Home / Freeipa Replication Agreements

Freeipa Replication Agreements

If you install a replicator, you automatically create the replication of the directory and, if you install the certification body, the CA replication. After installation, you can add other replication chords to create some kind of redundant replication topology between all IPA servers. Imagine, for example, that you have three IPA servers. You have the replication of the S1-S2 and S2-S3 directories. If S2 breaks down, your other two servers will be isolated. Now, if you change S1, it won`t replicate on S3. But if you added another S1-S3 replication agreement, you wouldn`t have this problem. In Type 3, there is a good balance, all replicas are connected to other different paths, even no replica has more than three replication links to deal with, because all operations to add or remove a replication chord are now applied to the configuration in the released structure and the actual changes in connectivity are triggered by the topology plugin , it is now possible to prevent any configuration in which connectivity is interrupted. If a new replicant is added to the topology, this is done with ipa-replica-install. Replication agreements are added and the new replicant is booted online. This could also be managed by the topology plugin. The only difference is that non-management of the inseparable is only possible by contact with a server, because topological information must be added to a server in the existing topology and the credentials for the new replicator must be defined on the new server in the cn-config area, even if they are temporary. The optional setting for the Lightweight CA signature key requires the use of the specified encryption algorithm.

This was implemented as part of ticket 8020 – AES Support in Lightweight CA key replica. This “Parameters as additional trail components” feature is available to all handlers, but only ca_wrapped use it (September 2019). Worse, I used the user interface to create a connection between Master and Replica1, and now I have two chords: The Topology plugin has two tasks regarding certain replication configuration attributes (managed attributes): another method is to use the existing replication configuration of a different suffix as a model and return to it in the ipaReplTopoConf object. It deals with changes in the replication configuration in server-specific configuration entries in cn-config and configuration entries in one or more shared (replicated) databases. First, the configuration of the plugin is defined, then the layout and schematic of the shared configuration information. The operation of the plugin describes the detailed activities of the plugin for different operations. The topology plugin is allowed for all replication connections between managed topology servers. However, these connections may be present before the domain level is raised and transformed into connection segments. There may also be agreements to replicate managed servers to unmanaged servers.

In addition, situations in which the database or configuration in dse.ldif are restored from a backup must be addressed. To process these chords, they are “marked” when placed under the control of the topology plugin. Labelling agreements could be obtained using different methods.