Peter Tselios via FreeIPA-users wrote: > Hello, > I had setup on 2 CentOS 7.5 boxes a FreeIPA Master and a Replica. > Currently the master has all services (DNS, CA, KRA) and it's prepared for > one-way trust with AD. > > Unfortunately, I have a lot of issues with the replica! > The replica setup was: > > ipa-replica-install --setup-ca --setup-dns --setup-kra --no-forwarder > > Although the installation was successful, when I tried to create a Trust with > our AD, the AD administrator told me that the replica did not responded to > DNS and truly, the DNS was down. Actually, the named-pks11 service was not > even enabled on the replica. So, the ipactl restart told me to run the > ipa-server-upgrade which I did. > The upgrade failed in the KRA section because it could not connect to the > MASTER server on port 8443. > > I didn't have time to investigate further, so, I just removed the replica and > re-installed it (with another issue, that will be posted in another thread > later), this time without the KRA. > My question: > > If I run the ipa-kra-install, will it REPLICATE the master, or will it create > a new KRA server? > Unfortunately, I cannot take a backup and test it and I cannot install a > second replica (don't ask plz). >
It will create a clone of the existing KRA. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/HIBIM6KFY2ZUQ6ENHDVQF3XCA5TFSM4B/