Hi,
I'm new to FreeIPA and the ansible-freeipa collection. I can successfully install IPA server using the role ipaserver. However, I want to setup a multi-master replication with failover.
As far as I know I need to install ipaserver on all of my masters/replication and then the replica role? How does the master nodes establish a relationship? Is this done using IPA client?
It might seem weird, but my goal is to setup the IPA server purely as a LDAP server using external CA. This is because we want to have the ability to have a user interface like the web gui.
On Fri, Apr 14, 2023 at 5:10 AM Finn Fysj via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi,
I'm new to FreeIPA and the ansible-freeipa collection. I can successfully install IPA server using the role ipaserver. However, I want to setup a multi-master replication with failover.
As far as I know I need to install ipaserver on all of my masters/replication and then the replica role? How does the master nodes establish a relationship? Is this done using IPA client?
For the first server you use the ipaserver role, as you did. For all other servers in the domain, use the ipareplica role. Make sure to check upstream or RHEL documentation.
I have some examples on setting up an IPA cluster here: https://rafaeljeffman.com/projects/freeipa/en/cluster-deployment-ansible.htm...
It might seem weird, but my goal is to setup the IPA server purely as a LDAP server using external CA. This is because we want to have the ability to have a user interface like the web gui.
If you are already using ansible-freeipa to deploy your servers, you can also use it to manage the domain, using Ansible. ansible-freeipa already have a good coverage of FreeIPA commands.
Rafael
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
freeipa-users@lists.fedorahosted.org