freeipa/install/tools/man/ipa-replica-prepare.1

.\" A man page for ipa-replica-prepare
.\" Copyright (C) 2008 Red Hat, Inc.
.\"
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program.  If not, see <http://www.gnu.org/licenses/>.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-replica-prepare" "1" "Mar 14 2008" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-replica\-prepare \- Create an IPA replica file
.SH "SYNOPSIS"
ipa\-replica\-prepare [\fIOPTION\fR]... hostname
.SH "DESCRIPTION"
Generates a replica file that may be used with ipa\-replica\-install to create a replica of an IPA server.

A replica can only be created on an IPA server installed with ipa\-server\-install (the first server).

You must provide the fully\-qualified hostname of the machine you want to install the replica on and a host\-specific replica_file will be created. It is host\-specific because SSL server certificates are generated as part of the process and they are specific to a particular hostname.

If IPA manages the DNS for your domain, you should either use the \fB\-\-ip\-address\fR option or add the forward and reverse records manually using IPA plugins.

Once the file has been created it will be named replica\-hostname. This file can then be moved across the network to the target machine and a new IPA replica setup by running ipa\-replica\-install replica\-hostname.

A replica should only be installed on the same or higher version of IPA on the remote system.
.SH "OPTIONS"
.TP
\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
PKCS#12 file containing the Directory Server SSL Certificate and Private Key
.TP
\fB\-\-http_pkcs12\fR=\fIFILE\fR
PKCS#12 file containing the Apache Server SSL Certificate and Private Key
.TP
\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR
PKCS#12 file containing the Kerberos KDC Certificate and Private Key
.TP
\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
The password of the Directory Server PKCS#12 file
.TP
\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
The password of the Apache Server PKCS#12 file
.TP
\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR
The password of the Kerberos KDC PKCS#12 file
.TP
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
Directory Manager (existing master) password
.TP
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
IP address of the replica server. If you provide this option, the A and PTR records will be added to the DNS.
.TP
\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
The reverse DNS zone to use
.TP
\fB\-\-no\-reverse\fR
Do not create reverse DNS zone
.TP
\fB\-\-ca\fR=\fICA_FILE\fR
Location of CA PKCS#12 file, default /root/cacert.p12
.TP
\fB\-\-no\-pkinit\fR
Disables pkinit setup steps
.TP
\fB\-\-debug\fR
Prints info log messages to the output
.SH "EXIT STATUS"
0 if the command was successful

1 if an error occurred