On Fri, Apr 14, 2023 at 5:10 AM Finn Fysj via FreeIPA-users <[email protected]> wrote: > > Hi, > > I'm new to FreeIPA and the ansible-freeipa collection. > I can successfully install IPA server using the role ipaserver. However, I > want to setup a multi-master replication with failover. > > As far as I know I need to install ipaserver on all of my masters/replication > and then the replica role? > How does the master nodes establish a relationship? Is this done using IPA > client? >
For the first server you use the ipaserver role, as you did. For all other servers in the domain, use the ipareplica role. Make sure to check upstream or RHEL documentation. I have some examples on setting up an IPA cluster here: https://rafaeljeffman.com/projects/freeipa/en/cluster-deployment-ansible.html > It might seem weird, but my goal is to setup the IPA server purely as a LDAP > server using external CA. > This is because we want to have the ability to have a user interface like the > web gui. If you are already using ansible-freeipa to deploy your servers, you can also use it to manage the domain, using Ansible. ansible-freeipa already have a good coverage of FreeIPA commands. Rafael > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- Rafael Guterres Jeffman Senior Software Engineer FreeIPA - Red Hat _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
