ipa-replica-prepare man page

ipa-replica-prepare — Create an IPA replica file

Synopsis

ipa-replica-prepare [OPTION]... hostname

Description

Generates a replica file that may be used with ipa-replica-install to create a replica of an IPA server.

A replica can be created on any IPA master or replica server.

You must provide the fully-qualified hostname of the machine you want to install the replica on and a host-specific replica_file will be created. It is host-specific because SSL server certificates are generated as part of the process and they are specific to a particular hostname.

If IPA manages the DNS for your domain, you should either use the --ip-address option or add the forward and reverse records manually using IPA plugins.

Once the file has been created it will be named replica-hostname. This file can then be moved across the network to the target machine and a new IPA replica setup by running ipa-replica-install replica-hostname.

Limitations

A replica should only be installed on the same or higher version of IPA on the remote system.

A replica with PKI can only be installed from a replica file prepared on a master with PKI.

Options

--dirsrv-cert-file=FILE
File containing the Directory Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
--http-cert-file=FILE
File containing the Apache Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
--pkinit-cert-file=FILE
File containing the Kerberos KDC SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
--dirsrv-pin=PIN
The password to unlock the Directory Server private key
--http-pin=PIN
The password to unlock the Apache Server private key
--pkinit-pin=PIN
The password to unlock the Kerberos KDC private key
--dirsrv-cert-name=NAME
Name of the Directory Server SSL certificate to install
--http-cert-name=NAME
Name of the Apache Server SSL certificate to install
--pkinit-cert-name=NAME
Name of the Kerberos KDC SSL certificate to install
-p DM_PASSWORD, --password=DM_PASSWORD
Directory Manager (existing master) password
--ip-address=IP_ADDRESS
IPv4 or IPv6 address of the replica server. This option can be specified multiple times for each interface of the server (e.g. multihomed and/or dualstacked server), or for each IPv4 and IPv6 address of the server. The corresponding A or AAAA and PTR records will be added to the DNS if they do not exist already.
--reverse-zone=REVERSE_ZONE
The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
--no-reverse
Do not create reverse DNS zone
--ca=CA_FILE
Location of CA PKCS#12 file, default /root/cacert.p12
--no-pkinit
Disables pkinit setup steps
--debug
Prints info log messages to the output

Exit Status

0 if the command was successful

1 if an error occurred

Referenced By

ipa(1).

Mar 14 2008 FreeIPA FreeIPA Manual Pages