6443N/A<?
xml version="1.0" encoding="UTF-8"?>
6443N/A ! This work is licensed under the Creative Commons 6443N/A ! Attribution-NonCommercial-NoDerivs 3.0 Unported License. 6443N/A ! To view a copy of this license, visit 6443N/A ! or send a letter to Creative Commons, 444 Castro Street, 6443N/A ! Suite 900, Mountain View, California, 94041, USA. 6443N/A ! You can also obtain a copy of the license at 6443N/A ! See the License for the specific language governing permissions 6443N/A ! and limitations under the License. 6443N/A ! If applicable, add the following below this CCPL HEADER, with the fields 6443N/A ! enclosed by brackets "[]" replaced with your own identifying information: 6443N/A ! Portions Copyright [yyyy] [name of copyright owner] 7097N/A ! Copyright 2011-2014 ForgeRock AS 6443N/A<
chapter xml:
id='chap-mv-servers' 6443N/A <
title>Moving Servers</
title>
6443N/A <
indexterm><
primary>Moving servers</
primary></
indexterm>
6443N/A <
para>When you change where OpenDJ is deployed, you must take host names,
6443N/A port numbers, and certificates into account. The changes can also affect
6443N/A your replication configuration. This chapter shows what to do when moving
6443N/A <
primary>Replication</
primary>
6443N/A <
secondary>Moving servers</
secondary>
6443N/A <
section xml:
id="moving-servers-overview">
6443N/A <
para>From time to time you might change server hardware, file system layout,
6443N/A or host names. At those times you move the services running on the system.
6443N/A You can move OpenDJ data between servers and operating systems. Most of the
6443N/A configuration is also portable.</
para>
6443N/A <
indexterm><
primary>Certificates</
primary></
indexterm>
6443N/A <
para>Two aspects of the configuration are not portable.</
para>
6443N/A <
para>Server certificates contain the host name of the system. Even if you
6443N/A did not set up secure communications when you installed the server, the
6443N/A server still has a certificate used for secure communications on the
6443N/A administrative port.</
para>
6443N/A <
para>To resolve the issue with server certificates, you can change the
6443N/A server certificates during the move as described in this chapter.</
para>
6443N/A <
para>Replication configuration includes the host name and administrative
6443N/A <
para>You can work around the issue with replication configuration by
6443N/A disabling replication for the server before the move, and then enabling and
6443N/A initializing replication again after the move.</
para>
6443N/A <
section xml:
id="before-moving-servers">
6443N/A <
title>Before You Move</
title>
6443N/A <
para>Take a moment to determine whether you find it quicker and easier to
6443N/A move your server, or instead to recreate a copy. To recreate a copy, install
6443N/A a new server, set up the new server configuration to match the old, and then
6443N/A copy only the data from the old server to the new server, initializing
6443N/A replication from existing data, or even from LDIF if your database is not
6443N/A <
para>After you decide to move a server, start by taking it out of
6443N/A service. Taking it out of service means directing client applications
6443N/A elsewhere, and then preventing updates from client applications, and finally
6443N/A disabling replication, too. Directing client applications elsewhere depends
6443N/A on your network configuration and possibly on your client application
6443N/A configuration. The other two steps can be completed with the
6443N/A <
command>dsconfig</
command> and <
command>dsreplication</
command>
6443N/A <
procedure xml:
id="remove-server">
6443N/A <
title>To Take the Server Out of Service</
title>
6443N/A <
para>Direct client applications to other servers.</
para>
6443N/A <
para>How you do this depends on your network and client application
6443N/A <
para>Prevent the server from accepting updates from client
7097N/A set-global-configuration-prop \
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --set writability-mode:internal-only \
6443N/A <
para>Disable replication for the server.</
para>
7097N/A$ <
userinput>dsreplication \
7097N/A<
computeroutput>Establishing connections ..... Done.
