[Freeipa-users] Difference between Masters and Replicas?
Petr Spacek
pspacek at redhat.com
Wed Jul 16 15:16:27 UTC 2014
On 16.7.2014 15:03, Petr Viktorin wrote:
> On 07/16/2014 02:34 PM, Choudhury, Suhail wrote:
>> Hi,
>>
>> I'd like some clarification on what a "master" and "replica" is please.
>
> Once installed, all masters are identical (except some might have a CA and
> some not).
> The distinction is useful when installing a replica, where "master" and
> "replica" generally mean "existing master" and "new master", respectively.
>
>> This doc suggests you start with 1 master and a replica can be promoted
>> to a master by changing "/var/lib/pki-ca/conf/CS.cfg":
>> http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html
>>
>
> That doc is ancient (Fedora 15), don't use it.
>
>> However IPA is supposed to be multi-master replication, and replication
>> agreements appears to be two ways when checking "ipa-replica-manage list
>> hostname" on a given IPA server.
>>
>> So when creating a replica using:
>>
>> ipa-replica-install --setup-ca --setup-dns --forwarder=172.20.220.25
>> --forwarder=172.20.220.27 /root/replica-info-ipa01.domain.com.gpg
>>
>> am I creating another "master replica"?
>
> Yes, you're creating a new master; since you gave --setup-ca the two masters
> will be equivalent.
Please note that --setup-dns is also important. Use it for the new replica if
you have used it for the original master.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list