[Freeipa-users] Difference between Masters and Replicas?
Bill Peck
bill at pecknet.com
Wed Jul 16 13:18:14 UTC 2014
On Wed, Jul 16, 2014 at 9:03 AM, Petr Viktorin <pviktori at redhat.com> wrote:
> On 07/16/2014 02:34 PM, Choudhury, Suhail wrote:
>
>> Hi,
>>
>> I'd like some clarification on what a "master" and "replica" is please.
>>
>
> Once installed, all masters are identical (except some might have a CA and
> some not).
> The distinction is useful when installing a replica, where "master" and
> "replica" generally mean "existing master" and "new master", respectively.
>
>
> This doc suggests you start with 1 master and a replica can be promoted
>> to a master by changing "/var/lib/pki-ca/conf/CS.cfg":
>> http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_
>> Guide/promoting-replica.html
>>
>
> That doc is ancient (Fedora 15), don't use it.
>
>
> However IPA is supposed to be multi-master replication, and replication
>> agreements appears to be two ways when checking "ipa-replica-manage list
>> hostname" on a given IPA server.
>>
>> So when creating a replica using:
>>
>> ipa-replica-install --setup-ca --setup-dns --forwarder=172.20.220.25
>> --forwarder=172.20.220.27 /root/replica-info-ipa01.domain.com.gpg
>>
>> am I creating another "master replica"?
>>
>
> Yes, you're creating a new master; since you gave --setup-ca the two
> masters will be equivalent.
>
So you no longer need to do anything to promote a replica to be a CA
master? Another way to ask the question, can I remove the original master
and everything will still work?
>
> --
> Petr³
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140716/dc7aacb7/attachment.htm>
More information about the Freeipa-users
mailing list