[Freeipa-users] Are replica gpg files reusable?
Rob Crittenden
rcritten at redhat.com
Thu Apr 24 21:40:36 UTC 2014
Dave Jones wrote:
> Hi,
>
> Should the replica gpg created by ipa-replica-prepare be re-created when there have been trivial changes such as adding/modifying a user/group/password on the IPA server?
>
> What change of condition(s) in the ‘master’ IPA host would prevent reuse of a previously prepared replica gpg file, or otherwise render it invalid?
I'm assuming there is some specific scenario you have in mind.
Typically a replica file is not needed after a master is installed. The
only exception is if you install without a CA and then decide to use
ipa-ca-install to add it later.
We generally recommend that a replica be installed fairly soon after
preparation of the file, days, not months, but even then it may still be
viable.
As for data modification (users, groups, etc) it should have no impact
whatsoever. Once a replica is installed it is a full IPA master and the
389-ds replication protocol will keep it in sync.
rob
More information about the Freeipa-users
mailing list