[Freeipa-users] Confused/lost at promoting a replica into a master
E Deon Lackey
dlackey at redhat.com
Sun Apr 29 23:34:25 UTC 2012
On 4/27/2012 10:20 PM, David Copperfield wrote:
> Hi follks,
>
> I'm completely lost at reading the IPA document on how to promote a
> IPA replica into master IPA. When I'm try to follow the steps listed
> in the chapter '16.8.1 Promoting a Replica with a Dogtag Certificate
> System CA' at the link
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/promoting-replica.html#promoting-pki,
> the last steps 'g' said:
>
> g. Disable the redirect settings for CRL generation requests:
> master.ca.agent.host=hostname
> master.ca.agent.port=port number
>
> The above instructions don't give any hints of 'hostname', or 'port
> number'. users don't have any clues about them, should them be this
> replica's name, or the original master's name? and what is the por
> t number? it is a TCP port, or a UDP port?
Hi, Guolin,
The replica is configured to check for information from the master CA --
in this case, asking the master CA to generate a CRL. Those parameters
tell the replica where to look. Part of promoting the replica is telling
it *not* to look for a master CA. So, those parameters should be blanked
or removed.
I can definitely make that more clear.
>
> As a serious evaluator of IPA, I have to think more above just for
> fun. So it is a natural thought to think about disaster recovery and
> smooth/continuous operations(simulation and real case): how to back up
> data,
Currently, there is no disaster recovery or backup information. There
are a couple of RFEs open to develop this information. My understanding
(and this is something that Dmitri or one of the engineers can explain
better) is that the best thing to do is to back up the DS instances
using db2ldif and then spin up a new server/replica instance and import
the backed up data using ldif2db.
> how to promote replica into master, etc. But this document just post
> quite way too much challenges for me. :)
What challenges? Can you elaborate? Or, even better, file a bug so that
I can make the docs better! (I'm the doc writer.)
One thing that would be helpful to me is to know what kinds of scenarios
you need covered; then I can work with engineering to get something into
the documentation.
Thank you very much for your feedback!
Deon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120429/341e9873/attachment.htm>
More information about the Freeipa-users
mailing list