Removing a Node From the Registry
Removing a node from the registry via DFX
When is this necessary?
Node operator records allow for some number of nodes to be joined to the network. This is called the node allowance. Redeploying the same machine will result in the node generating the same IPv6 address. When joining the network any old node-id associated with this address will be removed - and the node allowance will not be affected.
But if the BMC changes - because of a motherboard replacement for example - a new IPv6 address will be generated. In this case the node will appear new to the network upon joining. If the number of nodes deployed matches the node allowance, no new nodes can join.
In this case - the old node-id must be removed.
Steps
- Ensure that the node does not exist in any subnet.
- If the node is in a subnet - request help on the matrix channel.
- As a last resort, unplugging the node will work. Please alert the matrix channel you are doing this.
- If applicable, get the HSM (NodeOperator Key) from the data center. Skip if you used a `pem` file to create the node operator record.
- Insert it into a computer that has DFX installed and has internet access.
- Using the terminal, execute the following command (Where NODE_ID is the principal as shown on the dashboard of the node to remove):
IF USING PHYSICAL HSM:
- Configure dfx identity (Optional)
- MacOS
$ dfx identity new node-operator-hsm --hsm-key-id 01 --hsm-pkcs11-lib-path /Library/OpenSC/lib/opensc-pkcs11.so
- Linux
$ dfx identity new node-operator-hsm --hsm-key-id 01 --hsm-pkcs11-lib-path /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
- MacOS
- Set the Identity Globally: You can set the identity globally using the
dfx identity
command, and then run thedfx canister
command without the--identity
flag.dfx identity use node-operator-hsm
- Set HSM PIN Globally
export DFX_HSM_PIN=358138
- Run the Command After Setting the PIN: Once you’ve set the environment variable, you can run the
dfx canister
command again:dfx canister --network ic --identity node-operator-hsm call rwlgt-iiaaa-aaaaa-aaaaa-cai remove_node_directly '(record { node_id = principal "YOUR NODE ID" })'
IF USING NO HSM:
$ dfx identity import node_operator node_operator_private_key.pem --storage-mode=plaintext
$ dfx canister --network ic --identity node_operator call rwlgt-iiaaa-aaaaa-aaaaa-cai remove_node_directly '(record { node_id = principal "NODE_ID" })'
When the node is ready to be re-registered:
- If it was healthy, has had no problems, and does not need firmware or anything else updated, then simply re-insert the HSM and reboot the server, and it will rejoin with the same node ID principal it was deployed with.
- If it had problems, had hardware replaced, had firmware updated, etc., then please do a fresh redeployment.