[Freeipa-users] Replica and CA mess
Simo Sorce
simo at redhat.com
Mon Nov 28 14:11:48 UTC 2011
On Sun, 2011-11-27 at 18:53 +0100, Sigbjorn Lie wrote:
> Perhaps an opertunity for improvements here? My suggestions:
>
> * First off, add to the documentation to remove the replica on
> another
> IPA server before uninstalling the IPA replica?
We should probably do this, can you open a doc bug ?
> * Why not automatically delete the replication agreement when
> uninstalling the replica?
We haven't done this so far as it requires admin or DM credentials to do
so.
> * Where did the CA instance go? I see nothing in the documentation
> about
> this, but I found a ipa-ca-install command.
The CA component is always optional on replicas. You do not necessarily
want to have a CA replica in every single FreeIPA replica. Usually a few
CA instance (perhaps one or two per geography will suffice).
So you should either pass --setup-ca at ipa-replica-install time or call
ipa-ca-install later.
> ipa-ca-install yelded the
> error below.
I will let Adam chime on the errors, they should not happen of course.
Simo.
>
>
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list