Overview#

A Custom Menu Driven Script used for a couple of Clients.

Inserting New Server into an Existing eDirectory Tree#

On ALL other servers in the tree: Edit the /etc/hosts.nds to include the tree and server entries for the new server. For example, add these lines if the new server INO0S001 at IP 2.3.4.5 is being installed in the B1TEST tree:

	#B1TEST.       2.3.4.5
	INO0S001       2.3.4.5
IMPORTANT: The tree name for the new server must remain commented out until the server has been completely installed.

Simple Health Check#

Confirm the eDirectory tree is healthy and error-free according to an existing server in the target tree.

Correct any problems before proceeding.

nds-menu#

From the interactive eDirectory install menu, select InsertRemoveServerFromEdirectoryTree, then option "Install server in Existing Tree"

Follow the on-screen prompts for server insertion. The complete process may take several hours to complete, depending upon the size of the partition containing the server object.

NOTE: If the script fails or must be aborted for some reason, review the /var/b1nds.log file to determine the last successful step. You should decide if it is better to remove the server and start over, or to continue installation manually.

IMPORTANT NOTE: #

Upon insertion into the tree, if the partition the server is installed into (based on current design, dc=svr,dc=Directory-Info.com,dc=net is part of the Root partition) is hosted by fewer than 3 servers, a replica will automatically be placed on the new server. The build script assumes that the replica add will start, and will wait up to 18 hours for it to complete before finishing the completing the rest of the server configuration.

If there are already 3 replicas of the partition, then the build script will continue to wait for something that will never happen without manual intervention. When you see either of these messages:

	Waiting 2 minutes for new replica add...
	Waiting up to 18 hours for new replica add...
you should use ConsoleOne or iManager to manually add the replica to the server, if the replica was not automatically added.

NOTE: If the tree that the server is being inserted into is very small, it is possible that the replica add will be completed before the script can start logging to watch for the completion event. If the tree is small, and the first 2 minutes expire, you should select “No” when prompted:

	Continue waiting ([Y]/n)?

Answer yes to run Verify Edirectory Config(ModifyInstall) and VerifyFilePermissions(OwnerPermsFix).

On this Server, Modify /etc/hosts.nds#

On the new server, add entries for every other server in the tree to /etc/hosts.nds. The final file should look something like this:
	# Example entry:
	#TREENAME. 1.2.3.4
	#SERVERNAME 1.2.3.4

	B1TEST.       2.3.4.5
	INO0S001       2.3.4.5

--- All servers in tree should be listed
	B1TEST.       4.5.6.7
	INO0S002       4.5.6.7
IMPORTANT: The order of entries in this file is significant – always make sure that the local server appears in its hosts.nds file first.

On ALL Other Servers, Modify /etc/hosts.nds#

On ALL other servers in the tree: Edit the /etc/hosts.nds to un-remark the tree entry. Using the example quoted in step 1, change the entries to look like this:
	B1TEST.       2.3.4.5
	INO0S001       2.3.4.5

Manually Build Index#

The automated build may not create of creating one standard index under eDirectory 8.7.x. See Build B1ObjectClass Index This index may need to be created manually via ConsoleOne.

Making Edirectory Production Ready#

Once the build is complete and the server has been verified to function properly for its intended purpose, there are a few manual steps needed to make the server ready for production use.

Certificate Management#

If it has never been done for this server, complete the steps outlined at Certificate Management

Simple Health Check#

Confirm the eDirectory tree is healthy and error-free according to an existing server in the target tree. If the only errors are communication related (e.g. –625), just wait a few minutes and check again.

Make sure the server is in the tree correctly and you can connect to the server via NDS and LDAP over SSL.

Fix any issues.

What's Next#

After the server is installed and running properly, you should install IDM 2.0 as described at Install/Upgrade Identity Manager 2x

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-7) was last changed on 23-Oct-2015 12:01 by jim