root / doc / move-instance.rst @ 18e2b6e4
History | View | Annotate | Download (3.8 kB)
1 | 6bf273d5 | Michael Hanselmann | ================================= |
---|---|---|---|
2 | 6bf273d5 | Michael Hanselmann | Moving instances between clusters |
3 | 6bf273d5 | Michael Hanselmann | ================================= |
4 | 6bf273d5 | Michael Hanselmann | |
5 | 6bf273d5 | Michael Hanselmann | Starting with Ganeti 2.2, instances can be moved between separate Ganeti |
6 | 6bf273d5 | Michael Hanselmann | clusters using a new tool, ``move-instance``. The tool has a number of |
7 | 6bf273d5 | Michael Hanselmann | features: |
8 | 6bf273d5 | Michael Hanselmann | |
9 | 6bf273d5 | Michael Hanselmann | - Moving a single or multiple instances |
10 | 6bf273d5 | Michael Hanselmann | - Moving instances in parallel (``--parallel`` option) |
11 | 6bf273d5 | Michael Hanselmann | - Renaming instance (only when moving a single instance) |
12 | 6bf273d5 | Michael Hanselmann | - SSL certificate verification for RAPI connections |
13 | 6bf273d5 | Michael Hanselmann | |
14 | 6bf273d5 | Michael Hanselmann | The design of the inter-cluster instances moves is described in detail |
15 | 6bf273d5 | Michael Hanselmann | in the :doc:`Ganeti 2.2 design document <design-2.2>`. The instance move |
16 | 6bf273d5 | Michael Hanselmann | tool talks to the Ganeti clusters via RAPI and can run on any machine |
17 | 6bf273d5 | Michael Hanselmann | which can connect to the cluster's RAPI. Despite their similar name, the |
18 | 6bf273d5 | Michael Hanselmann | instance move tool should not be confused with the ``gnt-instance move`` |
19 | 6bf273d5 | Michael Hanselmann | command, which is used to move without changes (instead of export/import |
20 | 6bf273d5 | Michael Hanselmann | plus rename) an instance within the cluster. |
21 | 6bf273d5 | Michael Hanselmann | |
22 | 6bf273d5 | Michael Hanselmann | |
23 | 6bf273d5 | Michael Hanselmann | Configuring clusters for instance moves |
24 | 6bf273d5 | Michael Hanselmann | --------------------------------------- |
25 | 6bf273d5 | Michael Hanselmann | |
26 | 6bf273d5 | Michael Hanselmann | To prevent third parties from accessing the instance data, all data |
27 | 6bf273d5 | Michael Hanselmann | exchanged between the clusters is signed using a secret key, the |
28 | 6bf273d5 | Michael Hanselmann | "cluster domain secret". It is recommended to assign the same domain |
29 | 6bf273d5 | Michael Hanselmann | secret to all clusters of the same security domain, so that instances |
30 | 6bf273d5 | Michael Hanselmann | can be easily moved between them. By checking the signatures, the |
31 | 6bf273d5 | Michael Hanselmann | destination cluster can be sure the third party (e.g. this tool) didn't |
32 | 6bf273d5 | Michael Hanselmann | modify the received crypto keys and connection information. |
33 | 6bf273d5 | Michael Hanselmann | |
34 | 6bf273d5 | Michael Hanselmann | .. highlight:: sh |
35 | 6bf273d5 | Michael Hanselmann | |
36 | 6bf273d5 | Michael Hanselmann | To create a new, random cluster domain secret, run the following command |
37 | 6bf273d5 | Michael Hanselmann | on the master node:: |
38 | 6bf273d5 | Michael Hanselmann | |
39 | 6bf273d5 | Michael Hanselmann | gnt-cluster renew-crypto --new-cluster-domain-secret |
40 | 6bf273d5 | Michael Hanselmann | |
41 | 6bf273d5 | Michael Hanselmann | |
42 | 6bf273d5 | Michael Hanselmann | To set the cluster domain secret, run the following command on the |
43 | 6bf273d5 | Michael Hanselmann | master node:: |
44 | 6bf273d5 | Michael Hanselmann | |
45 | 6bf273d5 | Michael Hanselmann | gnt-cluster renew-crypto --cluster-domain-secret=/.../ganeti.cds |
46 | 6bf273d5 | Michael Hanselmann | |
47 | 6bf273d5 | Michael Hanselmann | |
48 | 6bf273d5 | Michael Hanselmann | Moving instances |
49 | 6bf273d5 | Michael Hanselmann | ---------------- |
50 | 6bf273d5 | Michael Hanselmann | |
