ipa-replica-prepare man page
ipa-replica-prepare — Create an IPA replica file
ipa-replica-prepare [OPTION]... hostname
Generates a replica file that may be used with ipa-replica-install to create a replica of an IPA server.
A replica can be created on any IPA master or replica server.
You must provide the fully-qualified hostname of the machine you want to install the replica on and a host-specific replica_file will be created. It is host-specific because SSL server certificates are generated as part of the process and they are specific to a particular hostname.
If IPA manages the DNS for your domain, you should either use the --ip-address option or add the forward and reverse records manually using IPA plugins.
Once the file has been created it will be named replica-hostname. This file can then be moved across the network to the target machine and a new IPA replica setup by running ipa-replica-install replica-hostname.
A replica should only be installed on the same or higher version of IPA on the remote system.
A replica with PKI can only be installed from a replica file prepared on a master with PKI.
File containing the Directory Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
File containing the Apache Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
The password to unlock the Directory Server private key
The password to unlock the Apache Server private key
Name of the Directory Server SSL certificate to install
Name of the Apache Server SSL certificate to install
- -p DM_PASSWORD, --password=DM_PASSWORD
Directory Manager (existing master) password
IPv4 or IPv6 address of the replica server. This option can be specified multiple times for each interface of the server (e.g. multihomed and/or dualstacked server), or for each IPv4 and IPv6 address of the server. The corresponding A or AAAA and PTR records will be added to the DNS if they do not exist already.
The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
Do not create reverse DNS zone
Location of CA PKCS#12 file, default /root/cacert.p12
Prints info log messages to the output
0 if the command was successful
1 if an error occurred