Ricardo Mendes via FreeIPA-users wrote: > I was under the impression replicas could be added and not have replication > agreements with every other master hence I assumed this wouldn't be a > problem. And truth be told until the fallback group step the replica > installation goes well so I guess it should be possible if it wasn't for the > dns master being the one without external access. > > But ok so I'm thinking in this case which would be the available options? > One if I add a secondary dna range to the ns1 server I assume it would then > have a range available? > Other I saw a technology preview of hidden replicas. Got me wondering it > could be a viable option? I'd have to move the DNSSec and CA master roles to > another one and afterwards idm could be set as hidden. But this still got me > thinking wether once it's set as hidden will it handle the dna range to > another server, or would that have to be done manually? > > Imagining I'd want to remove idm from the typology, what would happen then to > the dna range?
Having replication agreements between all servers is not necessary but they all expect to be able to talk to connect to one another, for things like DNA ranges. We have an RFE to be able to tell the topology how to talk to who but it isn't started yet. A hidden server is hidden from clients, not other servers. If you use ipa-replica-manage to remove a server then an attempt will be made to preserve the range. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
