[Freeipa-users] Promoting a replica to a FreeIPA server without primary server
Dmitri Pal
dpal at redhat.com
Wed Apr 8 18:08:51 UTC 2015
On 04/08/2015 07:12 AM, Прохоров Сергей wrote:
> Hello, I have self-signed freeipa replica. The problem is that I lose
> my freeipa primary server after hdd error.
> Now I need to create new replication server but I can't without
> primary server. I read this documentation and a lot of community
> correspondence but don't find my issue:
>
> http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html
>
> http://www.freeipa.org/page/Howto/Promoting_a_self-signed_FreeIPA_CA
>
> How can I resolve it or migrate my kerberos/ldap schema to the new
> primary server?
> I'm using ipa-server-3.0.0-42.el6.x86_64 from base oracle linux 6.5
> repository.
>
By self-signed you mean you had a self signed CA as a part of the first
IPA server, right?
Did you install replica with the CA component or not?
If you lost your first server that had CA and have replica that does not
have CA you are not in a best situation.
There are several options that you can explore. But before we dive into
that please answer following questions.
1. Is the situation described correctly?
2. Do you take advantage of the cert capabilities of IPA?
3. Did you make any backups of the first server?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list