SYNOPSIS

ipa-replica-prepare [OPTION]... hostname

DESCRIPTION

Generates a replica file that may be used with ipa-replica-install to create a replica of an IPA server.

A replica can only be created on an IPA server installed with ipa-server-install (the first server).

You must provide the fully-qualified hostname of the machine you want to install the replica on and a host-specific replica_file will be created. It is host-specific because SSL server certificates are generated as part of the process and they are specific to a particular hostname.

If IPA manages the DNS for your domain, you should either use the --ip-address option or add the forward and reverse records manually using IPA plugins.

Once the file has been created it will be named replica-hostname. This file can then be moved across the network to the target machine and a new IPA replica setup by running ipa-replica-install replica-hostname.

A replica should only be installed on the same or higher version of IPA on the remote system.

OPTIONS

--dirsrv_pkcs12=FILE

PKCS#12 file containing the Directory Server SSL Certificate and Private Key

--http_pkcs12=FILE

PKCS#12 file containing the Apache Server SSL Certificate and Private Key

--pkinit_pkcs12=FILE

PKCS#12 file containing the Kerberos KDC Certificate and Private Key

--dirsrv_pin=DIRSRV_PIN

The password of the Directory Server PKCS#12 file

--http_pin=HTTP_PIN

The password of the Apache Server PKCS#12 file

--pkinit_pin=PKINIT_PIN

The password of the Kerberos KDC PKCS#12 file

-p DM_PASSWORD, --password=DM_PASSWORD

Directory Manager (existing master) password

--ip-address=IP_ADDRESS

IP address of the replica server. If you provide this option, the A and PTR records will be added to the DNS.

--reverse-zone=REVERSE_ZONE

The reverse DNS zone to use

--no-reverse

Do not create reverse DNS zone

--ca=CA_FILE

Location of CA PKCS#12 file, default /root/cacert.p12

--no-pkinit

Disables pkinit setup steps

--debug

Prints info log messages to the output