Rob, Isn't it impossible to install a CA on a replica when it's master "died" ?
I know there is normally one CA, but this is kinda confusing me so I'm testing out scenarios. Thanks, Matt 2015-07-06 18:10 GMT+02:00 Matt . <[email protected]>: > Hi Rob, > > OK, I had difficulties with that and try it. > > What I actually did is: > > Turned off IPA1 (to act it like a dead one) and removed it from ipa2. > > Now when I install a new replica with ipa2 as it's master/source I get > complains there is no CA. So my ipa2 needs to become ca in some way. > > I need to check but I thought I did what you said which didn't work... > I need to debug it an report you this evening. > > Thanks, > > Matt > > 2015-07-06 17:54 GMT+02:00 Rob Crittenden <[email protected]>: >> Matt . wrote: >>> >>> Hi All, >>> >>> I'm cleaning up and playing around with some old dev setups and >>> reviewing these tests. >>> >>> This is a replica setup but the replica is no CA. Now I'm testing out >>> how to manage cluster when I remove the ipa1 (CA) and create a new >>> replica with CA from the ipa2. >>> >>> IPA2 should become CA and out of that I can setup a replica again. >>> What is my best approach to test this ? >> >> >> Hard to say given I have no insight into your topology, but to add a CA >> post-install use ipa-ca-install <replica-file> >> >> rob >> -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
