Ott, Dennis wrote: > I have an IPA setup, one master, one replica; originally installed as v > 2.x and later updated to v 3.0. For whatever reasons, the certs did not > automatically renew and the services would no longer start. I updated > the certs manually on the master using the procedure shown at: > > > > http://www.freeipa.org/page/IPA_2x_Certificate_Renewal > > > > The master is now functioning properly. > > > > > > At this point, the IPA service is still stopped on the replica. I > hesitate to start it for concern it could interfere with the now-working > master. > > > > What would be the recommended method for returning the replica to service?
It depends on whether the replica. Does it also run a CA? If not then you can try restarting the certmonger service. This should cause it to fetch new certificates for the other IPA servers. ipa-getcert list will show you the status, wait until they are all MONITORING. Once that works then you can safely restart the world. Any changes on the master will be replicated out, and vice versa. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
