Revision 1bf1ce3f doc/move-instance.rst
b/doc/move-instance.rst | ||
---|---|---|
31 | 31 |
destination cluster can be sure the third party (e.g. this tool) didn't |
32 | 32 |
modify the received crypto keys and connection information. |
33 | 33 |
|
34 |
.. highlight:: sh |
|
34 |
.. highlight:: shell-example
|
|
35 | 35 |
|
36 | 36 |
To create a new, random cluster domain secret, run the following command |
37 | 37 |
on the master node:: |
38 | 38 |
|
39 |
gnt-cluster renew-crypto --new-cluster-domain-secret |
|
39 |
$ gnt-cluster renew-crypto --new-cluster-domain-secret
|
|
40 | 40 |
|
41 | 41 |
|
42 |
To set the cluster domain secret, run the following command on the
|
|
43 |
master node:: |
|
42 |
To read and set the cluster domain secret from the contents of a file,
|
|
43 |
run the following command on the master node::
|
|
44 | 44 |
|
45 |
gnt-cluster renew-crypto --cluster-domain-secret=/.../ganeti.cds |
|
45 |
$ gnt-cluster renew-crypto --cluster-domain-secret=%/.../ganeti.cds% |
|
46 |
|
|
47 |
More information about the ``renew-crypto`` command can be found in |
|
48 |
:manpage:`gnt-cluster(8)`. |
|
46 | 49 |
|
47 | 50 |
|
48 | 51 |
Moving instances |
... | ... | |
51 | 54 |
As soon as the clusters share a cluster domain secret, instances can be |
52 | 55 |
moved. The tool usage is as follows:: |
53 | 56 |
|
54 |
move-instance [options] <source-cluster> <destination-cluster> <instance-name...>
|
|
57 |
$ move-instance %[options]% %source-cluster% %destination-cluster% %instance-name...%
|
|
55 | 58 |
|
56 | 59 |
Multiple instances can be moved with one invocation of the instance move |
57 | 60 |
tool, though a few options are only available when moving a single |
... | ... | |
68 | 71 |
PEM format. For self-signed certificates, this is the certificate |
69 | 72 |
itself. For certificates signed by a third party CA, the complete |
70 | 73 |
chain must be in the file (see documentation for |
71 |
``SSL_CTX_load_verify_locations(3)``).
|
|
74 |
:manpage:`SSL_CTX_load_verify_locations(3)`).
|
|
72 | 75 |
``--src-username``/``--dest-username`` |
73 | 76 |
RAPI username, must have write access to cluster. |
74 | 77 |
``--src-password-file``/``--dest-password-file`` |
Also available in: Unified diff