Include -clone_uri argument to pkisilent setting the clone URI.
This makes creating a clone from a clone work as expected.Note that this depends on some fixes in the pki-ca, pki-common and pki-silent packages. I tested this against pre-release versions.
This means you can do something like this: Install IPA on server A Prepare a replica file on server A for server B Install the IPA replica on server B Preparea replica file for server C on server B Install the IPA replica on server C The replication topology looks like: A <-> B <-> CThis isn't really recommended but it at least frees us from having a single point of failure regarding the CA. The CAs are now independent, though they replicate over a difference channel than IPA user data.
_______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel