Re: [Freeipa-users] Installing replica w/o CA?
On Fri, 2015-06-19 at 14:20 -0700, Janelle wrote: > Maybe this is an obvious question - but I am missign the simple answer. > If you create a master and want to create 3 replicas -- creating the > first replica works just fine, but I want the 2nd replica chained off > the first, and NOT the master. But unless you install a CA on that first > replica, you get an error. > > 1. install master > 2. ipa-replica-prepare -- rep001 -- copy file to rep001 > 3. ipa-replica-install on rep001 > 4. ipa-replica-prepare rep002 --- does not work saying you can only > create replica from "master"? For now you can create replica files only on servers that have the CA, we may lift this restriction in future once we complete the replica promotion feature. Keep in mind that you can change replication topology after the install, so you do not have to keep the 3rd replica agreements with the first after you create agreements that connect the third to the second. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Installing replica w/o CA?
Janelle wrote: Maybe this is an obvious question - but I am missign the simple answer. If you create a master and want to create 3 replicas -- creating the first replica works just fine, but I want the 2nd replica chained off the first, and NOT the master. But unless you install a CA on that first replica, you get an error. 1. install master 2. ipa-replica-prepare -- rep001 -- copy file to rep001 3. ipa-replica-install on rep001 4. ipa-replica-prepare rep002 --- does not work saying you can only create replica from "master"? Seems like poor language in the error message. The issue would come if you tried to stand up a CA on the new replica during install it would have no CA to talk to. I think otherwise a master without a CA would be able to provide everything else necessary for the prepare file. You can use ipa-replica-manage connect/disconnect to tweak your replication topology. So create the replicas from a master that has a CA then add/delete connections as needed. 4.2 is going to introduce a new ay to manage topology: http://www.freeipa.org/page/V4/Manage_replication_topology rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Installing replica w/o CA?
Maybe this is an obvious question - but I am missign the simple answer. If you create a master and want to create 3 replicas -- creating the first replica works just fine, but I want the 2nd replica chained off the first, and NOT the master. But unless you install a CA on that first replica, you get an error. 1. install master 2. ipa-replica-prepare -- rep001 -- copy file to rep001 3. ipa-replica-install on rep001 4. ipa-replica-prepare rep002 --- does not work saying you can only create replica from "master"? ~J -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project