Setting up Multi-Master replication of FreeIPA Directory servers

Step 6. Verify that replication is responding correctly
As with all things that involve setting up technology, you should always verify your work. I never thought I’d enforce this saying as much as I do. My high school maths teacher would be very proud.

One of the first things I do post-setup, is verify that I have two directory server instances running. You will see your DOMAIN instance, and if you set up CA replication, you will also see PKI-IPA.
To check, run the following

[root@ds02 ~]# service dirsrv status
dirsrv EXAMPLE-COM (pid 5115) is running...
dirsrv PKI-IPA (pid 5185) is running...
[root@ds02 ~]#

also, make sure you can authenticate. That’s pretty important ūüėČ

[root@ds02 ~]# kinit admin
Password for admin@EXAMPLE.COM: 
[root@ds02 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@EXAMPLE.COM

Valid starting     Expires            Service principal
08/29/12 22:53:02  08/30/12 22:53:00  krbtgt/EXAMPLE.COM@EXAMPLE.COM
[root@ds02 ~]#

All looking good so far. Lastly, lets just make sure that our servers are in fact replicating.

Check to see all IPA replica’s in the domain

[root@ds02 ~]# ipa-replica-manage list
ds01.example.com: master
ds02.example.com: master
[root@ds02 ~]#

Great… Now lets make sure that ds01.example.com is replicating to ds02.example.com

[root@ds02 ~]# ipa-replica-manage list ds01.example.com
ds02.example.com: replica
[root@ds02 ~]#

Also great

Last one, lets check to see that ds02.example.com can replicate back to ds01.example.com

[root@ds02 ~]# ipa-replica-manage list ds02.example.com
ds01.example.com: replica
[root@ds02 ~]#

Happy Days!. We have one we peachy IPA replicated environment.
Stay tuned as I’ll be covering more detail on managing more than 2 replica’s in an upcoming article. This will be useful for those of you who might be looking to deploy IPA into a multi-site environment.

One comment on “Setting up Multi-Master replication of FreeIPA Directory servers

  1. ed May 26, 2016 15:42

    Great tutorial. Thanks

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>