ipa-replica-prepare man page

ipa-replica-prepare — Create an IPA replica file

Synopsis

ipa-replica-prepare [OPTION]... hostname

Description

Generates a replica file that may be used with ipa-replica-install to create a replica of an IPA server.

A replica can be created on any IPA master or replica server.

You must provide the fully-qualified hostname of the machine you want to install the replica on and a host-specific replica_file will be created. It is host-specific because SSL server certificates are generated as part of the process and they are specific to a particular hostname.

If IPA manages the DNS for your domain, you should either use the --ip-address option or add the forward and reverse records manually using IPA plugins.

Once the file has been created it will be named replica-hostname. This file can then be moved across the network to the target machine and a new IPA replica setup by running ipa-replica-install replica-hostname.

Limitations

A replica should only be installed on the same or higher version of IPA on the remote system.

A replica with PKI can only be installed from a replica file prepared on a master with PKI.

Options

--dirsrv-cert-file=FILE

File containing the Directory Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.

--http-cert-file=FILE

File containing the Apache Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.

--dirsrv-pin=PIN

The password to unlock the Directory Server private key

--http-pin=PIN

The password to unlock the Apache Server private key

--dirsrv-cert-name=NAME

Name of the Directory Server SSL certificate to install

--http-cert-name=NAME

Name of the Apache Server SSL certificate to install

-p DM_PASSWORD, --password=DM_PASSWORD

Directory Manager (existing master) password

--ip-address=IP_ADDRESS

IPv4 or IPv6 address of the replica server. This option can be specified multiple times for each interface of the server (e.g. multihomed and/or dualstacked server), or for each IPv4 and IPv6 address of the server. The corresponding A or AAAA and PTR records will be added to the DNS if they do not exist already.

--reverse-zone=REVERSE_ZONE

The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.

--no-reverse

Do not create reverse DNS zone

--ca=CA_FILE

Location of CA PKCS#12 file, default /root/cacert.p12

--debug

Prints info log messages to the output

Exit Status

0 if the command was successful

1 if an error occurred

Referenced By

ipa(1).

Mar 14 2008 FreeIPA Manual Pages