On 02/13/2012 08:55 PM, Simo Sorce wrote:
On Mon, 2012-02-13 at 20:43 +0100, Sigbjorn Lie wrote:
On 02/13/2012 08:16 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,

What precautions need to be taken when replacing the primary/first IPA
server?

Is it enough to reinstall the server and run a ipa-replica-install from
one of the other replicas?
It depends on what type of CA installation you have. Did you install
with dogtag or with a selfsign CA?

rob

Dogtag
If you installed the CA on more than one replica, then you can remove
the first master, all the info is replicated on the other replicas that
have a clone of the CA. Note that the CA is not replicated by default
see the --setup-ca option or ipa-ca-install

Excellent. Yes, I've used --setup-ca when I created the replicas. :)

What if I have 3 IPA servers. 2 being replicated off the first master. The master is re-installed and re-setup using ipa-replica-install from one of the 2 other IPA servers.

Will not the 3rd server be left without a sync agreement? Does the 3rd server need to be manually added back in with a sync agreement?


Rgds,
Siggi


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to