I read the backup procedure on http://www.freeipa.org/page/Backup_and_Restore.
If I lose my first master, it is stated than:
- Clean deployment from the lost server by removing all replication agreements
- Choose another FreeIPA Server with CA installed to become the first master
- Nominate this master to be the one in charge or renewing certs and publishing
CRLS. This is a manual procedure at the moment.
- Follow standard installation procedure to deploy a new master on a
hardware/VM of your choice
How do I nominate this master to be the one in charge of renews certs and
publishing CRLS? I didn't found the procedure.
Also do I care to differentiate between the first master and other replica, if
my IPA installation use an external root CA certificate (Windows AD in that
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project