Environment
Novell eDirectory 8.8 for NetWare 6.5
Novell eDirectory 8.7.3.5 and greater for NetWare 6.5
Novell Open Enterprise Server 2 (OES 2)
Situation
The eDirectory migration process using migedir
Considerations:- This tool does not migrate volumes or user's data from a NetWare server to an OES2 Linux server.
- IP address and DNS migrations are not performed by the eDirectory migration utility.
- Only the eDirectory instance will be migrated. Applications depending on eDirectory will not.
- Only the target server will be available after the migration. The source server will be locked.You should not use this migration methodology if both servers need to be available during the migration operation.
The eDirectory migration from NetWare requires both the migration of eDirectory data and the server identity to provide seamless accessibility after the migration. The eDirectory migration utility, provided with eDirectory 8.8 SP2 (the migedir command line utility), performs:
- Pre-migration tasks and health validations
- The health and state of the replicas in the rings are verified.
- Configuration information for the server being migrated is collected and written to a configuration file to be used by other operations during the migration.
- Time synchronization is verified between the source and target servers.
- The target server is checked for any existing eDirectory instances. If an instance exists, the user is prompted to allow the deletion of the instance. The existing instance is removed before proceeding with the migration.
- eDirectory backup on the source server and migration to the target server.
- The utility migrates the eDirectory instance based on the collected configuration information. This involves backing up the source server's data, locking the eDirectory instance on the source server, migrating data (all eDirectory objects) to the target server, and restoring the eDirectory instance on the target server. Dependent NICI files are also migrated.
- The utility also configures the local instance on the target server with the source server details obtained during the previous checks.
- Post-migration tasks After migration, the following tasks are performed by the utility:
- The nds.conf configuration file is modified with the source server eDirectory instance information, such as tree name and server name.
- The eDirectory instance on the target server is restarted so it can use the new data.
- Network address repair is performed to start the synchronization of the new IP address in the replica ring.
Important: Even though eDirectory migration using migedir is tested and certified by Novell test labs, it is not a complete solution for migrating from NetWare to Linux. The migedir utility is intended as a standalone migration utility to be used when you want to migrate eDirectory alone and can't be used in concert with any of the other OES Migration Tools. Once the migedir utility is used, the services on the source server (NetWare 6.5) are no longer available. Compatibility issues with other utilities are scheduled to be addressed in OES 2 SP1, but until then you must choose between using migedir and using other OES Migration Tools.
Resolution
MIGRATION PROCESS
Prerequisites:
Process:
Prerequisites:
- Source NetWare Server
- The source NetWare server should be running and should not be part of any partition operation at the time of the migration.
- The source has to be eDirectory 8.7.3 IR5 or greater
- Copy the NFK file from the install NetWare 6.5 CD to sys:\system and rename it to sys:\system\nicifk
- Linux Target Server
- The target server must be running OES 2 Linux.
- Do not install any OES2 components on the target server except for eDirectory.
- eDirectory 8.8 SP2 needs to be installed. You can install and configure eDirectory through YaST | Open Enterprise Server | OES Install and Configuration.
- The default eDirectory 8.8 SP2 instance must already be configured and be active (this instance will be overwritten during the migration).
- The target Linux server must be able to access the NetWare server remotely. (The eDirectory migration utility runs only on the target server.)
Valid Platforms:
The eDirectory migration utility is designed to run only on OES 2 Linux, which is the target platform for migration. Hardware and supported platform requirements are the same as those for OES 2 Linux.
Process:
- Run the migedir utility by entering the following command on the target server: migedir -s <IP address> [-A <log directory name>] [-t] [-v] [-h] The utility takes the following command line options:
Option Description -s <IP address> Specifies the IP address of the source server containing the eDirectory instance to be migrated. This is a mandatory parameter. -A directory name Enables auditing. Directory name specifies the directory in which log files should be created. -t Tests the validity of the input parameters. This option verifies the IP address; however, it does not perform the actual migration.
-v Enables the verbose mode. -h Prints help about using this utility.
- Follow the on-screen display as the utility performs the migration.
