Rob van Halteren via FreeIPA-users wrote:
Hello,
I am fairly new to freeipa. Sorry for that.
I have a freeipa installation with 1 master in domain bxl.mydomain and a replica in
ams.mydomain. At this stage I have lost the master.
I did not install the master and replica myself, but from the documentation I learned
that the master should be the CA for the system.
However when I look for the configs on the master that should determine the CA I can find
any that make sense.
freeipa version of master and replica are 3.0.0. on Centos 6 both running in lxc
container on different Proxmox hypervisors.
the ipa config-show output from the master looked like.
Maximum username length: 32
Home directory base: /users_roaming/
Default shell: /bin/bash
Default users group: prod-users
Default e-mail domain: bxl.mydomain
Search time limit: 2
Search size limit: 100
User search fields: uid,givenname,sn,telephonenumber,ou,title
Group search fields: cn,description
Enable migration mode: FALSE
Certificate Subject base: O= BXL.MYDOMAIN
Password Expiration Notification (days): 4
Password plugin features: AllowNThash
SELinux user map order:
guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
Default SELinux user: unconfined_u:s0-s0:c0.c1023
Default PAC types: MS-PAC
I want to know if I need to promote the replica and how to proceed.
I have a great part of the master in the backup including the /etc, /var/lib/ /var/log/
and /root directories
The key question is: does your working master have a CA installed on it?
rob