On 03/02/2018 04:15 AM, Florence Blanc-Renaud wrote:
On 01/03/2018 18:11, Bret Wortman via FreeIPA-users wrote:
I've got a one system setup now and would like to create a replica and ensure survivability as much as possible. Will this do the trick? Obviously the first is run on the current master and the second on the new replica...

# ipa-replica-prepare newserver.my.net --ip-address=192.168.1.50

# ipa-replica-install --setup-dns --setup-ca --no-forwarders /path/to/replica-info-newserver.my.net.gpg

Hi,

the procedure depends on your domain level. In order to find which domain-level you are using:
# ipa domainlevel-get
-----------------------
Current domain level: 1
-----------------------

If domain-level is 0, then you need to create a replica file and install the replica by providing this replica file (the instructions you wrote above). The procedure is documented here [1].

If domain-level is 1, then the procedure is different. You can first enroll the host as an IPA client with ipa-client-install, and then promote it to a replica with ipa-replica-install (no replica file provided), or do the 2 steps in ipa-replica-install (if you provide all the required options). More information here [2]

HTH,
Flo

[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/app.replica [2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/creating-the-replica

--
photo

*Bret Wortman*
President, Damascus Products LLC
855-644-2783 <tel:855-644-2783> | 303-523-8037 <tel:303-523-8037> | b...@damascusproducts.com <mailto:b...@damascusproducts.com> | http://damascusproducts.com/ | 10332 Main St Suite 319 Fairfax, VA 22030 <http://facebook.com/wrapbuddiesco> <http://twitter.com/wrapbuddiesco> <http://instagram.com/wrapbuddies>

<https://facebook.com/wrapbuddiesco><https://instagram.com/wrapbuddies>


_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org



Perfect! Thanks. Every time I need to do something like this, I discover some great advances you all have made which makes life easier than last time.

My CA is level 1, so I'll proceed after reading your linked reference. Thanks, Flo!


Bret

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to