[Freeipa-users] IPA replica without CA, how to become CA
Matt .
yamakasi.014 at gmail.com
Mon Jul 6 16:10:49 UTC 2015
Hi Rob,
OK, I had difficulties with that and try it.
What I actually did is:
Turned off IPA1 (to act it like a dead one) and removed it from ipa2.
Now when I install a new replica with ipa2 as it's master/source I get
complains there is no CA. So my ipa2 needs to become ca in some way.
I need to check but I thought I did what you said which didn't work...
I need to debug it an report you this evening.
Thanks,
Matt
2015-07-06 17:54 GMT+02:00 Rob Crittenden <rcritten at redhat.com>:
> Matt . wrote:
>>
>> Hi All,
>>
>> I'm cleaning up and playing around with some old dev setups and
>> reviewing these tests.
>>
>> This is a replica setup but the replica is no CA. Now I'm testing out
>> how to manage cluster when I remove the ipa1 (CA) and create a new
>> replica with CA from the ipa2.
>>
>> IPA2 should become CA and out of that I can setup a replica again.
>> What is my best approach to test this ?
>
>
> Hard to say given I have no insight into your topology, but to add a CA
> post-install use ipa-ca-install <replica-file>
>
> rob
>
More information about the Freeipa-users
mailing list