[Freeipa-users] How to restore IPA Master/Replicas

Steven Jones Steven.Jones at vuw.ac.nz
Tue May 22 21:55:04 UTC 2012 

Hi,

Yes I think they are what I put in subversion, basically between satellite and the files below in subversion I should be able to build a complete basic IPA server RHEL6.2 machine....the "interesting" bit is getting my master IPA instance back.


=========
[root at vuwunicoipam001 scripts]# pwd
/home/jonesst1/subversion/vuwunicoipam001-ods/scripts
[root at vuwunicoipam001 scripts]# ls -l
total 32
-rw-rw-r--. 1 jonesst1 jonesst1 1696 Mar 19 16:04 cacert.p12
drwxrwxr-x. 3 jonesst1 jonesst1 4096 Mar 19 16:04 etc
-rw-rw-r--. 1 jonesst1 jonesst1  206 Mar 19 16:04 nat-fw-down
-rw-rw-r--. 1 jonesst1 jonesst1 7171 Mar 19 16:07 nat-fw-up
drwxrwxr-x. 3 jonesst1 jonesst1 4096 Mar 20 13:39 packages
-rw-rw-r--. 1 jonesst1 jonesst1   40 Mar 19 16:04 pwdfile.txt
-rwxrwxr-x. 1 jonesst1 jonesst1 3524 Mar 19 16:04 zzbuild
[root at vuwunicoipam001 scripts]# 
=========

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Wednesday, 23 May 2012 9:43 a.m.
To: Steven Jones
Cc: <freeipa-users at redhat.com>; Deon Lackey
Subject: Re: [Freeipa-users] How to restore IPA Master/Replicas

Steven Jones wrote:
>> From the 18.8.2 section point 2,
>
> "[root at ipaserver ~]# pk12util -o /path/to/cacert.p12 -n "EXAMPLE.COM IPA CA" -d /etc/
> dirsrv/slapd-EXAMPLE-COM"
>
> the -o option is the one below?
>
> [root at vuwunicoipam001 ~]# find /etc/ -name cacert*
> /etc/httpd/alias/cacert.p12
>
> ?
>
> I think an explanation of what Im meant to be looking for might help...

You're using a self-signed CA?

The -o is what you defined as /path/to/cacert.p12. It is wherever you
want to store the file.

This documentation is incorrect though, I thought I had filed a bug on
this already. In a self-signed CA the root certificate is in
/etc/httpd/alias and not in a 389-ds instance at all. So for step 2
you'd replace /etc/dirsrv/slapd-EXAMPLE-COM with /etc/httpd/alias.

What this is doing is creating a file to transport the self-signed CA
private keys and certificate securely from one location to another.

This is assuming the original master is around. If it is then you can do
this. If not then you saved /root/cacert.p12 from the initial install,
right?

rob

>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
> Sent: Wednesday, 23 May 2012 8:11 a.m.
> Cc:<freeipa-users at redhat.com>
> Subject: [Freeipa-users] How to restore IPA Master/Replicas
>
> Hi,
>
> My master is it seems dead and has been for a week, RH supprt cannot recover it.....so I need to move on and rebuild it.....first it looks like I need to promote my replica to be the master.
>
> Do we have any good docs/procedures for the above?
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list