Hola,
I'm still trying to wrap my head around the master-replica concept.
From what I read in the documentation (Chapter 4 of
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
)
the replica should be able to take over as master should master go offline.
Our replica was set up with CA & without DNS - the same as master, and it
seems to be working on the whole.
The problem I'm having is in the replication.
create user on master:
ipa user-add master_test_user --first=MT --last=ML
create user on replica:
ipa user-add replica_test_user --first=RT --last=RL
find user on master:
[root@vmpr-linuxidm ~]# ipa user-find test_user
---------------
2 users matched
---------------
User login: master_test_user
First name: MT
Last name: ML
Home directory: /home/master_test_user
Login shell: /bin/bash
Principal name: master_test_user(a)UNIX.DOMAIN.COM
Principal alias: master_test_user(a)UNIX.DOMAIN.COM
Email address: master_test_user(a)domain.com
UID: 1718800021
GID: 1718800021
Account disabled: False
User login: replica_test_user
First name: RT
Last name: RL
Home directory: /home/replica_test_user
Login shell: /bin/bash
Principal name: replica_test_user(a)UNIX.DOMAIN.COM
Principal alias: replica_test_user(a)UNIX.DOMAIN.COM
Email address: replica_test_user(a)domain.com
UID: 1718850502
GID: 1718850502
Account disabled: False
----------------------------
Number of entries returned 2
----------------------------
find user on replica:
[root@vmdr-linuxidm ~]# ipa user-find test_user
--------------
1 user matched
--------------
User login: replica_test_user
First name: RT
Last name: RL
Home directory: /home/replica_test_user
Login shell: /bin/bash
Principal name: replica_test_user(a)UNIX.DOMAIN.COM
Principal alias: replica_test_user(a)UNIX.DOMAIN.COM
Email address: replica_test_user(a)domain.com
UID: 1718850502
GID: 1718850502
Account disabled: False
----------------------------
Number of entries returned 1
----------------------------
If I run ipa user-add on the replica, I see it upstream on master, but if I
run ipa add-user on the master, that's not replicated down to the replica.
Also, ipa user-del (even with --no-preserve) works on master, but doesn't
delete the user on the replica.
What has gone wrong?
Cheers
L.
------
"The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics
is the insistence that we cannot ignore the truth, nor should we panic
about it. It is a shared consciousness that our institutions have failed
and our ecosystem is collapsing, yet we are still here — and we are
creative agents who can shape our destinies. Apocalyptic civics is the
conviction that the only way out is through, and the only way through is
together. "
*Greg Bloom* @greggish
https://twitter.com/greggish/status/873177525903609857