chap-mv-servers.xml revision 08248b5c5b494aff8d1922e8e0b5777796d7450d
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! CCPL HEADER START
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! This work is licensed under the Creative Commons
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! Attribution-NonCommercial-NoDerivs 3.0 Unported License.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! To view a copy of this license, visit
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! or send a letter to Creative Commons, 444 Castro Street,
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! Suite 900, Mountain View, California, 94041, USA.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! You can also obtain a copy of the license at
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! See the License for the specific language governing permissions
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! and limitations under the License.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! If applicable, add the following below this CCPL HEADER, with the fields
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! enclosed by brackets "[]" replaced with your own identifying information:
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! Portions Copyright [yyyy] [name of copyright owner]
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! CCPL HEADER END
08248b5c5b494aff8d1922e8e0b5777796d7450dmark ! Copyright 2011-2014 ForgeRock AS
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark xmlns='http://docbook.org/ns/docbook' version='5.0' xml:lang='en'
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <indexterm><primary>Moving servers</primary></indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>When you change where OpenDJ is deployed, you must take host names,
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark port numbers, and certificates into account. The changes can also affect
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark your replication configuration. This chapter shows what to do when moving
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark a server.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>From time to time you might change server hardware, file system layout,
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark or host names. At those times you move the services running on the system.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark You can move OpenDJ data between servers and operating systems. Most of the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark configuration is also portable.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <itemizedlist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Two aspects of the configuration are not portable.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Server certificates contain the host name of the system. Even if you
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark did not set up secure communications when you installed the server, the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark server still has a certificate used for secure communications on the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark administrative port.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>To resolve the issue with server certificates, you can change the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark server certificates during the move as described in this chapter.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Replication configuration includes the host name and administrative
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark port numbers.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>You can work around the issue with replication configuration by
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark disabling replication for the server before the move, and then enabling and
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark initializing replication again after the move.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </itemizedlist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </section>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Take a moment to determine whether you find it quicker and easier to
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark move your server, or instead to recreate a copy. To recreate a copy, install
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark a new server, set up the new server configuration to match the old, and then
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark copy only the data from the old server to the new server, initializing
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark replication from existing data, or even from LDIF if your database is not
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark too large.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>After you decide to move a server, start by taking it out of
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark service. Taking it out of service means directing client applications
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark elsewhere, and then preventing updates from client applications, and finally
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark disabling replication, too. Directing client applications elsewhere depends
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark on your network configuration and possibly on your client application
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark configuration. The other two steps can be completed with the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <command>dsconfig</command> and <command>dsreplication</command>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark commands.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Direct client applications to other servers.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>How you do this depends on your network and client application
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark configurations.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Prevent the server from accepting updates from client
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark applications.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark$ <userinput>dsconfig \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark set-global-configuration-prop \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --port 4444 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindDN "cn=Directory Manager" \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindPassword password \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --set writability-mode:internal-only \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --trustAll \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --no-prompt</userinput>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark$ <userinput>dsreplication \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --disableAll \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --port 4444 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --adminUID admin \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --adminPassword password \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --trustAll \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --no-prompt</userinput>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark<computeroutput>Establishing connections ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkDisabling replication on base DN dc=example,dc=com of server
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark opendj2.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkDisabling replication on base DN cn=admin data of server
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark opendj2.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkDisabling replication on base DN cn=schema of server
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark opendj2.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkDisabling replication port 8989 of server opendj2.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkRemoving registration information ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkRemoving truststore information ..... Done.
08248b5c5b494aff8d1922e8e0b5777796d7450dmarkfor a detailed log of this operation.</computeroutput>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>With the server no longer receiving traffic or accepting updates
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark from clients, and no longer replicating to other servers, you can shut it
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark down in preparation for the move.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark<computeroutput>Stopping Server...
08248b5c5b494aff8d1922e8e0b5777796d7450dmark... msg=The Directory Server is now stopped</computeroutput>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>You might also choose to remove extra log files from the server
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <filename>logs/</filename> directory before moving the server.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </procedure>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </section>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Now that you have decided to move your server, and prepared for the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark move, you must not only move the files but also fix the configuration and
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark the server certificates, and then enable replication.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Move the contents of the server installation directory to the new
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark location.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>If you must change port numbers, edit the port numbers in
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <filename>config/config.ldif</filename>, carefully avoiding changing
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark any whitespace or other lines in the file.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Change server certificates as described in the chapter on
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark xlink:role="http://docbook.org/xlink/role/olink"><citetitle>Changing
08248b5c5b494aff8d1922e8e0b5777796d7450dmark<computeroutput>... The Directory Server has started successfully</computeroutput>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark$ <userinput>dsreplication \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --adminUID admin \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindPassword password \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --baseDN dc=example,dc=com \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --port1 4444 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindDN1 "cn=Directory Manager" \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindPassword1 password \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --replicationPort1 8989 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --port2 4444 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindDN2 "cn=Directory Manager" \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindPassword2 password \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --replicationPort2 8989 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --trustAll \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --no-prompt</userinput>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark<computeroutput>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkEstablishing connections ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkChecking registration information ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkConfiguring Replication port on server opendj.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkUpdating remote references on server opendj2.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkUpdating replication configuration for baseDN dc=example,dc=com on server
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark opendj.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkUpdating replication configuration for baseDN dc=example,dc=com on server
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark opendj2.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkUpdating registration configuration on server
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark opendj.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkUpdating registration configuration on server
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark opendj2.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkUpdating replication configuration for baseDN cn=schema on server
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark opendj.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkUpdating replication configuration for baseDN cn=schema on server
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark opendj2.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkInitializing registration information on server opendj.example.com:4444 with
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark the contents of server opendj2.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkInitializing schema on server opendj2.example.com:4444 with the contents of
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark server opendj.example.com:4444 ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkReplication has been successfully enabled. Note that for replication to work
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark you must initialize the contents of the base DN's that are being replicated
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark (use dsreplication initialize to do so).
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkSee /tmp/opends-replication-1476402020764482023.log for a detailed log of this
08248b5c5b494aff8d1922e8e0b5777796d7450dmarkoperation.</computeroutput>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark$ <userinput>dsreplication \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark pre-external-initialization \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --adminUID admin \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindPassword password \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --port 4444 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --baseDN dc=example,dc=com \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --trustAll \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --no-prompt</userinput>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark<computeroutput>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkPreparing base DN dc=example,dc=com to be initialized externally ..... Done.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkNow you can proceed to the initialization of the contents of the base DN's on
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark all the replicated servers. You can use the command import-ldif or the binary
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark copy to do so. You must use the same LDIF file or binary copy on each server.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkWhen the initialization is completed you must use the subcommand
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark 'post-external-initialization' for replication to work with the new base DN's
08248b5c5b494aff8d1922e8e0b5777796d7450dmark contents.</computeroutput>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark$ <userinput>dsreplication \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark post-external-initialization \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --adminUID admin \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindPassword password \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --port 4444 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --baseDN dc=example,dc=com \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --trustAll \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --no-prompt</userinput>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark<computeroutput>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkUpdating replication information on base DN dc=example,dc=com ..... Done.
08248b5c5b494aff8d1922e8e0b5777796d7450dmarkPost initialization procedure completed successfully.</computeroutput>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark$ <userinput>dsconfig \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark set-global-configuration-prop \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --port 4444 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindDN "cn=Directory Manager" \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindPassword password \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --set writability-mode:enabled \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --trustAll \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --no-prompt</userinput>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </procedure>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </section>