On 16.7.2014 15:03, Petr Viktorin wrote:
On 07/16/2014 02:34 PM, Choudhury, Suhail wrote:
Hi,
I'd like some clarification on what a "master" and "replica" is please.
Once installed, all masters are identical (except some might have a CA and
some not).
The distinction is useful when installing a replica, where "master" and
"replica" generally mean "existing master" and "new master", respectively.
This doc suggests you start with 1 master and a replica can be promoted
to a master by changing "/var/lib/pki-ca/conf/CS.cfg":
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html
That doc is ancient (Fedora 15), don't use it.
However IPA is supposed to be multi-master replication, and replication
agreements appears to be two ways when checking "ipa-replica-manage list
hostname" on a given IPA server.
So when creating a replica using:
ipa-replica-install --setup-ca --setup-dns --forwarder=172.20.220.25
--forwarder=172.20.220.27 /root/replica-info-ipa01.domain.com.gpg
am I creating another "master replica"?
Yes, you're creating a new master; since you gave --setup-ca the two masters
will be equivalent.
Please note that --setup-dns is also important. Use it for the new replica if
you have used it for the original master.
--
Petr^2 Spacek
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
