Promote OD replica to master

[sstortz]

I have upgraded my 10.4 trayload xServe to 10.5.2 running as an OD Master. I have a new Intel xServe 10.5.2 running as a OD Replica. I want the replica to become the master and the master the replica. The have different IPs and FQDN, which can’t be switched.

When I take the master off line and try to promote the replica it fails because the realms are different. Does anybody have a [i]simple[/i] solution to this problem? I’m not that familiar with terminal and slapconfig etc. but I can handle baby steps Apple said just make the replica a stand alone and then promote it to a master and import the master archive. That hasn’t worked.

When I do, the OD log reads:
2008-03-21 23:48:43 -0500 – Warning: The domain in the backup file does not match the domain in the current LDAP configuration.
Current = dc=newserver,dc=domain,dc=org
Backup = dc=oldsever,dc=domain,dc=org
2008-03-21 23:48:44 -0500 – 1 Merging Kerberos database
2008-03-21 23:48:44 -0500 – popen: cd /tmp/slapconfig_restore_stage1979QhuH2t;/usr/bin/tar xzpf /Volumes/ldap_bk/krb5backup.tar.gz, “r”
2008-03-21 23:48:44 -0500 – The directory archive was not merged because the Kerberos realms are different. Using the “-f” switch with the “slapconfig -mergedb” command will force the merge (see the “slapconfig” man page for details), but Kerberos principals will be lost. The “slapconfig -kerberize” command will create the principals. Users’ Kerberos passwords will be restored if the Password Server can supply plain text passwords for them. Otherwise, users will have to change their passwords to start using Kerberos authentication.
2008-03-21 23:48:44 -0500 – Error: The archive does not have a Kerberos stash file for the default realm.
2008-03-21 23:48:44 -0500 – Removed directory at path /tmp/slapconfig_stage19793p6P1W.
2008-03-21 23:48:44 -0500 – command: /usr/bin/hdiutil detach disk3

Any insight will be greatly appreciated.
😉 😉

[motionbug]

I am also very interested if you get this to work. I am in the same situation that you are in. I want to upgrade a OD replica to an OD master and then have the OD master a replica of the new master.

But when trying to do this I get what you get…

2008-03-21 23:48:44 -0500 – The directory archive was not merged because the Kerberos realms are different. Using the “-f” switch with the “slapconfig -mergedb” command will force the merge (see the “slapconfig” man page for details), but Kerberos principals will be lost. The “slapconfig -kerberize” command will create the principals. Users’ Kerberos passwords will be restored if the Password Server can supply plain text passwords for them. Otherwise, users will have to change their passwords to start using Kerberos authentication.

And with 1000 students, that would suck.

[tomlawton]

Hi –

Sorry- another “me too” post! Did you ever get a nice resolution to this…?

Similar story- I got a new Xserve, on a new IP, updated to 10.5.6, promoted new, imported old Xserve’s OD backup, demoted old, upgraded old 10.4.11 to 10.5.6, made old a replica of new. All good, except, of course, no kerberos now…
The update log warned me it wasn’t happy at the time:-

[quote] 2009-01-31 19:43:05 +0000 – Warning: The domain in the backup file does not match the domain in the current LDAP configuration.
[/quote]

It doesn’t seem to matter hugely, as I don’t (think I) rely on kerberisation of any services… But what’s irritating is kerberos is still trying to start on “old” Xserve, and whinging in the log the whole time…

Any help (other than reformat-reinstall/ demote-promote/ blow away passwords…!) much appreciated…

Cheers
Tom

[bschappel]

OK, this is probably not the kind of post you want but what about trying this…

Since 10.5 is truly universal you could clone the system drive from your G4 Xserve to a GUID formatted SATA drive and install it in the Intel Xserve and boot it. Do the same sort of thing with the boot drive from the Intel box, clone it to an Apple partition table IDE drive and boot the G4 with it.

You can mount the drives in inexpensive USB enclosures for the cloning process. When the server reboot off the new drives you’ve basically switched the machines around.

Granted it’s a brute force approach but I think it will work.

PS: Use Carbon Copy Cloner or SuperDuper to clone the drives.

[tomlawton]

Admittedly a crafty approach; just 2 teeny problems… –

It leaves the new machine with the old machine’s IP address. Past experience (in 10.4) showed me that running changip resulted in needing a demote-promote, with loss of passwords… 😥

My servers are in Surrey, UK, and I’m on sabbatical in Colorado, USA, for a year- so hooking up external drives is a bit of a pain 😉

I should probably have been more pragmatic at the outset, and let the new server take over the old server’s IP address; however, I wanted to be “honest” and clearly move to a new server, plus, since the old server was running the VPN I was working through, and had the only hole in the University’s firewall… Well, you can imagine how cautious I have to be, working 5000 miles remotely!!

[bschappel]

When I upgraded from Tiger to Leopard server I had a new Intel Xserve I wanted to use as my ODM. I also was changing the name and IP of the ODM. What I did that time was I did an OD archive (in Server Admin) and eventually did a restore on the new server.

I say “eventually” because I first opened the archive and edited some of the files. I did a search/replace of the old server FQDN with the new FQDN. This worked (to my surprise) and preserved all the passwords.

Perhaps this will give you some other ideas.

[tomlawton]

Now that was just a stroke of genius!! If only I’d thought of that [i]before[/i] I made the swap…

However, the technique is crafty enough that maybe I could have a go at it, exporting the current info, hunting down FQDNs and making it all nice before reloading…

Shame Apple didn’t think of putting such a useful tip in the 10.5 manuals- and better still provide a utility to make the FQDN changes too! Time to make an OD backup and get grepping….

Cheers,
Tom

[happypix]

“Error: The archive does not have a Kerberos stash file for the default realm.”

Here is what I did:

after creating a new OD master I Archived the virgin database. Then I mounted both Archives and replaced the file “krb5backup.tar” on the old image with the new one.

Used restore again and it worked, I have my user database back at least.

[Author]

Posts