Hi,
On Tue, May 2, 2023 at 1:06 PM J N via FreeIPA-users <
[email protected]> wrote:
> Hi,
>
> I'm new to ansible and FreeIPA project, and I'm currently trying to setup
> HBAC and SUDO rules to my primary server and the replicas.
> Is the practice to only apply rules to the primary server and let it
> replicate to the replicas? The reason I'm asking is because when I try to
> create HBAC/SUDO rules on the primary and the replicas I get an error in
> ansible saying:
>
> changed: [192.168.204.10]
> fatal: [192.168.204.11]: FAILED! => {"changed": false, "msg":
> "sudorule_add: test_rule: sudo rule with name \"test_rule\" already exists"}
>
>
> However, if I try to retun the play it will work as an idempotently:
> ok: [192.168.204.10]
> ok: [192.168.204.11]
>
>
> Question:
> What's the practice when running a replicas, should only the "main" master
> be updated?
>
the HBAC and sudo rules are automatically replicated, you only need to
define them once (on any server, it can be the first master or a replica).
HTH,
flo
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
