After several years of not-well-understood management of our freeipa-cluster, it is finally in a sad enough state to get business priority on planning/implementing a migration. The environment is el7 for both old and new. I understand that the there is a MoM, so my plan was basically this:
1. Add a replica. 2. transfer whatever MoM-specific bits exist to the new replica (do not know what all of those are) 3 start removing all old replicas (do I need to have the new one replicating with at least one other new host before removing all old replicas?) 4. Lather, rinse, repeat until all old servers are no longer replicating with new servers and can be terminated. This will also be a practice run at an as-yet unplanned migration to the el8 or el9 stack. The MoM questions arose because we lost a MoM years ago before we even knew the first master was special and now we have two uid ranges. I'd like to see if we can move that back to a single range (whether it fully contains the 2, I don't care as long as users do not have to be migrated). Beyond that, I'd like some opinion on the best topology. Back in the day, it was said that too many replicas was problematic for the load on the servers. We are trying to avoid that while increasing responsiveness to the 7000+ hosts (spread across 3 regions). Often, we get kerberos timeouts registering new hosts with ipa-client-install. Or get sssd timing out after the fact. So any help on topo layout would be _greatly_ appreciated. Thanks a bunch!
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
