On Fri, 2014-05-23 at 15:44 +0200, Martin Kosek wrote: > One cannot easily improve ipa-replica-prepare to work through LDAPI as > we also > need to encypher the replica info package - and we cannot do that > without clear > text DM password. > > The right way seems to be rather the RFE you filed: > https://fedorahosted.org/freeipa/ticket/2888 > > Martin
Here is the model I am considering: Since each replica in a multi-master cluster is said to be functionally "identical" once they're all setup, I'd actually like to try and match this elegant symmetry that you've provided with an equally symmetrical (or homogeneous, rather) design. That's to say I want the config management parts to "be identical" on each host. What this means: * It should be possible to parallelize a good chunk of the setup, if I were to bring up a cluster of four hosts at the same time. * It's convenient if each individual host follows the same initial ipa-server-install process, but that there is a secondary "join with my peer" process. * In theory, if I set up two identical freeipa servers with the same options (but different hostnames) I would like to be able to introduce them to each other at a later date and join them (even if this means that we pick one as the source of the data and the others data gets overwritten) Does this help explain the need? For an example of peering that works this way and is symmetrical with configuration management, my puppet-gluster module does this. Cheers, and thanks for reading. James
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
