[Freeipa-users] Re: Create a replica

[Bret Wortman via FreeIPA-users]

On 03/02/2018 04:15 AM, Florence Blanc-Renaud wrote:

On 01/03/2018 18:11, Bret Wortman via FreeIPA-users wrote:
I've got a one system setup now and would like to create a replica 
and ensure survivability as much as possible. Will this do the trick? 
Obviously the first is run on the current master and the second on 
the new replica...


# ipa-replica-prepare newserver.my.net --ip-address=192.168.1.50

# ipa-replica-install --setup-dns --setup-ca --no-forwarders 
/path/to/replica-info-newserver.my.net.gpg



Hi,

the procedure depends on your domain level. In order to find which 
domain-level you are using:

# ipa domainlevel-get
---
Current domain level: 1
---

If domain-level is 0, then you need to create a replica file and 
install the replica by providing this replica file (the instructions 
you wrote above). The procedure is documented here [1].


If domain-level is 1, then the procedure is different. You can first 
enroll the host as an IPA client with ipa-client-install, and then 
promote it to a replica with ipa-replica-install (no replica file 
provided), or do the 2 steps in ipa-replica-install (if you provide 
all the required options). More information here [2]


HTH,
Flo

[1] 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/app.replica
[2] 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/creating-the-replica


--
photo

*Bret Wortman*
President, Damascus Products LLC
855-644-2783  | 303-523-8037  | 
b...@damascusproducts.com  | 
http://damascusproducts.com/ | 10332 Main St Suite 319 Fairfax, VA 22030
 
 





___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to 
freeipa-users-le...@lists.fedorahosted.org






Perfect! Thanks. Every time I need to do something like this, I discover 
some great advances you all have made which makes life easier than last 
time.


My CA is level 1, so I'll proceed after reading your linked reference. 
Thanks, Flo!



Bret

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Create a replica

[Florence Blanc-Renaud via FreeIPA-users]

On 01/03/2018 18:11, Bret Wortman via FreeIPA-users wrote:
I've got a one system setup now and would like to create a replica and 
ensure survivability as much as possible. Will this do the trick? 
Obviously the first is run on the current master and the second on the 
new replica...


# ipa-replica-prepare newserver.my.net --ip-address=192.168.1.50

# ipa-replica-install --setup-dns --setup-ca --no-forwarders 
/path/to/replica-info-newserver.my.net.gpg



Hi,

the procedure depends on your domain level. In order to find which 
domain-level you are using:

# ipa domainlevel-get
---
Current domain level: 1
---

If domain-level is 0, then you need to create a replica file and install 
the replica by providing this replica file (the instructions you wrote 
above). The procedure is documented here [1].


If domain-level is 1, then the procedure is different. You can first 
enroll the host as an IPA client with ipa-client-install, and then 
promote it to a replica with ipa-replica-install (no replica file 
provided), or do the 2 steps in ipa-replica-install (if you provide all 
the required options). More information here [2]


HTH,
Flo

[1] 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/app.replica
[2] 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/creating-the-replica


--
photo   

*Bret Wortman*
President, Damascus Products LLC
855-644-2783  | 303-523-8037  | 
b...@damascusproducts.com  | 
http://damascusproducts.com/ | 10332 Main St Suite 319 Fairfax, VA 22030
 
 	





___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org