On 02/13/2012 09:43 PM, Simo Sorce wrote:
1. Let's say the server has crashed. Unrecoverable. Can new replication
agreements still be set up between the remaining hosts?
On Mon, 2012-02-13 at 21:37 +0100, Sigbjorn Lie wrote:
On 02/13/2012 08:55 PM, Simo Sorce wrote:
On Mon, 2012-02-13 at 20:43 +0100, Sigbjorn Lie wrote:
On 02/13/2012 08:16 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
What precautions need to be taken when replacing the primary/first IPA
Is it enough to reinstall the server and run a ipa-replica-install from
one of the other replicas?
It depends on what type of CA installation you have. Did you install
with dogtag or with a selfsign CA?
If you installed the CA on more than one replica, then you can remove
the first master, all the info is replicated on the other replicas that
have a clone of the CA. Note that the CA is not replicated by default
see the --setup-ca option or ipa-ca-install
Excellent. Yes, I've used --setup-ca when I created the replicas. :)
What if I have 3 IPA servers. 2 being replicated off the first master.
The master is re-installed and re-setup using ipa-replica-install from
one of the 2 other IPA servers.
Will not the 3rd server be left without a sync agreement? Does the 3rd
server need to be manually added back in with a sync agreement?
Before removing any server you should make sure it will not break the
You can use ipa-replica-manage and ipa-ca-replica-manage to create links
between the 2 other servers before you retire the hub.
You have to use both the commands as CA replication agreements are
distinct from IPA replication agreements.
2. I do not see a way for displaying relationships between the IPA hosts
when viewing the replicas with ipa-replica-manage list. I see the same
output on all the IPA hosts.
So if I was not the one who set up IPA, and did not have the
documentation handy available, is there a command provided with IPA
where I can figure out how the existing replication agreements are set
up between the hosts?
...except of looking in the LDAP tree under
3. Perhaps this was discussed earlier: Can there be configured a ring of
replicas with IPA?
Freeipa-users mailing list