root / doc / move-instance.rst @ 30d25dd8
History | View | Annotate | Download (3.8 kB)
1 |
================================= |
---|---|
2 |
Moving instances between clusters |
3 |
================================= |
4 |
|
5 |
Starting with Ganeti 2.2, instances can be moved between separate Ganeti |
6 |
clusters using a new tool, ``move-instance``. The tool has a number of |
7 |
features: |
8 |
|
9 |
- Moving a single or multiple instances |
10 |
- Moving instances in parallel (``--parallel`` option) |
11 |
- Renaming instance (only when moving a single instance) |
12 |
- SSL certificate verification for RAPI connections |
13 |
|
14 |
The design of the inter-cluster instances moves is described in detail |
15 |
in the :doc:`Ganeti 2.2 design document <design-2.2>`. The instance move |
16 |
tool talks to the Ganeti clusters via RAPI and can run on any machine |
17 |
which can connect to the cluster's RAPI. Despite their similar name, the |
18 |
instance move tool should not be confused with the ``gnt-instance move`` |
19 |
command, which is used to move without changes (instead of export/import |
20 |
plus rename) an instance within the cluster. |
21 |
|
22 |
|
23 |
Configuring clusters for instance moves |
24 |
--------------------------------------- |
25 |
|
26 |
To prevent third parties from accessing the instance data, all data |
27 |
exchanged between the clusters is signed using a secret key, the |
28 |
"cluster domain secret". It is recommended to assign the same domain |
29 |
secret to all clusters of the same security domain, so that instances |
30 |
can be easily moved between them. By checking the signatures, the |
31 |
destination cluster can be sure the third party (e.g. this tool) didn't |
32 |
modify the received crypto keys and connection information. |
33 |
|
34 |
.. highlight:: sh |
35 |
|
36 |
To create a new, random cluster domain secret, run the following command |
37 |
on the master node:: |
38 |
|
39 |
gnt-cluster renew-crypto --new-cluster-domain-secret |
40 |
|
41 |
|
42 |
To set the cluster domain secret, run the following command on the |
43 |
master node:: |
44 |
|
45 |
gnt-cluster renew-crypto --cluster-domain-secret=/.../ganeti.cds |
46 |
|
47 |
|
48 |
Moving instances |
49 |
---------------- |
50 |
|
51 |
As soon as the clusters share a cluster domain secret, instances can be |
52 |
moved. The tool usage is as follows:: |
53 |
|
54 |
move-instance [options] <source-cluster> <destination-cluster> <instance-name...> |
55 |
|
56 |
Multiple instances can be moved with one invocation of the instance move |
57 |
tool, though a few options are only available when moving a single |
58 |
instance. |
59 |
|
60 |
The most important options are listed below. Unless specified otherwise, |
61 |
destination-related options default to the source value (e.g. setting |
62 |
``--src-rapi-port=1234`` will make ``--dest-rapi-port``'s default 1234). |
63 |
|
64 |
``--src-rapi-port``/``--dest-rapi-port`` |
65 |
RAPI server TCP port, defaults to 5080. |
66 |
``--src-ca-file``/``--dest-ca-file`` |
67 |
Path to file containing source cluster Certificate Authority (CA) in |
68 |
PEM format. For self-signed certificates, this is the certificate |
69 |
itself. For certificates signed by a third party CA, the complete |
70 |
chain must be in the file (see documentation for |
71 |
``SSL_CTX_load_verify_locations(3)``). |
72 |
``--src-username``/``--dest-username`` |
73 |
RAPI username, must have write access to cluster. |
74 |
``--src-password-file``/``--dest-password-file`` |
75 |
Path to file containing RAPI password (make sure to restrict access to |
76 |
this file). |
77 |
``--dest-instance-name`` |
78 |
When moving a single instance: Change name of instance on destination |
79 |
cluster. |
80 |
``--dest-primary-node`` |
81 |
When moving a single instance: Primary node on destination cluster. |
82 |
``--dest-secondary-node`` |
83 |
When moving a single instance: Secondary node on destination cluster. |
84 |
``--iallocator`` |
85 |
Iallocator for creating instance on destination cluster. |
86 |
``--hypervisor-parameters``/``--backend-parameters``/``--os-parameters``/``--net`` |
87 |
When moving a single instance: Override instances' parameters. |
88 |
``--parallel`` |
89 |
Number of instance moves to run in parallel. |
90 |
``--verbose``/``--debug`` |
91 |
Increase output verbosity. |
92 |
|
93 |
The exit value of the tool is zero if and only if all instance moves |
94 |
were successful. |
95 |
|
96 |
.. vim: set textwidth=72 : |
97 |
.. Local Variables: |
98 |
.. mode: rst |
99 |
.. fill-column: 72 |
100 |
.. End: |