----- Original Message ----- > From: "James" <purplei...@gmail.com> > To: email@example.com > Sent: Thursday, July 3, 2014 2:10:27 AM > Subject: [Freeipa-users] FreeIPA replica topologies > > Hi there, > > Is the following correct or incorrect? > > Say I want to build a triangle of ipa replicas. A <-> B <-> C <-> (back to A) > > I do ipa-server-install on A > I do ipa-replica-prepare on A ... transfer files to B > I do ipa-replica-install on B > then: > > Option ONE: > I do ipa-replica-prepare on B ... transfer files to C > > Option TWO: > I do ipa-replica-prepare on A ... transfer files to C > > Continuing on... > I do ipa-replica-install on C > > Since all three hosts are now installed, to close the loop, I do : > > Option ONE: > ipa-replica-manage connect C A > > Option TWO: > ipa-replica-manage connect B C > > Is this all correct? Is option ONE or option TWO preferable and why? > Is the closing of the loop the correct interpretation and method? > Can the "closing of the loop" be done from any host in the cluster ? > If there's a large cluster can it be done from someone not directly > connected to the two peers we want to connect?
Option TWO is preferable if you have the CA only on A. You should be able to run the connect command on any administrative host IIRC. Simo. -- Simo Sorce * Red Hat, Inc. * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project