chap-mv-servers.xml revision b1dce270ec218b8ad86ce6d745d295da038a5c88
<?xml version="1.0" encoding="UTF-8"?>
<!--
! CCPL HEADER START
!
! This work is licensed under the Creative Commons
! Attribution-NonCommercial-NoDerivs 3.0 Unported License.
! To view a copy of this license, visit
! or send a letter to Creative Commons, 444 Castro Street,
! Suite 900, Mountain View, California, 94041, USA.
!
! You can also obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! If applicable, add the following below this CCPL HEADER, with the fields
! enclosed by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CCPL HEADER END
!
! Copyright 2011-2014 ForgeRock AS
!
-->
<chapter xml:id='chap-mv-servers'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xsi:schemaLocation='http://docbook.org/ns/docbook
xmlns:xlink='http://www.w3.org/1999/xlink'>
<title>Moving Servers</title>
<indexterm><primary>Moving servers</primary></indexterm>
<para>When you change where OpenDJ is deployed, you must take host names,
port numbers, and certificates into account. The changes can also affect
your replication configuration. This chapter shows what to do when moving
a server.</para>
<indexterm>
<primary>Replication</primary>
<secondary>Moving servers</secondary>
</indexterm>
<section xml:id="moving-servers-overview">
<title>Overview</title>
<para>From time to time you might change server hardware, file system layout,
or host names. At those times you move the services running on the system.
You can move OpenDJ data between servers and operating systems. Most of the
configuration is also portable.</para>
<indexterm><primary>Certificates</primary></indexterm>
<itemizedlist>
<para>Two aspects of the configuration are not portable.</para>
<listitem>
<para>Server certificates contain the host name of the system. Even if you
did not set up secure communications when you installed the server, the
server still has a certificate used for secure communications on the
administrative port.</para>
<para>To resolve the issue with server certificates, you can change the
server certificates during the move as described in this chapter.</para>
</listitem>
<listitem>
<para>Replication configuration includes the host name and administrative
port numbers.</para>
<para>You can work around the issue with replication configuration by
disabling replication for the server before the move, and then enabling and
initializing replication again after the move.</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="before-moving-servers">
<title>Before You Move</title>
<para>Take a moment to determine whether you find it quicker and easier to
move your server, or instead to recreate a copy. To recreate a copy, install
a new server, set up the new server configuration to match the old, and then
copy only the data from the old server to the new server, initializing
replication from existing data, or even from LDIF if your database is not
too large.</para>
<para>After you decide to move a server, start by taking it out of
service. Taking it out of service means directing client applications
elsewhere, and then preventing updates from client applications, and finally
disabling replication, too. Directing client applications elsewhere depends
on your network configuration and possibly on your client application
configuration. The other two steps can be completed with the
<command>dsconfig</command> and <command>dsreplication</command>
commands.</para>
<procedure xml:id="remove-server">
<title>To Take the Server Out of Service</title>
<step>
<para>Direct client applications to other servers.</para>
<para>How you do this depends on your network and client application
configurations.</para>
</step>
<step>
<para>Prevent the server from accepting updates from client
applications.</para>
<screen>
$ <userinput>dsconfig \
set-global-configuration-prop \
--port 4444 \
--hostname opendj2.example.com \
--bindDN "cn=Directory Manager" \
--bindPassword password \
--set writability-mode:internal-only \
--trustAll \
--no-prompt</userinput>
</screen>
</step>
<step>
<para>Disable replication for the server.</para>
<screen>
$ <userinput>dsreplication \
disable \
--disableAll \
--port 4444 \
--hostname opendj2.example.com \
--adminUID admin \
--adminPassword password \
--trustAll \
--no-prompt</userinput>
<computeroutput>Establishing connections ..... Done.
Disabling replication on base DN dc=example,dc=com of server
opendj2.example.com:4444 ..... Done.
Disabling replication on base DN cn=admin data of server
opendj2.example.com:4444 ..... Done.
Disabling replication on base DN cn=schema of server
opendj2.example.com:4444 ..... Done.
Disabling replication port 8989 of server opendj2.example.com:4444 ..... Done.
Removing registration information ..... Done.
Removing truststore information ..... Done.
See
for a detailed log of this operation.</computeroutput>
</screen>
</step>
<step>
<para>With the server no longer receiving traffic or accepting updates
from clients, and no longer replicating to other servers, you can shut it
down in preparation for the move.</para>
<screen>
$ <userinput>stop-ds</userinput>
<computeroutput>Stopping Server...
