[Freeipa-users] Manage records while primary IPA is down
Dmitri Pal
dpal at redhat.com
Mon Jan 13 18:36:04 UTC 2014
On 01/13/2014 01:33 PM, Rob Crittenden wrote:
> Dimitar Georgievski wrote:
>> This question is really about HA of FreeIPA. I've noticed that new
>> records cannot be added on the replica server while the primary is down.
>>
>> Ideally these services should be always available even when the Primary
>> server is down (for maintenance or other reasons).
>>
>> Is it possible to have another Primary server replicating with the first
>> Primary or to use one of the Replica servers to manage records while the
>> Primary server is down.
>
> All servers in IPA are equal masters, the only difference may be the
> services running on any given server (DNS and a CA).
>
> The exception is if a master runs out of DNA values or has never been
> used to add an entry that requires one and the original IPA master is
> down. An IPA server will request a DNA range the first time it needs
> one but doesn't get one until then. I'm guessing that is what happened.
>
> I believe IPA 3.3 added some options to ipa-replica-manage to be able
> to control the DNA configuration.
We might be talking about the entries that have certificates. Is this
the case?
If so the certificate operations are proxied to the server that has full
CA but AFAIR there is not failover there and I vaguely recall that there
was ticket filed to address this scenario.
So which entries we are talking about?
>
> rob
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list