# Migrating to Node Pilot

#### Objectives

* **Legacy Decommissioning**: Securely extract your validator's digital identity from any manual setup.
* **Infrastructure Automation**: Use Cloud-Config to deploy a hardened server in under 60 seconds.
* **Node Pilot Migration**: Restore your identity and resume validation with the streamlined `cpilot` CLI.

#### Prerequisites

* **Hetzner Account:** Verified and active.
* **Legacy Records:** Have your P12 passphrase and alias ready.
* **SSH Tools:**
  * **MacOS/Linux:** Terminal app.
  * **Windows:** [PuTTY](https://www.putty.org/) (for SSH) and [WinSCP](https://winscp.net/eng/download.php) (for file backup).

***

### 🔍 Phase 0: Identity Extraction (Legacy Server)

*Before shutting down your old environment, you must gather your node’s baseline data.*

**1. Log into your Legacy Server** Connect to your old server using your standard method (Terminal or PuTTY).

**2. Record Baseline Identity** Run these commands to ensure you can verify the migration later:

* **Node ID**: Run `sudo nodectl nodeid`. (Select **intnet-l0** profile).
* **DAG Address**: Run `sudo nodectl dag`. (Select **intnet-l0** profile).
* **Action**: Copy these strings into a secure note. This is your "Original ID".

**3. Retrieve your Public SSH Key** Run the command: `cat ~/.ssh/authorized_keys`

* **Action**: Copy the output string (starting with `ssh-rsa`). You will need this for the new server.

**4. Download your Keystore** You must save your `.p12` file to your local computer before destroying this server.

📘 [**Guide: How to Backup/Restore a P12 KeyStore**](https://docs.constellationnetwork.io/run-a-node/validator-node-guides/operational-guides/backup-restore-a-p12-keystore)

**⚠️ Critical Warning:** Do not proceed to Phase 1 until you have verified that the `.p12` file is safely on your local computer. If you delete your server without this file, your node identity is lost forever.

***

### 🏗️ Phase 1: Infrastructure Setup

**1. Account Setup** Log in to [console.hetzner.com/projects](https://console.hetzner.com/projects) and create a **New Project** (e.g., `Intnet-Cpilot`).

**2. Create a Firewall** Navigate to **Firewalls > Create Firewall** and add these **Inbound Rules**:

* **SSH**: TCP | Port 22 | Source: **Your Local IP**.
* **L0**: TCP | Port 9000-9001 | Source: **Any IPv4** & **Any IPv6**.
* **L1**: TCP | Port 9010-9011 | Source: **Any IPv4** & **Any IPv6**.

**3. Provision Server** Click **Add Server** and select:

* **Location**: Falkenstein or Helsinki.
* **Image**: Ubuntu 24.04.
* **Type**: CPX42 (Recommended).
* **Networking**: Public IPv4 + Your Firewall.
* **Cloud Config**: Paste the script below, replacing the placeholder `YOUR_PUBLIC_SSH_KEY_STRING_HERE` with your **Public SSH Key** from Phase 0.

```yaml
#cloud-config
users:
  - name: nodeadmin
    groups: users, admin
    sudo: ALL=(ALL) NOPASSWD:ALL
    shell: /bin/bash
    ssh_authorized_keys:
      - YOUR_PUBLIC_SSH_KEY_STRING_HERE
package_update: true
package_upgrade: true
write_files:
  - path: /etc/ssh/sshd_config.d/ssh-hardening.conf
    content: |
      PermitRootLogin no
      PasswordAuthentication no
      KbdInteractiveAuthentication no
      ChallengeResponseAuthentication no
      MaxAuthTries 2
      AllowTcpForwarding no
      X11Forwarding no
      AllowAgentForwarding no
      AuthorizedKeysFile .ssh/authorized_keys
      AllowUsers nodeadmin
```

#### ⚙️ Phase 2: System Setup

{% tabs %}
{% tab title="MacOS / Linux" %}
**1. Initial Access**

* Open your **Terminal**.
* Run the connection command (replace `<NEW_IP>` with your new server's IP address):

  ```bash
  ssh nodeadmin@<NEW_IP> -i ~/.ssh/id_rsa
  ```

**2. User Security (Optional)**

* If you wish to set a password for `nodeadmin`, run:

  ```bash
  sudo passwd nodeadmin && echo "nodeadmin ALL=(ALL) ALL" | sudo tee /etc/sudoers.d/nodeadmin
  ```

{% endtab %}

{% tab title="Windows" %}
**1. Initial Access**

* Open **PuTTY**.
* **Host Name:** Enter your **New VPS IP**.
* **Auth:** Select your Private Key (`.ppk`) under *Connection > SSH > Auth > Credentials*.
* Click **Open** and log in as `nodeadmin`.

