dfx is up to date.

   $ export PATH=$HOME/bin:$PATH
   $ dfx upgrade
   $ dfx --version
   

2. Create Node Provider hotkey

1. Create an identity for the Node Provider Hotkey

   $ dfx identity new --storage-mode=plaintext node-provider-hotkey
   
   Created identity: "node-provider-hotkey".
   
   
   $ dfx --identity node-provider-hotkey identity get-principal
   
   xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx
   # example node-provider-hotkey: wuyst-x5tpn-g5wri-mp3ps-vjtba-de3xs-w5xgb-crvek-tucbe-o5rqi-mae
   

   You will need the Node Provider hotkey in the next steps. Note: you may be prompted to enter a passphrase when creating your identity and accessing your identity principal. Take note of the passphrase you choose.

Note: The Node Provider hotkey is NOT the Node Provider principal. This is the hotkey that is used for the NNS proposal submissions only.

3. Create and Manage Neuron via NNS Frontend Dapp and Internet Identity

1. Send at least 11 ICPs to your hardware wallet address.
2. Navigate to Neurons tab and create a Neuron by staking at least 10 ICP from your hardware wallet. Staking more ICP works as well, but 10 is the minimum to stake a neuron, and you must have a little more for transaction fees.
3. IMPORTANT! Confirm the transaction on your hardware wallet.

   

4. After the Neuron has been created successfully, confirm to "Add NNS Dapp as hotkey" in the dialogue and on your hardware wallet, and close the dialog after the action completes.

   

5. Set the dissolve delay to at least 6 months, and confirm the choice in the dialogue and on your hardware wallet. After the action completes, you can close the "Follow Neurons".

   

6. You will now see a Neuron listed with its ID. Copy the Neuron ID, since you will need it in the next steps to place the necessary proposals.

   

4. Add hotkeys

1. Select the Neuron you just created to open Neuron management view and press “Add hotkey” button.

   

2. A dialog will pop up where you can enter the hotkey you generated in step 2.1 (output from command dfx --identity node-provider-hotkey identity get-principal). This will allow you to submit NNS proposals using ic-admin and will not be used for anything else.
   

   Press the confirm button and confirm the transactions on your hardware wallet.
   

   

3. Get the Ledger Hardware Wallet Principal Id: Navigate back to ICP page and select your Ledger hardware wallet account. You will need to use this Ledger Hardware Wallet principal as the Node Provider principal in order to get the rewards directly into the secure hardware wallet.

   

   

4. Copy and save this Node Provider principal by clicking on the copy icon after the principal id. You'll need it in the next steps.

   $ NODE_PROVIDER_PRINCIPAL=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx   
   # Input ledger Hardware Wallet principal, from the NNS FrontEnd dapp https://nns.ic0.app/
   
   # example: $ NODE_PROVIDER_PRINCIPAL=fharn-5vyi2-4xb4a-64yyi-3jpmj-pga23-mxy25-d5uim-fqcro-eoefh-tae
   

5. Choose onboarding path (HSM vs no HSM)

Onboarding without a NitroKey HSM is the recommended onboarding path. In particular, node providers onboarding Gen 2 hardware must onboard without a NitroKey HSM. If you will be onboarding without a NitroKey HSM, continue to the next step.

If the legacy procedure is necessary, follow the NitroKey HSM onboarding instructions and return to step 8.

6. Setup the Node Operator keys

1. Ensure dfx is at least version 0.14. Node Operator keys created with older versions of dfx will fail to join the IC. Run:

   $ dfxvm update
   $ dfx --version
   

2. Create a new principal with dfx:

   $ dfx identity new --storage-mode=plaintext node_operator
   

3. Confirm node_operator identity was created successfully:

   $ dfx identity list
   

   This list should contain node_operator.
4. Copy new key to a known location:

   $ cp ~/.config/dfx/identity/node_operator/identity.pem ./node_operator_private_key.pem
   

5. Check the contents of the node_operator_private_key.pem file and double check that it contains the following contents. It is imperative that the first line has -----BEGIN EC PRIVATE KEY-----. If it does not, make sure you use the latest dfx version and that you followed the instructions precisely.

