Am 22.11.2020 um 22:57 schrieb Rainer Duffner via FreeIPA-users freeipa-users@lists.fedorahosted.org:
Hi,
I’m trying to install FreeIPA on CentOS 8.2 with the ansible-freeipa module.
After a few hiccups, it seems to work now.
I want to run three masters in the end.
Using the cluster-playbook, it looks like (from the Topology-Graph in the Web-GUI) that I end up with something like this:
3 < -- > 1 < -- > 2
Which seems to indicate that 3 does not talk to 2.
From the documentation, it looks like I want/need replication agreements between 1+2, 1+3 and 2+3 so that if 1 is down, 2 and 3 can still be updated and talk to each other.
Following up to this, I tried using the command-line:
On first server:
[root@ipa-ansible1 ~]# ipa-replica-manage list Directory Manager password:
ipa-ansible1.ipa.example.org: master ipa-ansible3.ipa.example.org: master ipa-ansible2.ipa.example.org: master
[root@ipa-ansible1 ~]# ipa-replica-manage list ipa-ansible1.ipa.example.org Directory Manager password:
ipa-ansible2.ipa.example.org: replica ipa-ansible3.ipa.example.org: replica
However, on the other servers:
[root@ipa-ansible2 ~]# ipa-replica-manage list Directory Manager password:
Re-run /usr/sbin/ipa-replica-manage with --verbose option to get more information Unexpected error: Insufficient access: Invalid credentials Invalid credentials
[root@ipa-ansible3 ~]# ipa-replica-manage list Directory Manager password:
Re-run /usr/sbin/ipa-replica-manage with --verbose option to get more information Unexpected error: Insufficient access: Invalid credentials Invalid credentials
I also cannot view the replication agreements of server2 and 3 from server1 (same error message).
What am I missing here?
Other than the IPADNARangeCheck warning, I get no problems on server2 and server3 by ipa-healthcheck.
Rainer