Janelle wrote: > Hi Rob, > > Thanks for that - it clears up one point - and explains why the replica > manage command shows all masters, but what I don't understand is how to > get the CA to a "replica" once it is created? I don't see anything in > the docs on that. Am I missing something very obvious here? I am coming > from the AD world and trying to replace it, so please excuse my > ignorance in this area.
ipa-ca-install rob > > thanks > Janelle > > > On 10/14/14 6:48 AM, Rob Crittenden wrote: >> Janelle wrote: >>> Hi again, >>> >>> A lot of this information has been very useful. I did have a question I >>> could not answer. I noticed in the Deployment Recommendations docs, it >>> says not to have any more than 4 replication agreements. Perhaps I am >>> missing something, but I don't see how to get a replica to be a master >>> to be able to create another replicate? Am I missing something obvious >>> here? >> Every IPA install is a master. The only distinction between servers are >> the optional services of DNS and a CA. So don't get confused by replica >> vs master. Once an IPA server is up it is a master. >> >> We don't recommend any one master to have more than 4 agreements. Each >> agreement adds a bit more load on the server to calculate the >> differences to send to each one, so you want to keep it reasonable. I'd >> recommend making a map of your topology to ensure that no master ends up >> alone, or one ends up being overloaded. You can use ipa-replica-manage >> to control the replication topology. By default a single agreement is >> set up between a new master and the one that created it. >> >> Any master can create a new master. >> >> As you do your installations be sure to have at least 2 masters with a >> CA on it to avoid a single point of failure. >> >> rob >> >>> Thank you, >>> ~Janelle >>> >>> On 10/13/14 3:18 PM, Dmitri Pal wrote: >>>> On 10/12/2014 08:07 PM, James wrote: >>>>> On 12 October 2014 19:55, Janelle <[email protected]> wrote: >>>>>> Hi again, >>>>>> >>>>>> I was wondering if there were any suggestions for performance of IPA >>>>>> and >>>>>> settings to sysctl and maybe limits.conf? I tried the website, but >>>>>> did not >>>>>> see anything. Have about 3000 servers that will be talking to 3-4 >>>>>> masters/replicas. Are there any formulas to follow? >>>>>> >>>>>> thanks >>>>> If you get an answer to this, or if you know of any other performance >>>>> tuning params, let me know and I'll build it in to puppet-ipa. >>>>> >>>>> Thanks, >>>>> James >>>>> >>>> I do not think it is easy automatable. >>>> Please see http://www.freeipa.org/page/Deployment_Recommendations and >>>> part about replicas. >>>> If 3000 in one datacenter then 3 is good enough or 4 if you are very >>>> LDAP heavy (some applications are like Jira for example). >>>> If you have 2 data center I would go for 2+2. >>>> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