   ❯ cat ./node_operator_private_key.pem
   -----BEGIN EC PRIVATE KEY-----
   [3 lines of base64 encoded private key, e.g. n2Nhp68YcQpuS0u96r...]
   -----END EC PRIVATE KEY-----
   

   Note: you must retain access to the node_operator_private_key.pem file for when you onboard nodes in roadmap milestone five.

7. Get the node operator principal

1. Get the principal:

   $ NODE_OPERATOR_PRINCIPAL=$(dfx --identity node_operator identity get-principal)
   $ echo $NODE_OPERATOR_PRINCIPAL
   
   uqquy-76uhn-2mys5-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx
   

You will need the node operator principal in the next steps.

8. Register your Node Provider principal to the network

In the next codeblock:

• Replace the NODE_PROVIDER_NAME value with the name of the entity that will provide the nodes.
• Replace the NODE_PROVIDER_PRINCIPAL value with the Ledger Hardware Wallet principal that you got from the NNS Frontend Dapp (step 4.4)
• Replace the NEURON_ID value with your neuron ID from the NNS Frontend Dapp (step 3.6)

• IMPORTANT: Please make sure that you also update the --summary and include a link to the forum discussion, your company's web page, and/or to another place that can convince the voting community that you are making a legitimate request. You must also include the file hash for the self declaration and proof of identity documents, or the proposal will be rejected. This way you will avoid the community voting NO to your proposal and you losing your staked ICPs.

1. Create the Proposal

   $ NODE_PROVIDER_NAME="My Company"
   $ NODE_PROVIDER_PRINCIPAL=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx
   $ NEURON_ID=XXXXXXXXXXXXXXXXXXXX
   $ ./ic-admin \
           --nns-url https://ic0.app \
           -s ~/.config/dfx/identity/node-provider-hotkey/identity.pem \
       propose-to-add-or-remove-node-provider add \
           --proposer $NEURON_ID \
           --proposal-title "Register a node provider '${NODE_PROVIDER_NAME}'" \
           --summary "Register a node provider '${NODE_PROVIDER_NAME}', in line with the announcement and discussion at <https://forum.dfinity.org/t/...>. The self-declaration documentation is available at <https://wiki.internetcomputer.org/wiki/...> with SHA256 hash <SHA256>. The proof of identity is available at <https://wiki.internetcomputer.org/wiki/...> with SHA256 hash <SHA256>." \
           --node-provider-pid "$NODE_PROVIDER_PRINCIPAL"
   

2. Find the proposal on https://dashboard.internetcomputer.org/governance and wait until it is executed before proceeding to next step.
3. In order to expedite the speed of your proposal's approval, it is best to create a post in this forum thread to raise awareness of your proposal. You can use this as a template for the post.

9. Register your datacenter to the network (if necessary)

1. Search for your data center on https://dashboard.internetcomputer.org/centers.
   • If you found the datacenter that is hosting your nodes, remember its ID, and skip the following section. Otherwise, proceed with the registration of a new DC record.

   

Create a data center record for a new DC

In the next block of code:

• Replace the NEURON_ID value with your neuron ID from the NNS Frontend Dapp (step 3.6)
• Replace the JSON fields from the –data-centers-to-add argument and their corresponding values in --summary:
  • "id" represents the city that your datacenter is in and is formulated as a combination of two letters representing the city and an incrementing number. Search data center IDs on https://dashboard.internetcomputer.org, and find a combination of two letters and a number that’s not yet registered. Examples:
    • dl1 (Dallas, no IDs with “dl” prefix)
    • zh10 (Zurich, numbers 0-9 are already registered)

    

  • "region" represents the local region of a datacenter and is formulated as a three-part string divided by commas. The three parts making the string are continent, country code, and region, in the given order. Examples:
    • North America,US,Florida
    • Europe,DE,Bavaria
    • Asia,SG,Singapore

    

  • "owner" The entity that provides your datacenter facilities.
    • Search https://dashboard.internetcomputer.org for existing data center providers.
    • If there’s match, make sure you use the same exact some name for your datacenter.
    • Otherwise, name the data center owner to your best knowledge.