Handling Failures
During migration, the database on the source server is locked to avoid running multiple copies of the instance on the source and target servers at the same time. Running multiple instances can lead to data inconsistency. If the process fails, and if you intend to bring up the source server again, you need to perform the following tasks:
- Remove the partially migrated eDirectory instance on the target server.Refer to "Removing a Server Object and Directory Services from a Tree" in the Novell eDirectory 8.8 Administration Guide for more information.
- Restore and unlock the database in the source server. The database backup is saved in the sys:ni/data folder.Refer to Section 15.0, "Backing Up and Restoring Novell eDirectory" in the Novell eDirectory 8.8 Administration Guide for more information.
Post Migration Procedures
After migration, the target eDirectory instance listens on the IP address of the target server and not on the source server’s address. Allow additional time after migration for the eDirectory instance to synchronize the new IP address in the replica ring. Successful eDirectory migration can be verified by performing eDirectory operations on the new IP address.
Important: If you want to use the existing security certificates, you must change the IP address of the target server to that of the source server. If you don’t want to do this, you must issue new certificates.
If you change the IP address of the target server after migration, you must modify the nds.conf file, restart the eDirectory instance, and repair the network address and partitions replica manually. For more information on repairing eDirectory instances, refer to Section 11.9, "Advanced DSRepair Options" in the Novell eDirectory 8.8 Administration Guide.
Additional Information
Migration example from the perspective of the OES2 Linux server
nts137 is the OES2 target server
The tree temp-tree is the temporary instance running on the target server
IP of the target server is 151.155.134.137
nts144 is the source server in production
The tree NTS144-TREE is the production tree
IP of production source server is 151.155.134.144
*************************************************
nts137:/# migedir -s 151.155.134.144 -A /tmp/edirmig3 -v
eDirectory migration utility for Linux
version: 1.0 for OES Linux 2.0
Copyright (c) 2007, Novell Inc. All rights reserved.
Auditing enabled to /tmp/edirmig3
source server reachable
eDirectory running on NetWare
Enter source server credentials
admin DN(e.g: admin.novell): admin.novell
password:
Target server details:
eDirectory packages already Installed
eDirectory instance already configured with following details:
[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: nts137.OU=servers.O=temp.TEMP-TREE
Tree Name: TEMP-TREE
Server Name: .CN=nts137.OU=servers.O=temp.T=TEMP-TREE.
Binary Version: 20216.63
Root Most Entry Depth: 0
Product Version: eDirectory for Linux v8.8 SP2 [DS]
This instance along with data will be lost after migrating eDirectory.
Continue '[y/n/q] ? 'y
Performing pre-migration checks...
Performing source server check with following parameter
ndscheck performed successfully
Checking time synchronization between source and target server
Source and Target servers are in time synchronization
Reading configuration file
Performing migration...
This may take time depending on the size of the server being migrated.
Setting up migration environment
ncpfs package installed
/tmp/edirmigrate already exists
/tmp/edirmigrate already mounted
151.155.134.144 is the mounted server in /tmp/edirmigrate
novell-ncpserv package available
copying scp peer file (ncpmig.nlm) to source server successfully
ncpmig.nlm already loaded in source server
Stopping target instance.
Server stopped successfully
/var/opt/novell/.backup_nici already exists
Backing up NICI files in target server
mv: cannot stat `/var/opt/novell/nici/nicifk': No such file or directory
Migrating NICI files from source server
Backing up DIB in source
Backup successful in source
source server DIB locked
Copying DIB to target
Creating /var/opt/novell/.edir_migrate
cksum at source = 2680393525
DIB backup file copied to target successfully: backup.nds
cksum at target = 2680393525
checksum match, continuing to restore
/tmp/edirmigrate umounted successfully
Starting target instance.
Server started successfully
Restoring DIB in target
Restore successful in target
Updating target instance configuration
Restarting target instance.
mignds:Server restarted successfully
Done
*************************************************
Output of the data.log generated:
*************************
########################
Tue Nov 18 22:20:03 2008
Connect to host or server "151.155.134.144"
Reading eDirectory database... [OK]
Connect to host or server "151.155.134.144"Performing health check on the eDirectory server ".CN=NTS144.O=novell.T=NTS144-TREE." ...