**2. User Security (Optional)**

* If you wish to set a password for `nodeadmin`, run:

  ```bash
  sudo passwd nodeadmin && echo "nodeadmin ALL=(ALL) ALL" | sudo tee /etc/sudoers.d/nodeadmin
  ```

{% endtab %}
{% endtabs %}

#### 📦 Phase 3: Node Pilot Installation

{% tabs %}
{% tab title="MacOS / Linux" %}
**1. Install Node Pilot**

* Run the installer:

MainNet:

```bash
curl -fsSL https://github.com/Constellation-Labs/node-pilot/releases/download/v0.8.0/install.sh -o install-node-pilot.sh; source install-node-pilot.sh
```

Or Integration Net:

```bash
curl -fSSL https://github.com/Constellation-Labs/node-pilot/releases/download/v.0.14.0-integrationnet/install.sh -o install-node-pilot.sh; bash install-node-pilot.sh
```

**2. Permissions Refresh**

* When prompted, type **`y`** to exit.
* **Log back in** using the command from Phase 2.

**3. Upload Identity**

* Open a **new Terminal tab** (Command + T).
* Run the copy command to upload your `.p12` file:

  ```bash
  scp -i ~/.ssh/id_rsa ~/Desktop/<YOUR_FILE_NAME>.p12 nodeadmin@<NEW_IP>:/home/nodeadmin/
  ```

**4. Initialize cpilot**

* Return to the **original terminal tab**.
* **⚠️ Critical:** Ensure any **VPNs are switched OFF**.
* Run `cpilot` and follow the prompts:
  * **Network**: Press **Enter** for "Hypergraph".
  * **IP Address**: Press **Enter** for "Use detected IP address".
  * **Network Type**: Select **Integrationnet** and press **Enter**.
  * **Layers**: Press **`a`** to select both **gl0** and **gl1**.
  * **Memory**: Assign **15** GB.
  * **Identity**: Choose **Import an existing key file** and provide your P12 details.
  * **Final Confirmation**: Press **`y`** for all remaining prompts to finish the setup.
    {% endtab %}

{% tab title="Windows" %}
**1. Install Node Pilot**

* Paste this command into PuTTY:

MainNet:

```bash
curl -fsSL https://github.com/Constellation-Labs/node-pilot/releases/download/v0.8.0/install.sh -o install-node-pilot.sh; source install-node-pilot.sh
```

Or Integration Net:

```bash
curl -fSSL https://github.com/Constellation-Labs/node-pilot/releases/download/v.0.14.0-integrationnet/install.sh -o install-node-pilot.sh; bash install-node-pilot.sh
```

**2. Permissions Refresh**

* When prompted, type **`y`** to exit.
* **Log back in** via PuTTY.

**3. Upload Identity (WinSCP)**

* Open **WinSCP**.
* **Login:** Enter your VPS IP, username `nodeadmin`, and select your `.ppk` key.
* **Transfer:** Drag and drop your `.p12` file from your PC (Left) to the Server folder `/home/nodeadmin/` (Right).

**4. Initialize cpilot**

* Return to **PuTTY**.
* **⚠️ Critical:** Ensure any **VPNs are switched OFF**.
* Run `cpilot` and follow the prompts:
  * **Network**: Press **Enter** for "Hypergraph".
  * **IP Address**: Press **Enter** for "Use detected IP address".
  * **Network Type**: Select **Integrationnet** and press **Enter**.
  * **Layers**: Press **`a`** to select both **gl0** and **gl1**.
  * **Memory**: Assign **15** GB.
  * **Identity**: Choose **Import an existing key file** and provide your P12 details.
  * **Final Confirmation**: Press **`y`** for all remaining prompts to finish the setup.
    {% endtab %}
    {% endtabs %}

### ✅ Phase 4: Verification

*This verification step is identical for all users.*

**1. Check Health**

* Run `cpilot` to view the live dashboard.

**2. Join State**

* Verify that **Node State** for both layers transitions to **Ready** (Green).

**3. Confirm ID**

* Run `cpilot node-id` and confirm it matches the **Original ID** you recorded in Phase 0.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.constellationnetwork.io/run-a-node/validator-node-guides/build-your-node/migrating-to-node-pilot.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.