Revision 1bf1ce3f doc/move-instance.rst

b/doc/move-instance.rst
31 31 
destination cluster can be sure the third party (e.g. this tool) didn't
32 32 
modify the received crypto keys and connection information.
33 33 

  		





  34
  
  
    
.. highlight:: sh


  		





  
  34
  
    
.. highlight:: shell-example


  		





  35
  35
  
    

  		





  36
  36
  
    
To create a new, random cluster domain secret, run the following command


  		





  37
  37
  
    
on the master node::


  		





  38
  38
  
    

  		





  39
  
  
    
  gnt-cluster renew-crypto --new-cluster-domain-secret


  		





  
  39
  
    
  $ gnt-cluster renew-crypto --new-cluster-domain-secret


  		





  40
  40
  
    

  		





  41
  41
  
    

  		





  42
  
  
    
To set the cluster domain secret, run the following command on the


  		





  43
  
  
    
master node::


  		





  
  42
  
    
To read and set the cluster domain secret from the contents of a file,


  		





  
  43
  
    
run the following command on the master node::


  		





  44
  44
  
    

  		





  45
  
  
    
  gnt-cluster renew-crypto --cluster-domain-secret=/.../ganeti.cds


  		





  
  45
  
    
  $ gnt-cluster renew-crypto --cluster-domain-secret=%/.../ganeti.cds%


  		





  
  46
  
    

  		





  
  47
  
    
More information about the ``renew-crypto`` command can be found in


  		





  
  48
  
    
:manpage:`gnt-cluster(8)`.


  		





  46
  49
  
    

  		





  47
  50
  
    

  		





  48
  51
  
    
Moving instances


  		





  ......




  51
  54
  
    
As soon as the clusters share a cluster domain secret, instances can be


  		





  52
  55
  
    
moved. The tool usage is as follows::


  		





  53
  56
  
    

  		





  54
  
  
    
  move-instance [options] <source-cluster> <destination-cluster> <instance-name...>


  		





  
  57
  
    
  $ move-instance %[options]% %source-cluster% %destination-cluster% %instance-name...%


  		





  55
  58
  
    

  		





  56
  59
  
    
Multiple instances can be moved with one invocation of the instance move


  		





  57
  60
  
    
tool, though a few options are only available when moving a single


  		





  ......




  68
  71
  
    
  PEM format. For self-signed certificates, this is the certificate


  		





  69
  72
  
    
  itself. For certificates signed by a third party CA, the complete


  		





  70
  73
  
    
  chain must be in the file (see documentation for


  		





  71
  
  
    
  ``SSL_CTX_load_verify_locations(3)``).


  		





  
  74
  
    
  :manpage:`SSL_CTX_load_verify_locations(3)`).


  		





  72
  75
  
    
``--src-username``/``--dest-username``


  		





  73
  76
  
    
  RAPI username, must have write access to cluster.


  		





  74
  77
  
    
``--src-password-file``/``--dest-password-file``


  		












Also available in:
  Unified diff