"Limitations" is fine with me. Updated patch attached. On Fri, Mar 13, 2015 at 7:17 AM, Martin Kosek <mko...@redhat.com> wrote:
> On 03/13/2015 02:13 PM, Gabe Alford wrote: > >> On Thu, Mar 12, 2015 at 8:26 AM, Martin Kosek <mko...@redhat.com >> <mailto:mko...@redhat.com>> wrote: >> >> On 03/12/2015 02:37 PM, Gabe Alford wrote: >> > Hello, >> > >> > Fix for https://fedorahosted.org/freeipa/ticket/4944. Since there >> seems to >> > be plenty of time, I added it to the freeipa-4-1 branch. >> >> Thanks Gabe! I would still suggest against moving the tickets to >> milestones >> yourself, all new tickets should still undergo the weekly triage so >> that all >> core developers see it and we can decide the target milestone. >> >> >> Sorry about that. >> >> With this one, it would likely indeed end in 4.1.x, especially given >> you >> contributed a patch, but still... >> >> For the patch itself, I still think the wording is not as should be: >> >> - following line is not entirely trie, you can install can create >> replica also >> on servers installed with ipa-replica-install :-) >> +A replica can be created on any IPA master server installed with >> ipa\-server\-install. >> >> - Following line may also use some rewording: >> However if you want to create a replica as a redundant CA with an >> existing >> replica or master, ipa\-replica\-prepare should be run on a replica >> or master >> that contains the CA. >> >> Maybe we should add subsection to DESCRIPTION section, with following >> lines: >> >> >> What should the .SS be called? Replica Info? PKI INFO? Preparation >> Requirements? >> > > "Limitations"? > > > >> >> - A replica should only be installed on the same or higher version of >> IPA on >> the remote system. >> >> - A replica with PKI can only be installed from replica file prepared >> on a >> master with PKI >> >> Makes sense? >> >> >> We will see if the coffee is working today. :) >> >> Martin >> >> >> >
From 1a679b80db8b577b531a3bc825340f06e56b9886 Mon Sep 17 00:00:00 2001 From: Gabe <redhatri...@gmail.com> Date: Fri, 13 Mar 2015 07:34:49 -0600 Subject: [PATCH] ipa-replica-prepare can only be created on the first master - https://fedorahosted.org/freeipa/ticket/4944 --- install/tools/man/ipa-replica-prepare.1 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/install/tools/man/ipa-replica-prepare.1 b/install/tools/man/ipa-replica-prepare.1 index 1879d2ee88fc78fb755a702a2b2fe9a93e153b45..4c5ad3e8e49798eb33667903f2de1f35d83596c0 100644 --- a/install/tools/man/ipa-replica-prepare.1 +++ b/install/tools/man/ipa-replica-prepare.1 @@ -24,15 +24,17 @@ ipa\-replica\-prepare [\fIOPTION\fR]... hostname .SH "DESCRIPTION" Generates a replica file that may be used with ipa\-replica\-install to create a replica of an IPA server. -A replica can only be created on an IPA server installed with ipa\-server\-install (the first server). +A replica can be created on any IPA master or replica server. You must provide the fully\-qualified hostname of the machine you want to install the replica on and a host\-specific replica_file will be created. It is host\-specific because SSL server certificates are generated as part of the process and they are specific to a particular hostname. If IPA manages the DNS for your domain, you should either use the \fB\-\-ip\-address\fR option or add the forward and reverse records manually using IPA plugins. Once the file has been created it will be named replica\-hostname. This file can then be moved across the network to the target machine and a new IPA replica setup by running ipa\-replica\-install replica\-hostname. - +.SS "LIMITATIONS" A replica should only be installed on the same or higher version of IPA on the remote system. + +A replica with PKI can only be installed from a replica file prepared on a master with PKI. .SH "OPTIONS" .TP \fB\-\-dirsrv\-cert\-file\fR=\fIFILE\fR -- 1.8.3.1
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code