Hi Rob,

Thanks for that - it clears up one point - and explains why the replica manage command shows all masters, but what I don't understand is how to get the CA to a "replica" once it is created? I don't see anything in the docs on that. Am I missing something very obvious here? I am coming from the AD world and trying to replace it, so please excuse my ignorance in this area.

thanks
Janelle


On 10/14/14 6:48 AM, Rob Crittenden wrote:
Janelle wrote:
Hi again,

A lot of this information has been very useful.  I did have a question I
could not answer. I noticed in the Deployment Recommendations docs, it
says not to have any more than 4 replication agreements. Perhaps I am
missing something, but I don't see how to get a replica to be a master
to be able to create another replicate?  Am I missing something obvious
here?
Every IPA install is a master. The only distinction between servers are
the optional services of DNS and a CA. So don't get confused by replica
vs master. Once an IPA server is up it is a master.

We don't recommend any one master to have more than 4 agreements. Each
agreement adds a bit more load on the server to calculate the
differences to send to each one, so you want to keep it reasonable. I'd
recommend making a map of your topology to ensure that no master ends up
alone, or one ends up being overloaded. You can use ipa-replica-manage
to control the replication topology. By default a single agreement is
set up between a new master and the one that created it.

Any master can create a new master.

As you do your installations be sure to have at least 2 masters with a
CA on it to avoid a single point of failure.

rob

Thank you,
~Janelle

On 10/13/14 3:18 PM, Dmitri Pal wrote:
On 10/12/2014 08:07 PM, James wrote:
On 12 October 2014 19:55, Janelle <janellenicol...@gmail.com> wrote:
Hi again,

I was wondering if there were any suggestions for performance of IPA
and
settings to sysctl and maybe limits.conf? I tried the website, but
did not
see anything.  Have about 3000 servers that will be talking to 3-4
masters/replicas. Are there any formulas to follow?

thanks
If you get an answer to this, or if you know of any other performance
tuning params, let me know and I'll build it in to puppet-ipa.

Thanks,
James

I do not think it is easy automatable.
Please see http://www.freeipa.org/page/Deployment_Recommendations and
part about replicas.
If 3000 in one datacenter then 3 is good enough or 4 if you are very
LDAP heavy (some applications are like Jira for example).
If you have 2 data center I would go for 2+2.


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to