Step 6. Verify that replication is responding correctly
As with all things that involve setting up technology, you should always verify your work. I never thought I’d enforce this saying as much as I do. My high school maths teacher would be very proud.
One of the first things I do post-setup, is verify that I have two directory server instances running. You will see your DOMAIN instance, and if you set up CA replication, you will also see PKI-IPA.
To check, run the following
[root@ds02 ~]# service dirsrv status dirsrv EXAMPLE-COM (pid 5115) is running... dirsrv PKI-IPA (pid 5185) is running... [root@ds02 ~]#
also, make sure you can authenticate. That’s pretty important 😉
[root@ds02 ~]# kinit admin Password for admin@EXAMPLE.COM: [root@ds02 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin@EXAMPLE.COM Valid starting Expires Service principal 08/29/12 22:53:02 08/30/12 22:53:00 krbtgt/EXAMPLE.COM@EXAMPLE.COM [root@ds02 ~]#
All looking good so far. Lastly, lets just make sure that our servers are in fact replicating.
Check to see all IPA replica’s in the domain
[root@ds02 ~]# ipa-replica-manage list ds01.example.com: master ds02.example.com: master [root@ds02 ~]#
Great… Now lets make sure that ds01.example.com is replicating to ds02.example.com
[root@ds02 ~]# ipa-replica-manage list ds01.example.com ds02.example.com: replica [root@ds02 ~]#
Last one, lets check to see that ds02.example.com can replicate back to ds01.example.com
[root@ds02 ~]# ipa-replica-manage list ds02.example.com ds01.example.com: replica [root@ds02 ~]#
Happy Days!. We have one we peachy IPA replicated environment.
Stay tuned as I’ll be covering more detail on managing more than 2 replica’s in an upcoming article. This will be useful for those of you who might be looking to deploy IPA into a multi-site environment.