[Freeipa-users] Replacing the primary IPA server
Simo Sorce
simo at redhat.com
Mon Feb 13 19:55:21 UTC 2012
On Mon, 2012-02-13 at 20:43 +0100, Sigbjorn Lie wrote:
> On 02/13/2012 08:16 PM, Rob Crittenden wrote:
> > Sigbjorn Lie wrote:
> >> Hi,
> >>
> >> What precautions need to be taken when replacing the primary/first IPA
> >> server?
> >>
> >> Is it enough to reinstall the server and run a ipa-replica-install from
> >> one of the other replicas?
> >
> > It depends on what type of CA installation you have. Did you install
> > with dogtag or with a selfsign CA?
> >
> > rob
> >
> Dogtag
If you installed the CA on more than one replica, then you can remove
the first master, all the info is replicated on the other replicas that
have a clone of the CA. Note that the CA is not replicated by default
see the --setup-ca option or ipa-ca-install
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list