Recreating Certificates on OES, migrating to a new server, and checking status (in a nutshell)

Shawn Iverson responded to our OES Open Call with this nice piece about migration. His meditative approach underscores the importance of personal tranquility when approaching delicate IT procedures. Put down that Red Bull, clear your mind, and let Shawn guide you to migration nirvana. [Which Wikipedia defines as "the imperturbable stillness of mind after the fires of desire, aversion, and delusion have been finally extinguished." Please let us know when you get there.]


Step 1 -- Become One with Your Environment

Understand and document your environment.

i.e. IP Addressing, services running on old server, eDirectory structure, etc.

This information is different in every environment.

Step 2 -- Be Your Environment

Fully back up your current environment.

These steps vary depending on your backup solution.

Step 3 -- Focus and Meditate on Your Environment

Practice with OES in a test environment first until you are comfortable. A good technique is to restore/clone your current environment into a sandbox, snapshot it, and practice upgrading until you get it right. This is also a good way to verify that restores from backup will work as well

Again, steps here vary depending on your backup and cloning solution.


Step 1 -- Where's my CA?

Make sure you know where your Certificate Authority is located.

A quick way to determine which server is the CA is to go to iManager --> Novell Certificate Server --> Configure Certificate Authority

Look at the host server entry.

Step 2 -- Is my CA valid?

iManager --> Novell Certificate Server --> Configure Certificate Authority --> Certificates --> Check each cert and click Validate

If your CA certs are not valid, you will need to fix this before proceeding as you will not be able to generate server certificates.

The procedure to fix this problem is to recreate your CA and generate new CA certificates.

See How do I move the Organizational CA to another server? under Option II for more information.

Step 3 -- Are my server certs valid?

iManager --> Novell Certificate Access --> Server Certificates

Use the magnifying glass to select your server and validate your certificates.

Step 4 -- Recreating server certs (if not valid)

I highly recommend this procedure. OES scatters the certificates all over the place for many services. Updating them in eDirectory/iManager is not enough! Why not let this script do it for you?

Certificate Re-creation Script for OES1, OES2 and OES 11

Step 5 -- Migrating to a new server

Two methods generally exist for this. Transfer ID and Server Consolidation. Your path will depend on your unique situation and requirements.

The Migration Tool Administration Guide from Novell is your friend. Download the guide from Novell for you particular version of OES.

Note from step 1: If the server you are migrating from is your CA, you'll need to migrate the CA as well! This is not covered in the guide!

See How do I move the Organizational CA to another server? Option I for more information.

Step 6 -- Checking status

Checking status will depend on what services you are running on your server.

Tip 1: Check running services

Using service servicename status or rcservicename status will tell you if a service is running.

(Look in /etc/init.d for a full list of services on your server. Note that some services may be disabled.)

Tip 2: Check your logs

OES scatters logs all over the place. Here are some common places.


Tip 3: Monitor your server using top for CPU, Process, and Memory in realtime

Tip 4: Use Remote Manager


Tip 5: Use iMonitor for eDirectory health


Tip 6: Monitor disk usage

Use df -h from a shell/terminal for a quick glance

Step 7 -- Download the Docs for More Information

Novell keeps extensive documentation on OES on nearly every topic related to OES. Get your copy of the documentation!


How To-Best Practice
Comment List
Related Discussions