On 05/23/2014 07:01 AM, James wrote: > I'm trying to understand some of the FreeIPA replication internals so > that I can better know how to do this properly in Puppet without > storing any secret information in Puppet, and so that automating > FreeIPA is awesome. > > Please point me to any docs, if there is reading I could be doing :) > > Here are some open questions I have: > > 1) Is the GPG file created with ipa-replica-prepare using a symmetric > password and is that password equal to the dm_password ? If not, where > do the pub/priv key pairs come from and how do they get transferred to > the replica.
Yes. Grep for function expand_replica_info in FreeIPA git. > > 2) If I have root on the IPA server (actually all of them) how can I > run ipa-replica-prepare without needing interactive prompting for > entering the password. It's not possible with puppet. Is there another > (possibly less user friendly even) method to "prepare" the replica? > What is prepare actually doing? For, you can for example use --password for passing the DM password. > 3) With a multi master setup, what happens if I run the same action > (eg: user-mod or user-add or user-del) on more than one server. I would not do that, you risk replication conflicts on entries or attributes. More here: https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html > Can I > run it on any server? Yes. > What if I run different user-mod commands of the > same user on different masters. Is there split brain? Then you get a replication conflict. I think in case of attributes, last modification wins. > Are all the > transactions and writes synchronous across the whole cluster? They are not synchronous, it takes some time for a change to replica to all masters. > Please > point me to a doc that explains this FAQ stuff if possible. Sorry for > the noise You should be able to get a reasonable starting information here: https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Deployment_Guide/Designing_the_Replication_Process.html or here: https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication.html HTH, Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
