Add kerberos maintenance docs

This adds docs on how to perform maintenance on the kerberos service without a service outage. Change-Id: Ie98bcfa952825d5102c21bbf1efda499307fb88a
2017-04-14 10:53:01 -07:00 · 2017-04-14 10:53:01 -07:00 · e6806ff32d
parent b712584e53
commit e6806ff32d
1 changed files with 22 additions and 0 deletions
--- a/doc/source/kerberos.rst
+++ b/doc/source/kerberos.rst
@ -97,3 +97,25 @@ should be capitalized.
 Then save the principal's keytab::

  kadmin: ktadd -k /path/to/$NAME.keytab service/$NAME@OPENSTACK.ORG
+
+No Service Outage Server Maintenance
+------------------------------------
+
+Should you need perform maintenance on the kerberos server that requires
+taking kerberos processes offline you can do this by performing your
+updates on a single server at a time.
+
+`kdc01.openstack.org` is our primary server and `kdc02.openstack.org`
+is the hot standby. Perform your maintenance on `kdc02.openstack.org`
+first. Then once that is done we can prepare for taking down the
+primary. On `kdc01.openstack.org` run::
+
+  root@kdc01:~# /usr/local/bin/run-kprop.sh
+
+You should see::
+
+  Database propagation to kdc02.openstack.org: SUCCEEDED
+
+Once this is done the standby server is ready and we can take kdc01
+offline. When kdc01 is back online rerun `run-kprop.sh` to ensure
+everything is working again.