DOMOS Migration Tool
Overviewβ
This tool helps to move a DOMOS system. It doesn't matter if the source is hardware or if the migration is from one virtual machine to another or from DOMOS 5 to DOMOS 6.
The entire process is performed on the target system. However, depending on the migration, in some cases the source system needs to be prepared.
TL;DRβ
-
Make sure that both systems are available via FQDN or IP and you can reach them via SSH
-
Create a config file named
domosmigration.cfgwith the needed information in it (FQDN, username, password, etc.) -
[OPTIONAL] Create a backup job on the old system for the data migration
-
Copy the config file to the new system via
scp domosmigration.cfg admin@NEW-SYSTEM-IP:/tmp
- Start the migration via
ssh admin@NEW-SYSTEM-IP run_migration
- Wait for the completion and reboot of the system
Preparation of source systemβ
Normally no special preparation is necessary. It is important that the DOMOS WebUI is accessible and that the login with username and password is possible. Since the migration tool cannot use TLS client certificates, these must be disabled.
If in addition to the pure migration of the configuration data also a data migration should take place, then on the source system a BakResNG job must be created for the BackupClient. The name of the job must be entered in the configuration of the migration tool.
Additional requirementsβ
Networkβ
The source system has to be reachable from the target system. A normal configuration migration connects to port 10000 of the source system. In case of a data migration the port of the BakRes service (default port 9877) must be reachable.
DOMOS Licenseβ
DOMOS 5 licenses are not compatible with DOMOS 6 systems. Therefore, in case of migration from DOMOS 5 to DOMOS 6, a new license must be installed. This can be done during the migration process.
Migration configuration fileβ
Here is an example of a migration configuration:
Note: The configuration file must be named domosmigration.cfg.
[Remote]
# optional: default is admin
username = admin
# optional: default is admin
password = secudos
fqdn = 172.16.0.222
# optional: default is 10000
port = 10000
# optional: default is 5
domosversion = 6
# optional: data migration
[DataMigration]
bakres=MyBakResJob
[ConfigPatch]
# DOMOSDB key: value
system.keymap: de
sssd.section.ssh.ssh_use_certificate_keys.value: True
sssd.section.pam.offline_credentials_expiration.value: 60
sssd.section.domain.ldap_id_use_start_tls.value: True
sssd.section.domain.cache_credentials.value: True
sssd.section.domain.id_provider.value: ldap
sssd.section.domain.auth_provider.value: ldap
sssd.section.domain.chpass_provider.value: ldap
sssd.section.domain.access_provider.value: ldap
sssd.section.domain.sudo_provider.value: ldap
sssd.section.domain.ldap_search_timeout.value: 50
sssd.section.domain.ldap_network_timeout.value: 60
[License]
# optional: DOMOS6 needs new license
filename = D202317000003.lic
Each section of the configuration is described below.
Section: Remoteβ
This section is mandatory and describes communication with the source system.
username - (optional) Username for login. Default is admin.
password - (optional) Password for login. Default is admin.
fqdn - FQDN of the source system. If the FQDN cannot be resolved by DNS use the IP address.
port - (optional) Port of WebUI on the source system. Default is 10000.
Section: DataMigrationβ
This section is optional to perform a data migration. In this case, the part of the application in the normal configuration backup is not used to migrate the application data.
The data migration downloads the Backup Client from the source system and uses it to obtain a backup to restore the application data.
bakres - Name of the BackupClient job which should be used to get application data
Section: ConfigPatchβ
This optional section can be used to modify the DOMOS configuration. These modifications will be applied after restoring the DOMOS configuration database. All settings of a DOMOS system can be modified.
To change a setting, the database key and a value must be specified. If no value is given, the key and its value will be removed from the database.
When migrating from DOMOS 5 to DOMOS 6, the following settings are recommended, because they are new default settings in DOMOS 6:
system.keymap: de
sssd.section.ssh.ssh_use_certificate_keys.value: True
sssd.section.pam.offline_credentials_expiration.value: 60
sssd.section.domain.ldap_id_use_start_tls.value: True
sssd.section.domain.cache_credentials.value: True
sssd.section.domain.id_provider.value: ldap
sssd.section.domain.auth_provider.value: ldap
sssd.section.domain.chpass_provider.value: ldap
sssd.section.domain.access_provider.value: ldap
sssd.section.domain.sudo_provider.value: ldap
sssd.section.domain.ldap_search_timeout.value: 50
sssd.section.domain.ldap_network_timeout.value: 60
Other modifications (e.g. network configuration) can be applied on the same way.
