Sorry I must have mis-read....so a Replica is a full read/write Master or read 
only copy?


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: Rob Crittenden [rcrit...@redhat.com]
Sent: Tuesday, 7 February 2012 4:36 p.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] promoting a replica section  16.8

Steven Jones wrote:
> Once these actions are carried out does that mean the webgui is active? is is 
> there any other actions needed to make the promoted replica the new 
> read/write master?

Promoting a replica is only necessary if you installed with a selfsign
CA and want to issue certs from that machine. With selfsign you really
should pick one machine as the CA and stick with it otherwise you'll end
up issuing different certs with duplicate serial numbers and sooner or
later that will catch up with you. Promotion is documented in case that
single point of failure, well, fails.

Once a replica is installed it is a full IPA server. This means the UI,
XML-RPC interface, KDC, LDAP backend, the works. The only optional
components are the DNS and CA (dogtag).



Freeipa-users mailing list

Reply via email to