6443N/ADisabling replication on base DN dc=example,dc=com of server
6443N/ADisabling replication on base DN cn=admin data of server
6443N/ADisabling replication on base DN cn=schema of server
6443N/ARemoving registration information ..... Done.
6443N/ARemoving truststore information ..... Done.
7097N/Afor a detailed log of this operation.</
computeroutput>
6443N/A <
para>With the server no longer receiving traffic or accepting updates
6443N/A from clients, and no longer replicating to other servers, you can shut it
6443N/A down in preparation for the move.</
para>
7097N/A$ <
userinput>stop-ds</
userinput>
7097N/A<
computeroutput>Stopping Server...
7097N/A... msg=The Directory Server is now stopped</
computeroutput>
6443N/A <
step performance="optional">
6443N/A <
para>You might also choose to remove extra log files from the server
6443N/A <
filename>logs/</
filename> directory before moving the server.</
para>
6443N/A <
section xml:
id="moving-servers">
6443N/A <
title>Moving a Server</
title>
6443N/A <
para>Now that you have decided to move your server, and prepared for the
6443N/A move, you must not only move the files but also fix the configuration and
6443N/A the server certificates, and then enable replication.</
para>
6443N/A <
procedure xml:
id="mv-one-server">
6443N/A <
title>To Move the Server</
title>
6443N/A <
para>Move the contents of the server installation directory to the new
6443N/A <
step performance="optional">
6443N/A <
para>If you must change port numbers, edit the port numbers in
6443N/A any whitespace or other lines in the file.</
para>
6443N/A <
para>Change server certificates as described in the chapter on
6443N/A <
link xlink:
href="admin-guide#chap-change-certs" 6443N/A Server Certificates</
citetitle></
link>.</
para>
6443N/A <
para>Start the server.</
para>
7097N/A$ <
userinput>start-ds</
userinput>
7097N/A<
computeroutput>... The Directory Server has started successfully</
computeroutput>
6443N/A <
para>Enable and initialize replication.</
para>
7097N/A$ <
userinput>dsreplication \
7097N/A --baseDN dc=example,dc=com \
7097N/A --bindDN1 "cn=Directory Manager" \
7097N/A --bindDN2 "cn=Directory Manager" \
6443N/AEstablishing connections ..... Done.
6443N/AChecking registration information ..... Done.
6443N/AUpdating replication configuration for baseDN dc=example,dc=com on server
6443N/AUpdating replication configuration for baseDN dc=example,dc=com on server
6443N/AUpdating registration configuration on server
6443N/AUpdating registration configuration on server
6443N/AUpdating replication configuration for baseDN cn=schema on server
6443N/AUpdating replication configuration for baseDN cn=schema on server
6443N/AReplication has been successfully enabled. Note that for replication to work
6443N/A you must initialize the contents of the base DN's that are being replicated
6443N/A (use dsreplication initialize to do so).
7097N/A$ <
userinput>dsreplication \
7097N/A pre-external-initialization \
7097N/A --baseDN dc=example,dc=com \
6443N/APreparing base DN dc=example,dc=com to be initialized externally ..... Done.
6443N/ANow you can proceed to the initialization of the contents of the base DN's on
6443N/A all the replicated servers. You can use the command import-ldif or the binary
6443N/A copy to do so. You must use the same LDIF file or binary copy on each server.
6443N/AWhen the initialization is completed you must use the subcommand
6443N/A 'post-external-initialization' for replication to work with the new base DN's
7097N/A$ <
userinput>dsreplication \
7097N/A post-external-initialization \
7097N/A --baseDN dc=example,dc=com \
6443N/AUpdating replication information on base DN dc=example,dc=com ..... Done.
7097N/APost initialization procedure completed successfully.</
computeroutput>
6443N/A <
para>Accept updates from client applications.</
para>
7097N/A set-global-configuration-prop \
7097N/A --bindDN "cn=Directory Manager" \
7097N/A --set writability-mode:enabled \
6443N/A <
para>Direct client applications to the server.</
para>