Statistics
| Branch: | Tag: | Revision:

root / doc / move-instance.rst @ 54f834df

History | View | Annotate | Download (3.8 kB)

1 6bf273d5 Michael Hanselmann
=================================
2 6bf273d5 Michael Hanselmann
Moving instances between clusters
3 6bf273d5 Michael Hanselmann
=================================
4 6bf273d5 Michael Hanselmann
5 6bf273d5 Michael Hanselmann
Starting with Ganeti 2.2, instances can be moved between separate Ganeti
6 6bf273d5 Michael Hanselmann
clusters using a new tool, ``move-instance``. The tool has a number of
7 6bf273d5 Michael Hanselmann
features:
8 6bf273d5 Michael Hanselmann
9 6bf273d5 Michael Hanselmann
- Moving a single or multiple instances
10 6bf273d5 Michael Hanselmann
- Moving instances in parallel (``--parallel`` option)
11 6bf273d5 Michael Hanselmann
- Renaming instance (only when moving a single instance)
12 6bf273d5 Michael Hanselmann
- SSL certificate verification for RAPI connections
13 6bf273d5 Michael Hanselmann
14 6bf273d5 Michael Hanselmann
The design of the inter-cluster instances moves is described in detail
15 6bf273d5 Michael Hanselmann
in the :doc:`Ganeti 2.2 design document <design-2.2>`. The instance move
16 6bf273d5 Michael Hanselmann
tool talks to the Ganeti clusters via RAPI and can run on any machine
17 6bf273d5 Michael Hanselmann
which can connect to the cluster's RAPI. Despite their similar name, the
18 6bf273d5 Michael Hanselmann
instance move tool should not be confused with the ``gnt-instance move``
19 6bf273d5 Michael Hanselmann
command, which is used to move without changes (instead of export/import
20 6bf273d5 Michael Hanselmann
plus rename) an instance within the cluster.
21 6bf273d5 Michael Hanselmann
22 6bf273d5 Michael Hanselmann
23 6bf273d5 Michael Hanselmann
Configuring clusters for instance moves
24 6bf273d5 Michael Hanselmann
---------------------------------------
25 6bf273d5 Michael Hanselmann
26 6bf273d5 Michael Hanselmann
To prevent third parties from accessing the instance data, all data
27 6bf273d5 Michael Hanselmann
exchanged between the clusters is signed using a secret key, the
28 6bf273d5 Michael Hanselmann
"cluster domain secret". It is recommended to assign the same domain
29 6bf273d5 Michael Hanselmann
secret to all clusters of the same security domain, so that instances
30 6bf273d5 Michael Hanselmann
can be easily moved between them. By checking the signatures, the
31 6bf273d5 Michael Hanselmann
destination cluster can be sure the third party (e.g. this tool) didn't
32 6bf273d5 Michael Hanselmann
modify the received crypto keys and connection information.
33 6bf273d5 Michael Hanselmann
34 6bf273d5 Michael Hanselmann
.. highlight:: sh
35 6bf273d5 Michael Hanselmann
36 6bf273d5 Michael Hanselmann
To create a new, random cluster domain secret, run the following command
37 6bf273d5 Michael Hanselmann
on the master node::
38 6bf273d5 Michael Hanselmann
39 6bf273d5 Michael Hanselmann
  gnt-cluster renew-crypto --new-cluster-domain-secret
40 6bf273d5 Michael Hanselmann
41 6bf273d5 Michael Hanselmann
42 6bf273d5 Michael Hanselmann
To set the cluster domain secret, run the following command on the
43 6bf273d5 Michael Hanselmann
master node::
44 6bf273d5 Michael Hanselmann
45 6bf273d5 Michael Hanselmann
  gnt-cluster renew-crypto --cluster-domain-secret=/.../ganeti.cds
46 6bf273d5 Michael Hanselmann
47 6bf273d5 Michael Hanselmann
48 6bf273d5 Michael Hanselmann
Moving instances
49 6bf273d5 Michael Hanselmann
----------------
50 6bf273d5 Michael Hanselmann
51 6bf273d5 Michael Hanselmann
