[Freeipa-users] FreeIPA replica topologies
Simo Sorce
ssorce at redhat.com
Thu Jul 3 07:39:09 UTC 2014
----- Original Message -----
> From: "James" <purpleidea at gmail.com>
> To: freeipa-users at redhat.com
> Sent: Thursday, July 3, 2014 2:10:27 AM
> Subject: [Freeipa-users] FreeIPA replica topologies
>
> Hi there,
>
> Is the following correct or incorrect?
>
> Say I want to build a triangle of ipa replicas. A <-> B <-> C <-> (back to A)
>
> I do ipa-server-install on A
> I do ipa-replica-prepare on A ... transfer files to B
> I do ipa-replica-install on B
> then:
>
> Option ONE:
> I do ipa-replica-prepare on B ... transfer files to C
>
> Option TWO:
> I do ipa-replica-prepare on A ... transfer files to C
>
> Continuing on...
> I do ipa-replica-install on C
>
> Since all three hosts are now installed, to close the loop, I do :
>
> Option ONE:
> ipa-replica-manage connect C A
>
> Option TWO:
> ipa-replica-manage connect B C
>
> Is this all correct? Is option ONE or option TWO preferable and why?
> Is the closing of the loop the correct interpretation and method?
> Can the "closing of the loop" be done from any host in the cluster ?
> If there's a large cluster can it be done from someone not directly
> connected to the two peers we want to connect?
Option TWO is preferable if you have the CA only on A.
You should be able to run the connect command on any administrative host
IIRC.
Simo.
--
Simo Sorce * Red Hat, Inc. * New York
More information about the Freeipa-users
mailing list