[Freeipa-users] How to rebuild IPA master?
Steven Jones
Steven.Jones at vuw.ac.nz
Thu May 10 00:24:50 UTC 2012
Hi,
In case everyone else is asleep now......
Do you have access to RH documentation? the 6.3beta admin guide section 18.8 talks about why and how to make a replicate a master.
eg.,
"NOTE
All servers and replicas which host a CA are peers in the topology. They can all issue certificates
and keys to IPA clients, and they all replicate information amongst themselves.
The only reason to promote a replica or server to be a master server is if the master server is
being taken offline. There has to be a root CA which can issue CRLs and ultimately validate
certificate checks.
Aside from that, replicas, servers, and the master server are all equal peers."
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of David Copperfield [cao2dan at yahoo.com]
Sent: Thursday, 10 May 2012 11:04 a.m.
To: Rob Crittenden; Freeipa-users at redhat.com
Subject: [Freeipa-users] How to rebuild IPA master?
Hi all,
I've a IPA master/replica setup in our development environment. Unfortunately our IPA master crashed, the replica is working fine. Now I have the IPA master re-imaged.
What are the steps I have to follow to re-create the IPA master from running IPA replica? Before crash the IPA master ran dogtag certificate system, while the IPA replica didn't -- created normally without the --setup-ca option.
Thanks.
--David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120510/cb0d1437/attachment.htm>
More information about the Freeipa-users
mailing list