As soon as the clusters share a cluster domain secret, instances can be
52 6bf273d5 Michael Hanselmann
moved. The tool usage is as follows::
53 6bf273d5 Michael Hanselmann
54 6bf273d5 Michael Hanselmann
  move-instance [options] <source-cluster> <destination-cluster> <instance-name...>
55 6bf273d5 Michael Hanselmann
56 6bf273d5 Michael Hanselmann
Multiple instances can be moved with one invocation of the instance move
57 6bf273d5 Michael Hanselmann
tool, though a few options are only available when moving a single
58 6bf273d5 Michael Hanselmann
instance.
59 6bf273d5 Michael Hanselmann
60 6bf273d5 Michael Hanselmann
The most important options are listed below. Unless specified otherwise,
61 6bf273d5 Michael Hanselmann
destination-related options default to the source value (e.g. setting
62 6bf273d5 Michael Hanselmann
``--src-rapi-port=1234`` will make ``--dest-rapi-port``'s default 1234).
63 6bf273d5 Michael Hanselmann
64 6bf273d5 Michael Hanselmann
``--src-rapi-port``/``--dest-rapi-port``
65 6bf273d5 Michael Hanselmann
  RAPI server TCP port, defaults to 5080.
66 6bf273d5 Michael Hanselmann
``--src-ca-file``/``--dest-ca-file``
67 6bf273d5 Michael Hanselmann
  Path to file containing source cluster Certificate Authority (CA) in
68 6bf273d5 Michael Hanselmann
  PEM format. For self-signed certificates, this is the certificate
69 6bf273d5 Michael Hanselmann
  itself. For certificates signed by a third party CA, the complete
70 6bf273d5 Michael Hanselmann
  chain must be in the file (see documentation for
71 6bf273d5 Michael Hanselmann
  ``SSL_CTX_load_verify_locations(3)``).
72 6bf273d5 Michael Hanselmann
``--src-username``/``--dest-username``
73 6bf273d5 Michael Hanselmann
  RAPI username, must have write access to cluster.
74 6bf273d5 Michael Hanselmann
``--src-password-file``/``--dest-password-file``
75 6bf273d5 Michael Hanselmann
  Path to file containing RAPI password (make sure to restrict access to
76 6bf273d5 Michael Hanselmann
  this file).
77 6bf273d5 Michael Hanselmann
``--dest-instance-name``
78 6bf273d5 Michael Hanselmann
  When moving a single instance: Change name of instance on destination
79 6bf273d5 Michael Hanselmann
  cluster.
80 6bf273d5 Michael Hanselmann
``--dest-primary-node``
81 6bf273d5 Michael Hanselmann
  When moving a single instance: Primary node on destination cluster.
82 6bf273d5 Michael Hanselmann
``--dest-secondary-node``
83 6bf273d5 Michael Hanselmann
  When moving a single instance: Secondary node on destination cluster.
84 6bf273d5 Michael Hanselmann
``--iallocator``
85 6bf273d5 Michael Hanselmann
  Iallocator for creating instance on destination cluster.
86 a111ebde Michael Hanselmann
``--hypervisor-parameters``/``--backend-parameters``/``--os-parameters``/``--net``
87 a111ebde Michael Hanselmann
  When moving a single instance: Override instances' parameters.
88 6bf273d5 Michael Hanselmann
``--parallel``
89 6bf273d5 Michael Hanselmann
  Number of instance moves to run in parallel.
90 6bf273d5 Michael Hanselmann
``--verbose``/``--debug``
91 6bf273d5 Michael Hanselmann
  Increase output verbosity.
92 6bf273d5 Michael Hanselmann
93 6bf273d5 Michael Hanselmann
The exit value of the tool is zero if and only if all instance moves
94 6bf273d5 Michael Hanselmann
were successful.
95 6bf273d5 Michael Hanselmann
96 6bf273d5 Michael Hanselmann
.. vim: set textwidth=72 :
97 6bf273d5 Michael Hanselmann
.. Local Variables:
98 6bf273d5 Michael Hanselmann
.. mode: rst
99 6bf273d5 Michael Hanselmann
.. fill-column: 72
100 6bf273d5 Michael Hanselmann
.. End: