On 04.11.2015 11:25, Oleg Fayans wrote:
Hi all,

Is there a way to switch back to the old (based on ipa-replica-prepare) replica installation workflow having domain level=1?

The following error message suggests that it is possible:

$ ipa-replica-install --setup-ca --setup-dns --forwarder=10.38.5.26 -P testuser
Password for testu...@idm.lab.eng.brq.redhat.com:
ipa : ERROR The Replication Managers group is not available in the domain. Replica promotion requires the use of Replication Managers to be able to replicate data. Upgrade the peer master or use the ipa-replica-prepare command on the master and use a prep file to install this replica. ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

It it is not possible (and it is not, AFAIU) we should probably remove the ipa-replica-prepare part from this error message.

The second issue with this error message is that adding an unprivileged user just to admins group fixes the promotion, i. e. no neeed in any special "Replication Managers" group. Thus the message is totally misleading.

https://fedorahosted.org/freeipa/ticket/5400
https://fedorahosted.org/freeipa/ticket/5399
https://fedorahosted.org/freeipa/ticket/5401

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to