Section: Licenseβ
This section can be used to install a new DOMOS license due to migration. The normal configuration backup includes the DOMOS license. If it is necessary to install a new license (e.g. when migrating from DOMOS 5 to DOMOS 6), then the license can be installed due to migration.
filename - Name of the license file
Perform the migrationβ
The migration happens in two steps.
Copy of needed filesβ
The migration configuration and possible available license file have to be copied into the /tmp folder on the target system. The simplest way is to use SecureCopy:
Note: The configuration file must be named domosmigration.cfg.
scp domosmigration.cfg admin@NEW-SYSTEM-IP:/tmp
scp DOMOSLIC.lic admin@NEW-SYSTEM-IP:/tmp
Since the /tmp folder is emptied every time the system is booted, these files will disappear after migration.
Start of the migrationβ
The migration is started via SSH and will only work if the root password of the target system hasn't been changed. Once the root password has been changed, the migration must be started as root on the command line.
To start the migration use the following SSH command:
ssh admin@NEW-SYSTEM-IP run_migration
The output is displayed while the migration is running. No interactive input is required. Here is an example of such a log:
$ ssh admin@172.16.0.23 run_migration
admin@172.16.0.23's password:
Passwort:
2023-04-26 11:04:39 [INFO] Login into remote system ...
2023-04-26 11:04:39 [INFO] Login ok
2023-04-26 11:04:39 [INFO] Downloading configuration backup ...
2023-04-26 11:04:41 [INFO] Download ok
2023-04-26 11:04:41 [INFO] Login into remote system ...
2023-04-26 11:04:41 [INFO] Login ok
2023-04-26 11:04:41 [INFO] Shutting down remote system ...
2023-04-26 11:04:41 [INFO] Restoring old configuration ...
2023-04-26 11:05:28 [INFO] Notice: Restoring sensor successful.
2023-04-26 11:05:28 [INFO] Notice: The database has been successfully restored.
2023-04-26 11:05:28 [INFO] Notice: Restoring management successful.
2023-04-26 11:05:28 [INFO] Error from localhost.localdomain: The node names are not configured correctly.
2023-04-26 11:05:28 [INFO] Notice: Restoring cluster successful.
2023-04-26 11:05:28 [INFO] Patching configuration ...
2023-04-26 11:05:28 [INFO] Add key system.keymap with value de
2023-04-26 11:05:28 [INFO] Add key sssd.section.ssh.ssh_use_certificate_keys.value with value True
2023-04-26 11:05:28 [INFO] Add key sssd.section.pam.offline_credentials_expiration.value with value 60
2023-04-26 11:05:28 [INFO] Add key sssd.section.domain.ldap_id_use_start_tls.value with value True
2023-04-26 11:05:28 [INFO] Add key sssd.section.domain.cache_credentials.value with value True
2023-04-26 11:05:28 [INFO] Add key sssd.section.domain.id_provider.value with value ldap
2023-04-26 11:05:28 [INFO] Add key sssd.section.domain.auth_provider.value with value ldap
2023-04-26 11:05:28 [INFO] Add key sssd.section.domain.chpass_provider.value with value ldap
2023-04-26 11:05:28 [INFO] Add key sssd.section.domain.access_provider.value with value ldap
2023-04-26 11:05:28 [INFO] Add key sssd.section.domain.sudo_provider.value with value ldap
2023-04-26 11:05:28 [INFO] Add key sssd.section.domain.ldap_search_timeout.value with value 50
2023-04-26 11:05:28 [INFO] Add key sssd.section.domain.ldap_network_timeout.value with value 60
2023-04-26 11:05:28 [INFO] Installing new license ...
2023-04-26 11:05:28 [INFO] System reboot
After the system reboots, the migration is complete and the old system is automatically shut down.