[Freeipa-users] Installing replica w/o CA?
Rob Crittenden
rcritten at redhat.com
Fri Jun 19 21:42:18 UTC 2015
Janelle wrote:
> Maybe this is an obvious question - but I am missign the simple answer.
> If you create a master and want to create 3 replicas -- creating the
> first replica works just fine, but I want the 2nd replica chained off
> the first, and NOT the master. But unless you install a CA on that first
> replica, you get an error.
>
> 1. install master
> 2. ipa-replica-prepare -- rep001 -- copy file to rep001
> 3. ipa-replica-install on rep001
> 4. ipa-replica-prepare rep002 --- does not work saying you can only
> create replica from "master"?
Seems like poor language in the error message. The issue would come if
you tried to stand up a CA on the new replica during install it would
have no CA to talk to. I think otherwise a master without a CA would be
able to provide everything else necessary for the prepare file.
You can use ipa-replica-manage connect/disconnect to tweak your
replication topology. So create the replicas from a master that has a CA
then add/delete connections as needed.
4.2 is going to introduce a new ay to manage topology:
http://www.freeipa.org/page/V4/Manage_replication_topology
rob
More information about the Freeipa-users
mailing list