... msg=The Directory Server is now stopped</computeroutput>
</screen>
</step>
<step performance="optional">
<para>You might also choose to remove extra log files from the server
<filename>logs/</filename> directory before moving the server.</para>
</step>
</procedure>
</section>
<section xml:id="moving-servers">
<title>Moving a Server</title>
<para>Now that you have decided to move your server, and prepared for the
move, you must not only move the files but also fix the configuration and
the server certificates, and then enable replication.</para>
<procedure xml:id="mv-one-server">
<title>To Move the Server</title>
<step>
<para>Move the contents of the server installation directory to the new
location.</para>
</step>
<step performance="optional">
<para>If you must change port numbers, edit the port numbers in
any whitespace or other lines in the file.</para>
</step>
<step>
<para>Change server certificates as described in the chapter on
<link xlink:href="admin-guide#chap-change-certs"
Server Certificates</citetitle></link>.</para>
</step>
<step>
<para>Start the server.</para>
<screen>
$ <userinput>start-ds</userinput>
<computeroutput>... The Directory Server has started successfully</computeroutput>
</screen>
</step>
<step>
<para>Enable and initialize replication.</para>
<screen>
$ <userinput>dsreplication \
enable \
--adminUID admin \
--bindPassword password \
--baseDN dc=example,dc=com \
--host1 opendj.example.com \
--port1 4444 \
--bindDN1 "cn=Directory Manager" \
--bindPassword1 password \
--replicationPort1 8989 \
--host2 opendj2.example.com \
--port2 4444 \
--bindDN2 "cn=Directory Manager" \
--bindPassword2 password \
--replicationPort2 8989 \
--trustAll \
--no-prompt</userinput>
<computeroutput>
Establishing connections ..... Done.
Checking registration information ..... Done.
Configuring Replication port on server opendj.example.com:4444 ..... Done.
Updating remote references on server opendj2.example.com:4444 ..... Done.
Updating replication configuration for baseDN dc=example,dc=com on server
opendj.example.com:4444 ..... Done.
Updating replication configuration for baseDN dc=example,dc=com on server
opendj2.example.com:4444 ..... Done.
Updating registration configuration on server
opendj.example.com:4444 ..... Done.
Updating registration configuration on server
opendj2.example.com:4444 ..... Done.
Updating replication configuration for baseDN cn=schema on server
opendj.example.com:4444 ..... Done.
Updating replication configuration for baseDN cn=schema on server
opendj2.example.com:4444 ..... Done.
Initializing registration information on server opendj.example.com:4444 with
the contents of server opendj2.example.com:4444 ..... Done.
Initializing schema on server opendj2.example.com:4444 with the contents of
server opendj.example.com:4444 ..... Done.
Replication has been successfully enabled. Note that for replication to work
you must initialize the contents of the base DN's that are being replicated
(use dsreplication initialize to do so).
See /tmp/opends-replication-1476402020764482023.log for a detailed log of this
operation.</computeroutput>
$ <userinput>dsreplication \
pre-external-initialization \
--adminUID admin \
--bindPassword password \
--port 4444 \
--baseDN dc=example,dc=com \
--trustAll \
--no-prompt</userinput>
<computeroutput>
Preparing base DN dc=example,dc=com to be initialized externally ..... Done.
Now you can proceed to the initialization of the contents of the base DN's on
all the replicated servers. You can use the command import-ldif or the binary
copy to do so. You must use the same LDIF file or binary copy on each server.
When the initialization is completed you must use the subcommand
'post-external-initialization' for replication to work with the new base DN's
contents.</computeroutput>
$ <userinput>dsreplication \
post-external-initialization \
--adminUID admin \
--bindPassword password \
--port 4444 \
--baseDN dc=example,dc=com \
--trustAll \
--no-prompt</userinput>
<computeroutput>
Updating replication information on base DN dc=example,dc=com ..... Done.
Post initialization procedure completed successfully.</computeroutput>
</screen>
</step>
<step>
<para>Accept updates from client applications.</para>
<screen>
$ <userinput>dsconfig \
set-global-configuration-prop \
--port 4444 \
--hostname opendj.example.com \
--bindDN "cn=Directory Manager" \
--bindPassword password \
--set writability-mode:enabled \
--trustAll \
--no-prompt</userinput>
</screen>
</step>
<step>
<para>Direct client applications to the server.</para>
</step>
</procedure>
</section>
</chapter>