51 | 6bf273d5 | Michael Hanselmann | As soon as the clusters share a cluster domain secret, instances can be |
52 | 6bf273d5 | Michael Hanselmann | moved. The tool usage is as follows:: |
53 | 6bf273d5 | Michael Hanselmann | |
54 | 6bf273d5 | Michael Hanselmann | move-instance [options] <source-cluster> <destination-cluster> <instance-name...> |
55 | 6bf273d5 | Michael Hanselmann | |
56 | 6bf273d5 | Michael Hanselmann | Multiple instances can be moved with one invocation of the instance move |
57 | 6bf273d5 | Michael Hanselmann | tool, though a few options are only available when moving a single |
58 | 6bf273d5 | Michael Hanselmann | instance. |
59 | 6bf273d5 | Michael Hanselmann | |
60 | 6bf273d5 | Michael Hanselmann | The most important options are listed below. Unless specified otherwise, |
61 | 6bf273d5 | Michael Hanselmann | destination-related options default to the source value (e.g. setting |
62 | 6bf273d5 | Michael Hanselmann | ``--src-rapi-port=1234`` will make ``--dest-rapi-port``'s default 1234). |
63 | 6bf273d5 | Michael Hanselmann | |
64 | 6bf273d5 | Michael Hanselmann | ``--src-rapi-port``/``--dest-rapi-port`` |
65 | 6bf273d5 | Michael Hanselmann | RAPI server TCP port, defaults to 5080. |
66 | 6bf273d5 | Michael Hanselmann | ``--src-ca-file``/``--dest-ca-file`` |
67 | 6bf273d5 | Michael Hanselmann | Path to file containing source cluster Certificate Authority (CA) in |
68 | 6bf273d5 | Michael Hanselmann | PEM format. For self-signed certificates, this is the certificate |
69 | 6bf273d5 | Michael Hanselmann | itself. For certificates signed by a third party CA, the complete |
70 | 6bf273d5 | Michael Hanselmann | chain must be in the file (see documentation for |
71 | 6bf273d5 | Michael Hanselmann | ``SSL_CTX_load_verify_locations(3)``). |
72 | 6bf273d5 | Michael Hanselmann | ``--src-username``/``--dest-username`` |
73 | 6bf273d5 | Michael Hanselmann | RAPI username, must have write access to cluster. |
74 | 6bf273d5 | Michael Hanselmann | ``--src-password-file``/``--dest-password-file`` |
75 | 6bf273d5 | Michael Hanselmann | Path to file containing RAPI password (make sure to restrict access to |
76 | 6bf273d5 | Michael Hanselmann | this file). |
77 | 6bf273d5 | Michael Hanselmann | ``--dest-instance-name`` |
78 | 6bf273d5 | Michael Hanselmann | When moving a single instance: Change name of instance on destination |
79 | 6bf273d5 | Michael Hanselmann | cluster. |
80 | 6bf273d5 | Michael Hanselmann | ``--dest-primary-node`` |
81 | 6bf273d5 | Michael Hanselmann | When moving a single instance: Primary node on destination cluster. |
82 | 6bf273d5 | Michael Hanselmann | ``--dest-secondary-node`` |
83 | 6bf273d5 | Michael Hanselmann | When moving a single instance: Secondary node on destination cluster. |
84 | 6bf273d5 | Michael Hanselmann | ``--iallocator`` |
85 | 6bf273d5 | Michael Hanselmann | Iallocator for creating instance on destination cluster. |
86 | a111ebde | Michael Hanselmann | ``--hypervisor-parameters``/``--backend-parameters``/``--os-parameters``/``--net`` |
87 | a111ebde | Michael Hanselmann | When moving a single instance: Override instances' parameters. |
88 | 6bf273d5 | Michael Hanselmann | ``--parallel`` |
89 | 6bf273d5 | Michael Hanselmann | Number of instance moves to run in parallel. |
90 | 6bf273d5 | Michael Hanselmann | ``--verbose``/``--debug`` |
91 | 6bf273d5 | Michael Hanselmann | Increase output verbosity. |
92 | 6bf273d5 | Michael Hanselmann | |
93 | 6bf273d5 | Michael Hanselmann | The exit value of the tool is zero if and only if all instance moves |
94 | 6bf273d5 | Michael Hanselmann | were successful. |
95 | 6bf273d5 | Michael Hanselmann | |
96 | 6bf273d5 | Michael Hanselmann | .. vim: set textwidth=72 : |
97 | 6bf273d5 | Michael Hanselmann | .. Local Variables: |
98 | 6bf273d5 | Michael Hanselmann | .. mode: rst |
99 | 6bf273d5 | Michael Hanselmann | .. fill-column: 72 |
100 | 6bf273d5 | Michael Hanselmann | .. End: |