I'm trying to understand some of the FreeIPA replication internals so that I can better know how to do this properly in Puppet without storing any secret information in Puppet, and so that automating FreeIPA is awesome.
Please point me to any docs, if there is reading I could be doing :) Here are some open questions I have: 1) Is the GPG file created with ipa-replica-prepare using a symmetric password and is that password equal to the dm_password ? If not, where do the pub/priv key pairs come from and how do they get transferred to the replica. 2) If I have root on the IPA server (actually all of them) how can I run ipa-replica-prepare without needing interactive prompting for entering the password. It's not possible with puppet. Is there another (possibly less user friendly even) method to "prepare" the replica? What is prepare actually doing? 3) With a multi master setup, what happens if I run the same action (eg: user-mod or user-add or user-del) on more than one server. Can I run it on any server? What if I run different user-mod commands of the same user on different masters. Is there split brain? Are all the transactions and writes synchronous across the whole cluster? Please point me to a doc that explains this FAQ stuff if possible. Sorry for the noise Thanks again, James _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
