[Freeipa-users] promoting a replica section 16.8
Steven Jones
Steven.Jones at vuw.ac.nz
Tue Feb 7 19:52:49 UTC 2012
Hi,
Sorry I must have mis-read....so a Replica is a full read/write Master or read only copy?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Tuesday, 7 February 2012 4:36 p.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] promoting a replica section 16.8
Steven Jones wrote:
>
> Once these actions are carried out does that mean the webgui is active? is is there any other actions needed to make the promoted replica the new read/write master?
Promoting a replica is only necessary if you installed with a selfsign
CA and want to issue certs from that machine. With selfsign you really
should pick one machine as the CA and stick with it otherwise you'll end
up issuing different certs with duplicate serial numbers and sooner or
later that will catch up with you. Promotion is documented in case that
single point of failure, well, fails.
Once a replica is installed it is a full IPA server. This means the UI,
XML-RPC interface, KDC, LDAP backend, the works. The only optional
components are the DNS and CA (dogtag).
regards
rob
More information about the Freeipa-users
mailing list