-------------------------------------------------------------------------------------------
TreeName = NTS144-TREE
NDS version: 20216.51
Server platform: Novell eDirectory Version 8.8 SP2 SMP-Novell NetWare 5.70.07[DS]
Checking eDirectory LDAP and HTTP services...
Checking http services available at address "http://151.155.134.144:81/portal" ... [OK]
Checking http services available at address "http://151.155.134.144:8008/portal" ... [OK]
Checking https services available at address "https://151.155.134.144:8009/portal" ... [OK]
Checking http services available at address "http://151.155.134.144:81/nds" ... [OK]
Checking http services available at address "http://151.155.134.144:8008/nds" ... [OK]
Checking https services available at address "https://151.155.134.144:8009/nds" ... [OK]
Checking ldap services available at address "ldap://151.155.134.144:389" ... [OK]
Checking ldaps services available at address "ldaps://151.155.134.144:636" ... [OK]
Checking http services available at address "http://151.155.134.144:81/soap" ... [OK]
Checking http services available at address "http://151.155.134.144:8008/soap" ... [OK]
Checking https services available at address "https://151.155.134.144:8009/soap" ... [OK]
Checking health of partitions ...
Number of partitions found = 1
Status of partition ".T=NTS144-TREE." ... [OK]
Checking the status of the replica ring...
Number of replicas = 1
+---------------------------------+-------+----------+--------------+---------------+
Server Name Status Time Sync Time Delta Replica State
+---------------------------------+-------+----------+--------------+---------------+
.CN=NTS144.O=novell.T=NTS144-TREE. UP YES 0 m:0 s ON
+---------------------------------+-------+----------+--------------+---------------+
Checking replication delta on the partition...
Maximum replica ring delta "0:1:45 (hh:mm:ss)"
Perishable delta on this server: "0:1:45 (hh:mm:ss)"
Skulk Interval: 60 (mm)
eDirectory health check completed.
Refer log file "data.log" for more details.
Complete:0
************************
Output of the mignds.log file:
*********************
19/11/08:16:23:53Reading configuration file
19/11/08:16:23:53Setting up migration environment
19/11/08:16:23:53ncpfs package installed
19/11/08:16:23:53/tmp/edirmigrate already exists
19/11/08:16:23:53/tmp/edirmigrate already mounted
19/11/08:16:23:53151.155.134.144 is the mounted server in /tmp/edirmigrate
19/11/08:16:23:53novell-ncpserv package available
19/11/08:16:23:53copying scp peer file (ncpmig.nlm) to source server successfully
19/11/08:16:23:53ncpmig.nlm already loaded in source server
19/11/08:16:23:53Stopping target instance.
19/11/08:16:24:15Server stopped successfully
19/11/08:16:24:15/var/opt/novell/.backup_nici already exists
19/11/08:16:24:15Backing up NICI files in target server
19/11/08:16:24:15Migrating NICI files from source server
19/11/08:16:24:17Backing up DIB in source
19/11/08:16:24:27Backup successful in source
19/11/08:16:24:27source server DIB locked
19/11/08:16:24:27Copying DIB to target
19/11/08:16:24:27Creating /var/opt/novell/.edir_migrate
19/11/08:16:24:29cksum at source = 2680393525
19/11/08:16:24:31DIB backup file copied to target successfully: backup.nds
19/11/08:16:24:31cksum at target = 2680393525
19/11/08:16:24:31checksum match, continuing to restore
19/11/08:16:24:31/tmp/edirmigrate umounted successfully
19/11/08:16:24:31Starting target instance.
19/11/08:16:24:36Server started successfully
19/11/08:16:24:36Restoring DIB in target
19/11/08:16:24:43Restore successful in target
19/11/08:16:24:43Updating target instance configuration
19/11/08:16:24:43Restarting target instance.
19/11/08:16:25:08mignds:Server restarted successfully
19/11/08:16:26:14server upgraded to eDirectory 8.8 SP2 successfully
****************
