On 19.10.18 14:15, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
> Hi,
>
> we have been evaluating FreeIPA for quite a while now on our test setup
> (1 IPA server, 1 Replica) and are planning to move towards production.
> Can the whole setup be migrated from an ipa test to an ipa production
> server? (the ipa 'linux.ourdomain.at' domain should stay the same) Or
> would it be easier to use both test servers for production (and just
> adding additional replicas)?
There is no real migration mechanism between environments like you're
looking for (e.g. test -> integration -> production).
IMHO you are best off putting these systems into production and perhaps
adding additional masters.
How do I add new production servers? Simply issue the
"ipa-replica-install" on the new systems? (The documentation states:
"Replicas are created as clones of the initial master servers. Once a
replica is created, it is functionally identical to the master server")
What about AD trust? Does it have to be set up for each of the new
servers?
https://www.freeipa.org/page/Active_Directory_trust_setup does
say so: "When planning access of AD users to IPA clients, make sure to
run ipa-adtrust-install on every IPA master these IPA clients will be
connecting to."
Does it make sense to install CA services on each of the servers?
Cheers,
Ronald