[Freeipa-devel] Understanding FreeIPA replica internals
James
purpleidea at gmail.com
Fri May 23 05:01:37 UTC 2014
I'm trying to understand some of the FreeIPA replication internals so
that I can better know how to do this properly in Puppet without
storing any secret information in Puppet, and so that automating
FreeIPA is awesome.
Please point me to any docs, if there is reading I could be doing :)
Here are some open questions I have:
1) Is the GPG file created with ipa-replica-prepare using a symmetric
password and is that password equal to the dm_password ? If not, where
do the pub/priv key pairs come from and how do they get transferred to
the replica.
2) If I have root on the IPA server (actually all of them) how can I
run ipa-replica-prepare without needing interactive prompting for
entering the password. It's not possible with puppet. Is there another
(possibly less user friendly even) method to "prepare" the replica?
What is prepare actually doing?
3) With a multi master setup, what happens if I run the same action
(eg: user-mod or user-add or user-del) on more than one server. Can I
run it on any server? What if I run different user-mod commands of the
same user on different masters. Is there split brain? Are all the
transactions and writes synchronous across the whole cluster? Please
point me to a doc that explains this FAQ stuff if possible. Sorry for
the noise
Thanks again,
James
More information about the Freeipa-devel
mailing list