I have googled around a bit, but I still have a couple of questions:

1) is it possible to get "getent shadow" to return shadow entries from
the ipa server?  This is so we can do a DR test on some server or set
of servers without also having to restore the IPA server first.  I can
do a "getent passwd" easily enough, and I could rebuild the shadow
file for local users, so it's not critical, but it would be a "nice to
have" in the case of a DR.

2) What is everyone else doing to prepare IPA for a DR?  I've read
that the best way to do it is to turn off the IPA services on a
replica and then back that replica up.  I also read that this will
miss some important files that only exist on the master.  I don't want
to turn off the master server services for a DR due to failover lag.
Would it be safe to take a backup of the master while "hot", then
restore a replica, and promote it to master using the "hot" backup of
the master (just the specific CA files needed)?



Freeipa-users mailing list

Reply via email to