On 02/13/2012 08:55 PM, Simo Sorce wrote:
On Mon, 2012-02-13 at 20:43 +0100, Sigbjorn Lie wrote:
On 02/13/2012 08:16 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
What precautions need to be taken when replacing the primary/first IPA
Is it enough to reinstall the server and run a ipa-replica-install from
one of the other replicas?
It depends on what type of CA installation you have. Did you install
with dogtag or with a selfsign CA?
If you installed the CA on more than one replica, then you can remove
the first master, all the info is replicated on the other replicas that
have a clone of the CA. Note that the CA is not replicated by default
see the --setup-ca option or ipa-ca-install
Excellent. Yes, I've used --setup-ca when I created the replicas. :)
What if I have 3 IPA servers. 2 being replicated off the first master.
The master is re-installed and re-setup using ipa-replica-install from
one of the 2 other IPA servers.
Will not the 3rd server be left without a sync agreement? Does the 3rd
server need to be manually added back in with a sync agreement?
Freeipa-users mailing list