Hello guys,
I'm starting fresh with a 3 node cluster for freeipa. I just want to ask for best practices here.
Should I build 3 nodes, each with the ipa-server, http, etc, etc... and then try to replicate? or should I build 1 node with everything and then build the other two nodes as replicas?
What's the best way to deploy the cluster?
Omar Pagan via FreeIPA-users wrote:
Hello guys,
I'm starting fresh with a 3 node cluster for freeipa. I just want to ask for best practices here.
Should I build 3 nodes, each with the ipa-server, http, etc, etc... and then try to replicate? or should I build 1 node with everything and then build the other two nodes as replicas?
What's the best way to deploy the cluster?
You cannot link independent IPA server installations. Your only choice is do an initial server install and then create replica installations from that.
IPA is like Animal Farm in that all servers are equal, some are just more equal than others. The distinguishing features are the optional services: DNS, CA, KRA and AD trust.
We recommend at least two servers with a CA.
rob
okay, so I get that part. Will the two masters with the CA service be able to be replicas of each other?
so, I have one master now and one client/replice... how do I go with building a second master? is that the same as building just another ipa-server? like ipa-server-install? Do I need to have the same CA on both masters?
Omar Pagan via FreeIPA-users wrote:
so, I have one master now and one client/replice... how do I go with building a second master? is that the same as building just another ipa-server? like ipa-server-install? Do I need to have the same CA on both masters?
I'd suggest reading the documentation, starting with: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/htm...
There are a lot of choices to be made that you need to understand.
rob
freeipa-users@lists.fedorahosted.org