[Freeipa-users] promoting a replica section 16.8
Rob Crittenden
rcritten at redhat.com
Tue Feb 7 03:36:32 UTC 2012
Steven Jones wrote:
>
> Once these actions are carried out does that mean the webgui is active? is is there any other actions needed to make the promoted replica the new read/write master?
Promoting a replica is only necessary if you installed with a selfsign
CA and want to issue certs from that machine. With selfsign you really
should pick one machine as the CA and stick with it otherwise you'll end
up issuing different certs with duplicate serial numbers and sooner or
later that will catch up with you. Promotion is documented in case that
single point of failure, well, fails.
Once a replica is installed it is a full IPA server. This means the UI,
XML-RPC interface, KDC, LDAP backend, the works. The only optional
components are the DNS and CA (dogtag).
regards
rob
More information about the Freeipa-users
mailing list