    

  • "gps" GPS coordinates.
    • Find your datacenter on https://www.google.com/maps/.
    • Right click on location, and select the GPS coordinates (first item in the menu) in order to copy them.

    

1. Create the proposal:

   $ NEURON_ID=XXXXXXXXXXXXXXXXXXXX
   $ ./ic-admin \
           --nns-url https://ic0.app \
           -s ~/.config/dfx/identity/node-provider-hotkey/identity.pem \
       propose-to-add-or-remove-data-centers \
           --summary "Register a Flexential datacenter as dl1 in North America,US,Texas" \
           --skip-confirmation \
           --proposer $NEURON_ID \
           --data-centers-to-add '{
               "id": "dl1",
               "region": "North America,US,Texas",
               "owner": "Flexential",
               "gps": [
                   33.00803, -96.66614
               ]
           }'
   

   Remember to replace all the values of both the arguments –data-centers-to-add and --summary
2. Find the proposal on https://dashboard.internetcomputer.org/governance and wait until it's executed before proceeding to next step.
3. In order to expedite the speed of your proposal's approval, it is best to create a post in this forum thread to raise awareness of your proposal. You can use this as a template for the post.

10. Create a node operator record

IMPORTANT: Before submitting the Node Operator record, please go through the description of Validation of Candidate Node Machines to validate whether additional node machines are needed for decentralization of the IC-network.

• Create a pdf with the outcome of running the optimization model and the steps that allow the community to reproduce the validation check.
• Include the pdf in the wiki page that includes the NP documents (self-declaration and proof-of-identity document)
• Include a link to the pdf as well as the hash of the document in the Node Operator record proosal.

In the next codeblock:

• Replace the NEURON_ID value with your neuron ID from the NNS Frontend Dapp (step 3.6).
• Replace the NODE_PROVIDER_PRINCIPAL value with the Ledger Hardware Wallet principal that you got from the NNS Frontend Dapp (step 4.4).
• Replace the NODE_OPERATOR_PRINCIPAL value with your node operator principal (step 7.1). Important: if you are adding an additional node operator record because you will deploy nodes in another data center, please make sure to create a new node operator principal first (steps 6 and 7). A node operator principal can only be tied to 1 data center.
• Replace the NODE_PROVIDER_NAME value with the name of the entity that will provide the nodes.
• Replace the NODE_ALLOWANCE variable value with number of nodes you are providing.
• Replace the DC_ID variable value with id of your datacenter.

1. Create the proposal:

   $ NEURON_ID=XXXXXXXXXXXXXXXXXXXX
   $ NODE_PROVIDER_PRINCIPAL=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx
   $ NODE_OPERATOR_PRINCIPAL=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxx
   $ NODE_PROVIDER_NAME="My Company"
   $ NODE_ALLOWANCE=8
   $ DC_ID=dl1
   
   $ ./ic-admin \
           --nns-url https://ic0.app \
           -s ~/.config/dfx/identity/node-provider-hotkey/identity.pem \
       propose-to-add-node-operator \
           $NODE_PROVIDER_PRINCIPAL \
           --summary "Node provider '$NODE_PROVIDER_NAME' is adding $NODE_ALLOWANCE nodes in the $DC_ID data center. The result of the canidate node machine validation and exact configuration run is available at <https://wiki.internetcomputer.org/wiki/...> with SHA256 hash <SHA256>." \
           --proposer $NEURON_ID \
           --node-operator-principal-id $NODE_OPERATOR_PRINCIPAL \
           --node-allowance $NODE_ALLOWANCE \
           --dc-id $DC_ID
   

2. Find the proposal on https://dashboard.internetcomputer.org/governance and wait until it's executed before proceeding to next step.