On Wed, Jul 16, 2014 at 9:03 AM, Petr Viktorin <[email protected]> wrote:
> On 07/16/2014 02:34 PM, Choudhury, Suhail wrote: > >> Hi, >> >> I'd like some clarification on what a "master" and "replica" is please. >> > > Once installed, all masters are identical (except some might have a CA and > some not). > The distinction is useful when installing a replica, where "master" and > "replica" generally mean "existing master" and "new master", respectively. > > > This doc suggests you start with 1 master and a replica can be promoted >> to a master by changing "/var/lib/pki-ca/conf/CS.cfg": >> http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_ >> Guide/promoting-replica.html >> > > That doc is ancient (Fedora 15), don't use it. > > > However IPA is supposed to be multi-master replication, and replication >> agreements appears to be two ways when checking "ipa-replica-manage list >> hostname" on a given IPA server. >> >> So when creating a replica using: >> >> ipa-replica-install --setup-ca --setup-dns --forwarder=172.20.220.25 >> --forwarder=172.20.220.27 /root/replica-info-ipa01.domain.com.gpg >> >> am I creating another "master replica"? >> > > Yes, you're creating a new master; since you gave --setup-ca the two > masters will be equivalent. > So you no longer need to do anything to promote a replica to be a CA master? Another way to ask the question, can I remove the original master and everything will still work? > > -- > PetrĀ³ > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
