19.4 Upgrading Hardware or Replacing a Server

This section provides information about transferring or safeguarding eDirectory on a specific server when you upgrade or replace hardware. It is based on information in Backing Up and Restoring NetIQ eDirectory.

The Backup eDirectory Management Tool allows you to prepare eDirectory information on a server for

19.4.1 Planned Hardware or Storage Device Upgrade without Replacing the Server

If you are planning to upgrade hardware such as a storage device or RAM, you prepare by doing a cold backup of eDirectory using the Backup eMTool, as well as a file system backup. This will let you safeguard the server's eDirectory identity and file system data, which has the following benefits:

  • If you are replacing storage devices, the backups let you transfer information from the old storage devices to the new.

  • If you are replacing the storage device that includes the disk partition/volume containing eDirectory, having this backup information lets you use the restore process to re-create the eDirectory database on the new storage device.

  • Doing a cold backup of eDirectory and keeping the database closed afterward means you can upgrade hardware and transfer the database without worrying that the database has changed since the backup.

  • If anything goes wrong, you have backups you can use to recover.

For the eDirectory cold backup, you must use the options to lock and disable eDirectory on the server, preventing any data change after the backup is made. To other servers that communicate with this server, the server appears to be down. Any eDirectory information that is normally sent to the server is stored by other servers in the tree until they can communicate with the server again. The stored information is used to synchronize the server when you bring it back online.

NOTE:Because other servers in the eDirectory tree expect the server to come back online quickly, you should complete the upgrade promptly and open the eDirectory database on the server as soon as possible.

To perform a planned hardware upgrade:

  1. If you are concerned that the upgrade might cause a problem for your server, you might want to prepare another machine to use if necessary.

    See 1. Preparing for a Server Replacement.

  2. Use a Client command like the following to do a cold backup of the eDirectory database and keep the database closed and locked when finished. If you use NICI, make sure to back up the security files too.

    backup -f backup_filename_and_path 
    -l log_filename_and_path -t -c -o -d
    

    If you use NICI, make sure you back up the NICI files. See Backing Up Manually with DSBK and Backup and Restore Command Line Options for more information about using the Client and the switches.

    The eDirectory database is now locked. You must leave it locked so that no new data changes will be made on that server until you finish the procedure.

    Complete the rest of the procedure promptly, to minimize the amount of time that the server is unavailable.

  3. Back up the file system using your backup tool of choice.

    It's important to do this after backing up the database, so that the eDirectory backup files are saved to tape along with the rest of the file system.

  4. Down the server and replace the hardware.

  5. After replacing the hardware, proceed by following the instructions for the kind of hardware change you made:

    If you…

    Perform These General Steps

    Did not make any changes to storage devices

    Bring up the server and unlock the database.

    Replaced storage devices, but the disk partition/volume containing eDirectory was not affected

    1. Bring up the server and eDirectory.

    2. Restore the file system only for the disk partitions/volumes that were on the storage devices you changed.

    3. Unlock the eDirectory database.

    Replaced the storage device that contained eDirectory

    1. Install the operating system if necessary.

    2. Restore the file system on disk partitions that were affected by the storage device change.

    3. Install eDirectory on the new storage device, in a new temporary tree.

    4. Restore eDirectory from backup (which puts it back into the original tree), specifying the option to keep it closed and locked after the restore. Use a command like the following: restore -r -f backup_filename_and_path -l log_filename_and_path. Add the -u option if you backed up the files listed in an include file and restore NICI files seperately.

    5. Unlock the eDirectory database.

    6. If you restored NICI security files, after completing the restore, restart the server to reinitialize the security system.

    7. Check to see whether the server responds as usual. Use iMonitor to check the server and its synchronization.

    8. If you were using roll-forward logging on this server, make sure you re-create the roll-forward logs configuration after the restore is complete. After turning on the roll-forward logs, you must also do a new full backup. The settings are reset to the default after a restore, which means roll-forward logging is turned off. The new full backup is necessary so that you are prepared for any failures that might occur before the next unattended full backup is scheduled to take place.

If the server does not respond as usual, you might need to recover by doing one of the following:

  • Re-create the hardware configuration you had before, because it was working before the change.

  • Transfer this server's identity to another machine using the file system and eDirectory backups you made. See Planned Replacement of a Server.

19.4.2 Planned Replacement of a Server

The following instructions are designed for situations where a server is actually replaced by moving the server's eDirectory identity and file system data onto a different machine. For naming purposes in these instructions, the old server is referred to as Server A, and its replacement is referred to as Server B.

You prepare by doing a cold backup (a backup done while the database is closed) of eDirectory using the Backup eMTool, as well as a file system backup using your tool of choice. This backup information lets you use the restore process to re-create the server on the new machine.

For the eDirectory cold backup, you must use the options to lock and disable eDirectory on Server A, preventing any data change after the backup is made. To other servers that communicate with this server, the server appears to be down. Any eDirectory information that is normally sent to the server is stored by other servers in the tree until they can communicate with the server again. The stored information is used to synchronize the server when you bring it back online on the new machine, Server B.

NOTE:Because other servers in the eDirectory tree expect the server to come back online quickly, you should complete the change and restore eDirectory information on the server as soon as possible.

Follow these general steps to replace a server:

  1. To reduce down time for Server A while you are replacing it, it's best to prepare Server B as much as possible before you begin the replacement, by installing the operating system, etc., as described in 1. Preparing for a Server Replacement.

