[Freeipa-users] FREEIPA REPLICA - ITS USE AND HOW IT SHOULD OPERATE WHEN PRIMARY FAILS
Rob Crittenden
rcritten at redhat.com
Sat Apr 11 04:51:56 UTC 2015
Martin Chamambo wrote:
> Thanx for the feedback
>
> So if the replica is similar to the primary ,if the primary gets completely fried , without automatic failover ,i can reconfigure my clients to point to the new replica server without issues ???
If you use DNS SRV records then in the short term all you need to do is
drop fried server from the list of SRV records and move on.
In the short to medium term on the clients you'd want to check
/etc/ipa/default.conf and /etc/sssd/sssd.conf for references to that
dearly departed server and replace them with another server. You'll also
want to terminate any replication agreements with it on any other
masters otherwise changes will accumulate.
The only difference between the very first master you install and all
the others is that first one generates the CRL and manages CA renewal.
See https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
I should mention that unless a master has actually created a user or
group it has no DNA configuration so has no range of values to assign to
POSIX users/groups. A clone is installed initially without a range and
it fetches one the first time it needs it, from the master that created
it. Of course, if that master is gone then problems ensure.
rob
>
> ________________________________________
> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Nathan Kinder [nkinder at redhat.com]
> Sent: Saturday, April 11, 2015 4:57 AM
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] FREEIPA REPLICA - ITS USE AND HOW IT SHOULD OPERATE WHEN PRIMARY FAILS
>
> On 04/10/2015 06:54 PM, Martin Chamambo wrote:
>> Good day
>>
>> I have a freeipa primary server working as i wanted , no complex stuff has been setup yet except the basic service and sudo controls which is fine by me. I have also setup a replica from the primary.
>>
>> the dns server is running from a different platform so basically the 2 servers query a DNS server on onother server to resolve their names.
>>
>> my questions is as follows: when primary server fails , does the replica automatically assume the position of the primary [and please note that replication is also working as expected]
>
> The replica is no different from the primary master, aside from being
> responsible for CRL generation.
>
> Failover really depends on how your clients are configured. If you are
> using SSSD, you should look at the 'FAILOVER' section in the 'sssd-ipa'
> man page for a details on how it works and how it is configured.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
More information about the Freeipa-users
mailing list