Merge "Add kerberos maintenance docs"

2017-05-30 23:50:20 +00:00 · 2017-05-30 23:50:20 +00:00 · 63ba008b0c
parent 404416fb1a e6806ff32d
commit 63ba008b0c
1 changed files with 22 additions and 0 deletions
--- a/doc/source/kerberos.rst
+++ b/doc/source/kerberos.rst
@ -97,3 +97,25 @@ should be capitalized.
 Then save the principal's keytab::

  kadmin: ktadd -k /path/to/$NAME.keytab service/$NAME@OPENSTACK.ORG
+
+No Service Outage Server Maintenance
+------------------------------------
+
+Should you need perform maintenance on the kerberos server that requires
+taking kerberos processes offline you can do this by performing your
+updates on a single server at a time.
+
+`kdc01.openstack.org` is our primary server and `kdc02.openstack.org`
+is the hot standby. Perform your maintenance on `kdc02.openstack.org`
+first. Then once that is done we can prepare for taking down the
+primary. On `kdc01.openstack.org` run::
+
+  root@kdc01:~# /usr/local/bin/run-kprop.sh
+
+You should see::
+
+  Database propagation to kdc02.openstack.org: SUCCEEDED
+
+Once this is done the standby server is ready and we can take kdc01
+offline. When kdc01 is back online rerun `run-kprop.sh` to ensure
+everything is working again.