[Freeipa-users] Promoting ipa 4.1 on Centos 7 replica to master
Rob Crittenden
rcritten at redhat.com
Thu Jan 15 16:20:46 UTC 2015
Rui Gomes wrote:
> Hello Guys,
>
> I been seeing planting of email about promoting replicas to masters but does articles do not seem to apply to ipa 4.1/centos 7 combo.
>
> I had a ipa 3.0 master on centos 6.4 that died recently(I can still access the file system), and I would like to promote my 4.1 replica to the master.
>
> I tried:
> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
>
> and:
> http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html
>
> But they don't seem relevant to that specific setup, centos 7/ipa 4.1 can you guys give me some pointer how can I get my 4.1 replica to master?
>
> Regards
> Rui Gomes
>
Every server in IPA is a master, the only distinction being whether it
has a CA installed or not, and to a lesser extend DNS (all masters have
the data, some may just not run the service).
So if you have a master with a CA then you have a full IPA master.
The only thing that distinguishes one master from another is due to
order of installation due to two things that should only be done on one
master: generate the CRL and handle CA subsysutem certificate renewal.
The first IPA master installed is given these duties. To switch the CRL
generator use the first link.
The page is going to be updated soon to reflect how renewal should be
handled on 4.0+ servers. The renewal master is now stored in LDAP so
switching it is a lot easier.
rob
More information about the Freeipa-users
mailing list