[Freeipa-users] IPA replica without CA, how to become CA
Matt .
yamakasi.014 at gmail.com
Mon Jul 6 17:01:09 UTC 2015
Rob,
Isn't it impossible to install a CA on a replica when it's master "died" ?
I know there is normally one CA, but this is kinda confusing me so I'm
testing out scenarios.
Thanks,
Matt
2015-07-06 18:10 GMT+02:00 Matt . <yamakasi.014 at gmail.com>:
> Hi Rob,
>
> OK, I had difficulties with that and try it.
>
> What I actually did is:
>
> Turned off IPA1 (to act it like a dead one) and removed it from ipa2.
>
> Now when I install a new replica with ipa2 as it's master/source I get
> complains there is no CA. So my ipa2 needs to become ca in some way.
>
> I need to check but I thought I did what you said which didn't work...
> I need to debug it an report you this evening.
>
> Thanks,
>
> Matt
>
> 2015-07-06 17:54 GMT+02:00 Rob Crittenden <rcritten at redhat.com>:
>> Matt . wrote:
>>>
>>> Hi All,
>>>
>>> I'm cleaning up and playing around with some old dev setups and
>>> reviewing these tests.
>>>
>>> This is a replica setup but the replica is no CA. Now I'm testing out
>>> how to manage cluster when I remove the ipa1 (CA) and create a new
>>> replica with CA from the ipa2.
>>>
>>> IPA2 should become CA and out of that I can setup a replica again.
>>> What is my best approach to test this ?
>>
>>
>> Hard to say given I have no insight into your topology, but to add a CA
>> post-install use ipa-ca-install <replica-file>
>>
>> rob
>>
More information about the Freeipa-users
mailing list