On 02/13/2012 08:55 PM, Simo Sorce wrote:
On Mon, 2012-02-13 at 20:43 +0100, Sigbjorn Lie wrote:
On 02/13/2012 08:16 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:

What precautions need to be taken when replacing the primary/first IPA

Is it enough to reinstall the server and run a ipa-replica-install from
one of the other replicas?
It depends on what type of CA installation you have. Did you install
with dogtag or with a selfsign CA?


If you installed the CA on more than one replica, then you can remove
the first master, all the info is replicated on the other replicas that
have a clone of the CA. Note that the CA is not replicated by default
see the --setup-ca option or ipa-ca-install

Excellent. Yes, I've used --setup-ca when I created the replicas. :)

What if I have 3 IPA servers. 2 being replicated off the first master. The master is re-installed and re-setup using ipa-replica-install from one of the 2 other IPA servers.

Will not the 3rd server be left without a sync agreement? Does the 3rd server need to be manually added back in with a sync agreement?


Freeipa-users mailing list

Reply via email to