Re: [Freeipa-users] Simple question about replication promotion
Rolf Brusletto wrote: Yeah, that probably wasn't very clear... Original - IPA instance w/ DNS, and no Dogtag Replica - IPA instance w/ DNS, and no Dogtag The devil is always in the details. For user data yes, there is no difference between the initially installed master and any others. It is the CA where things get problematic. In your case, where you used --selfsign when installing, your CA is only on the initial master. You might want to take a look at section 18.8.2 here: http://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/promoting-replica.html If you try to run ipa-replica-prepare on your second master it will refuse to do so because it lacks a CA. You need to fetch it from the current master, or restore the PKCS#12 file you were warned to back up after the initial installation. In your case you a lso need to create a serial number file (if you don't have this you can always pick a new starting value). rob On 8/8/12 3:34 PM, Rob Crittenden wrote: Rolf Brusletto wrote: We had a rather severe issue last night on our primary IPA server(ver 2.2.0), but the replica is still happily plugging along, which very nice. My question is, there is very, very little I can do with the 'master'. From what I've read, there ins't any replicaton, and I just want to verify that a replica is just another master, assuming you're not using the CA option. If so, when I rebuild the primary server, do I just configure it to be a replica to what was the secondary? Just to be clear, you installed the original server with a dogtag CA installed? And then you created a replica but didn't configure a CA on it? rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Simple question about replication promotion
Yeah, that probably wasn't very clear... Original - IPA instance w/ DNS, and no Dogtag Replica - IPA instance w/ DNS, and no Dogtag On 8/8/12 3:34 PM, Rob Crittenden wrote: Rolf Brusletto wrote: We had a rather severe issue last night on our primary IPA server(ver 2.2.0), but the replica is still happily plugging along, which very nice. My question is, there is very, very little I can do with the 'master'. From what I've read, there ins't any replicaton, and I just want to verify that a replica is just another master, assuming you're not using the CA option. If so, when I rebuild the primary server, do I just configure it to be a replica to what was the secondary? Just to be clear, you installed the original server with a dogtag CA installed? And then you created a replica but didn't configure a CA on it? rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Simple question about replication promotion
Rolf Brusletto wrote: We had a rather severe issue last night on our primary IPA server(ver 2.2.0), but the replica is still happily plugging along, which very nice. My question is, there is very, very little I can do with the 'master'. From what I've read, there ins't any replicaton, and I just want to verify that a replica is just another master, assuming you're not using the CA option. If so, when I rebuild the primary server, do I just configure it to be a replica to what was the secondary? Just to be clear, you installed the original server with a dogtag CA installed? And then you created a replica but didn't configure a CA on it? rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Simple question about replication promotion
Hi, I lost my master so did a db2ldif on the replica and then a ldif2db on the master and it seemed to work fine. Its been more stable than the replicas which are on their 2nd rebuild in that many months... :/ regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Rolf Brusletto [r...@glptrading.com] Sent: Thursday, 9 August 2012 5:10 a.m. To: freeipa-users@redhat.com Subject: [Freeipa-users] Simple question about replication promotion We had a rather severe issue last night on our primary IPA server(ver 2.2.0), but the replica is still happily plugging along, which very nice. My question is, there is very, very little I can do with the 'master'. From what I've read, there ins't any replicaton, and I just want to verify that a replica is just another master, assuming you're not using the CA option. If so, when I rebuild the primary server, do I just configure it to be a replica to what was the secondary? Thanks, Rolf Brusletto ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Simple question about replication promotion
We had a rather severe issue last night on our primary IPA server(ver 2.2.0), but the replica is still happily plugging along, which very nice. My question is, there is very, very little I can do with the 'master'. From what I've read, there ins't any replicaton, and I just want to verify that a replica is just another master, assuming you're not using the CA option. If so, when I rebuild the primary server, do I just configure it to be a replica to what was the secondary? Thanks, Rolf Brusletto ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users