[Freeipa-users] Replica of a Replica and Master Recovery

Trevor T Kates (Services - 6) trevor.t.kates at dom.com
Fri Sep 20 19:20:34 UTC 2013 

> From: Rob Crittenden [rcritten at redhat.com]
> Sent: Friday, September 20, 2013 11:38 AM
> To: Trevor T Kates (Services - 6); freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Replica of a Replica and Master Recovery
> 

-snip-

> 
> I think some clarification is needed. Every server in IPA is a master,
> on equal footing with the exception of some optional services like the
> CA and DNS. The initial CA is also responsible for CRL generation and
> distributing renewed certificates, but those can be moved.
> 
> I think we need to know what state the machine is in an how it got
> there. What does reimaging mean in this case?

Thanks for responding and sorry for the ambiguity. 

This was the order of events:

kickstart -> ipa as ipa.testdomain.com
kickstart -> ipa00 as ipa00.testdomain.com
ipa-server-install with CA and DNS
ipa-replica-prepare ipa00.testdomain.com
ipa-replica-install ipa00 with CA and DNS
on ipa: copy /root/cacert.p12 to ipa00
on ipa00: ipa-replica-manage del ipa.testdomain.com
kickstart -> ipa as ipa04.testdomain.com
on ipa00: ipa-replica-prepare ipa04.testdomain.com
on ipa04: ipa-replica-install with CA and DNS
CA error and replica install fails

Let me know if I need to provide better information and thank you very much for the help!

> rob
> 
> 

-snip-

Trevor T. Kates
CONFIDENTIALITY NOTICE:  This electronic message contains
information which may be legally confidential and/or privileged and
does not in any case represent a firm ENERGY COMMODITY bid or offer
relating thereto which binds the sender without an additional
express written confirmation to that effect.  The information is
intended solely for the individual or entity named above and access
by anyone else is unauthorized.  If you are not the intended
recipient, any disclosure, copying, distribution, or use of the
contents of this information is prohibited and may be unlawful.  If
you have received this electronic transmission in error, please
reply immediately to the sender that you have received the message
in error, and delete it.  Thank you.

More information about the Freeipa-users mailing list