On 04.11.2015 11:25, Oleg Fayans wrote:
Hi all,
Is there a way to switch back to the old (based on
ipa-replica-prepare) replica installation workflow having domain level=1?
The following error message suggests that it is possible:
$ ipa-replica-install --setup-ca --setup-dns --forwarder=10.38.5.26 -P
testuser
Password for testu...@idm.lab.eng.brq.redhat.com:
ipa : ERRORThe Replication Managers group is not available
in the domain. Replica promotion requires the use of Replication
Managers to be able to replicate data. Upgrade the peer master or use
the ipa-replica-prepare command on the master and use a prep file to
install this replica.
ipa.ipapython.install.cli.install_tool(Replica): ERRORThe
ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
It it is not possible (and it is not, AFAIU) we should probably remove
the ipa-replica-prepare part from this error message.
The second issue with this error message is that adding an
unprivileged user just to admins group fixes the promotion, i. e. no
neeed in any special "Replication Managers" group. Thus the message is
totally misleading.
https://fedorahosted.org/freeipa/ticket/5400
https://fedorahosted.org/freeipa/ticket/5399
https://fedorahosted.org/freeipa/ticket/5401
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