  2. Do the eDirectory and file system backups on Server A as described in 2. Creating a Backup of eDirectory.

  3. Transfer the information to Server B as described in 3. Restoring eDirectory Information for a Server Replacement.

1. Preparing for a Server Replacement

Use the following checklists for Server A and Server B to determine whether you are ready to replace Server A. Preparing Server B before proceeding will reduce the time the server is down while you transfer from one machine to the other.

Preparation for Server A

  • Make sure that Server A has the latest version of the operating system installed.

  • Make sure the tree for Server A is healthy by running DSRepair on the server that holds the master of the Tree partition and by running time synchronization.

  • Run DSRepair on the database of Server A. Ensure that Server A is synchronized completely.

Preparation for Server B

  • Install the latest version of the operating system. This must be the same operating system as Server A.

  • Install eDirectory, putting Server B in a new temporary tree.

    (Restoring eDirectory during 3. Restoring eDirectory Information for a Server Replacement will put Server B into the original tree that Server A was in.)

Continue with the steps in the next section, 2. Creating a Backup of eDirectory.

2. Creating a Backup of eDirectory

You must create a backup of eDirectory prior to a server replacement. After completing 1. Preparing for a Server Replacement, use the Client to do a cold backup of the eDirectory database on Server A, using the advanced options to disable and lock the database after the backup.

To create a cold backup (a backup done while the database is closed) of eDirectory and keep the database closed afterward:

  1. Make sure you have completed 1. Preparing for a Server Replacement.

  2. Do a cold backup of the eDirectory database on Server A and keep the database closed and locked when finished, by using a backup command like the following in the Client with the -c, -o, and -d switches:

    backup -f backup_filename_and_path -l log_filename_and_path -t -c -o -d

    If you use NICI, make sure you back up the NICI files. See Backing Up Manually with DSBK and Backup and Restore Command Line Options for more information about using the Client and the switches.

    Server A's eDirectory database is now locked. You must leave it locked so that no new data changes will be made on that server until you bring it back into the tree by restoring onto Server B.

    Complete the rest of the server upgrade or replacement procedure promptly, to minimize the amount of time that the server is unavailable.

  3. Make a full backup of Server A's file system.

    It's important to do the file system backup after backing up the database, so that the eDirectory backup files are saved to tape along with the rest of the file system.

    For complete information on using SMS, see the Storage Management Services Administration Guide.

  4. Lock the eDirectory database on Server A and unplug Server A from the network.

    Continue with the steps in 3. Restoring eDirectory Information for a Server Replacement.

3. Restoring eDirectory Information for a Server Replacement

To transfer Server A's eDirectory identity and file system to Server B:

  1. Make sure you have completed 1. Preparing for a Server Replacement and 2. Creating a Backup of eDirectory.

  2. Make sure Server B is up and eDirectory is running.

  3. Use restore to transfer Server A's eDirectory identity and file system to Server B:

    1. Copy the eDirectory cold backup files created for Server A to Server B.

      The backup files can be made much smaller using a third-party file compression tool, because they compress well. This could help you copy the files faster.

    2. Restore the eDirectory database from Server A onto Server B using the eDirectory backup files you copied. In the command line client, use a command like the following:

      restore -r -f backup_filename_and_path -l log_filename_and_path

      If you use NICI, make sure you restore the NICI files. Add the -u option if you backed up files listed in an include file. See Restoring from Backup Files with DSBK and Backup and Restore Command Line Options for more information about using the Client and the switches.

      No roll-forward logs need to be included in the restore, because you did a cold backup and kept the database closed afterward. No transactions have occurred in the database because it's closed, so no roll-forward logs have been created since the backup.

    3. Transfer Server A's file system data onto Server B, from backup.

  4. If you use NICI, restart the server to reinitialize NICI so it will use the restored NICI security files.

  5. Unlock the eDirectory database.

  6. After completing the restore, check to see whether Server B has successfully taken on Server A's identity and is responding as usual. Use iMonitor to check the server and its synchronization.

    If the server responds as usual, you are finished with the server replacement. You can now uninstall eDirectory from Server A to remove its eDirectory identity, then use the machine for another purpose. Do not bring Server A back up on the network until you remove eDirectory, or it will cause confusion in the network with eDirectory synchronization because Server A and Server B will compete for the same identity.

  7. (Conditional) If you were using roll-forward logging on this server, make sure you re-create the roll-forward logs configuration after the restore is complete. After turning on the roll-forward logs, you must also do a new full backup.

    The settings are reset to the default after a restore, which means roll-forward logging is turned off. The new full backup is necessary so that you are prepared for any failures that might occur before the next unattended full backup is scheduled to take place.

If Server B does not work correctly and you need Server A's identity and file system to be available right away, you can do the following:

  1. Unplug Server B's network cable or down the server.

  2. Reattach Server A to the network, start it, then open the eDirectory database.

    Ignore system messages requesting you to run DSRepair.

  3. Remove eDirectory from Server B and try the upgrade again.

19.4.3 Server IP Address Changes

Usually the server's IP address is static. When it changes you need to update the nds.conf file for all the eDirectory instances with the new IP address. nds.conf should use the interface name instead of IP address if the IP address changes frequently.

For example: n4u.server.interfaces=eth0@1524

After an IP address change, a server's IP-based Key Material Objects (KMO) will not be automatically updated. Though deleting the old KMOs (with IP in their name) is not necessary, it helps to keep the tree clean. Run the ndsconfig upgrade command to recreate your KMOs and link them with the NCP Server and LDAP Server objects.

NOTE:Running ndsconfig upgrade restarts your eDirectory instance.

Now the server continues to listen on the new address. Run DSRepair network repair options if there are multiple servers in the tree:

ndsrepair -N

After running the repair options, restart the eDirectory server.

For more information on server IP address changes, refer to TID# 3201067