[Freeipa-users] Manage records while primary IPA is down
Dimitar Georgievski
mitkany at gmail.com
Mon Jan 13 20:01:40 UTC 2014
I was referring to user accounts, and I believe they require certificates.
With the Primary IPA being down I was not able to create new user entries
on the replica servers.
Hopefully the CA fail-over requirement is addressed in a new release of
FreeIPA.
Thanks,
Dimitar
On Mon, Jan 13, 2014 at 1:36 PM, Dmitri Pal <dpal at redhat.com> wrote:
> On 01/13/2014 01:33 PM, Rob Crittenden wrote:
> > Dimitar Georgievski wrote:
> >> This question is really about HA of FreeIPA. I've noticed that new
> >> records cannot be added on the replica server while the primary is down.
> >>
> >> Ideally these services should be always available even when the Primary
> >> server is down (for maintenance or other reasons).
> >>
> >> Is it possible to have another Primary server replicating with the first
> >> Primary or to use one of the Replica servers to manage records while the
> >> Primary server is down.
> >
> > All servers in IPA are equal masters, the only difference may be the
> > services running on any given server (DNS and a CA).
> >
> > The exception is if a master runs out of DNA values or has never been
> > used to add an entry that requires one and the original IPA master is
> > down. An IPA server will request a DNA range the first time it needs
> > one but doesn't get one until then. I'm guessing that is what happened.
> >
> > I believe IPA 3.3 added some options to ipa-replica-manage to be able
> > to control the DNA configuration.
>
>
> We might be talking about the entries that have certificates. Is this
> the case?
> If so the certificate operations are proxied to the server that has full
> CA but AFAIR there is not failover there and I vaguely recall that there
> was ticket filed to address this scenario.
>
> So which entries we are talking about?
>
> >
> > rob
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140113/2b5e17b2/attachment.htm>
More information about the Freeipa-users
mailing list