[Freeipa-users] Replacing the primary IPA server
Sigbjorn Lie
sigbjorn at nixtra.com
Mon Feb 13 20:37:34 UTC 2012
On 02/13/2012 08:55 PM, Simo Sorce wrote:
> On Mon, 2012-02-13 at 20:43 +0100, Sigbjorn Lie wrote:
>> On 02/13/2012 08:16 PM, Rob Crittenden wrote:
>>> Sigbjorn Lie wrote:
>>>> Hi,
>>>>
>>>> What precautions need to be taken when replacing the primary/first IPA
>>>> server?
>>>>
>>>> Is it enough to reinstall the server and run a ipa-replica-install from
>>>> one of the other replicas?
>>> It depends on what type of CA installation you have. Did you install
>>> with dogtag or with a selfsign CA?
>>>
>>> rob
>>>
>> Dogtag
> If you installed the CA on more than one replica, then you can remove
> the first master, all the info is replicated on the other replicas that
> have a clone of the CA. Note that the CA is not replicated by default
> see the --setup-ca option or ipa-ca-install
Excellent. Yes, I've used --setup-ca when I created the replicas. :)
What if I have 3 IPA servers. 2 being replicated off the first master.
The master is re-installed and re-setup using ipa-replica-install from
one of the 2 other IPA servers.
Will not the 3rd server be left without a sync agreement? Does the 3rd
server need to be manually added back in with a sync agreement?
Rgds,
Siggi
More information about the Freeipa-users
mailing list