mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 16:31:08 -06:00
fbf192f0e2
https://fedorahosted.org/freeipa/ticket/4944 Reviewed-By: Martin Kosek <mkosek@redhat.com>
93 lines
4.3 KiB
Groff
93 lines
4.3 KiB
Groff
.\" A man page for ipa-replica-prepare
|
|
.\" Copyright (C) 2008 Red Hat, Inc.
|
|
.\"
|
|
.\" This program is free software; you can redistribute it and/or modify
|
|
.\" it under the terms of the GNU General Public License as published by
|
|
.\" the Free Software Foundation, either version 3 of the License, or
|
|
.\" (at your option) any later version.
|
|
.\"
|
|
.\" This program is distributed in the hope that it will be useful, but
|
|
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
.\" General Public License for more details.
|
|
.\"
|
|
.\" You should have received a copy of the GNU General Public License
|
|
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
.\"
|
|
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
|
.\"
|
|
.TH "ipa-replica-prepare" "1" "Mar 14 2008" "FreeIPA" "FreeIPA Manual Pages"
|
|
.SH "NAME"
|
|
ipa\-replica\-prepare \- Create an IPA replica file
|
|
.SH "SYNOPSIS"
|
|
ipa\-replica\-prepare [\fIOPTION\fR]... hostname
|
|
.SH "DESCRIPTION"
|
|
Generates a replica file that may be used with ipa\-replica\-install to create a replica of an IPA server.
|
|
|
|
A replica can be created on any IPA master or replica server.
|
|
|
|
You must provide the fully\-qualified hostname of the machine you want to install the replica on and a host\-specific replica_file will be created. It is host\-specific because SSL server certificates are generated as part of the process and they are specific to a particular hostname.
|
|
|
|
If IPA manages the DNS for your domain, you should either use the \fB\-\-ip\-address\fR option or add the forward and reverse records manually using IPA plugins.
|
|
|
|
Once the file has been created it will be named replica\-hostname. This file can then be moved across the network to the target machine and a new IPA replica setup by running ipa\-replica\-install replica\-hostname.
|
|
.SS "Limitations"
|
|
A replica should only be installed on the same or higher version of IPA on the remote system.
|
|
|
|
A replica with PKI can only be installed from a replica file prepared on a master with PKI.
|
|
.SH "OPTIONS"
|
|
.TP
|
|
\fB\-\-dirsrv\-cert\-file\fR=\fIFILE\fR
|
|
File containing the Directory Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
|
|
.TP
|
|
\fB\-\-http\-cert\-file\fR=\fIFILE\fR
|
|
File containing the Apache Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
|
|
.TP
|
|
\fB\-\-pkinit\-cert\-file\fR=\fIFILE\fR
|
|
File containing the Kerberos KDC SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
|
|
.TP
|
|
\fB\-\-dirsrv\-pin\fR=\fIPIN\fR
|
|
The password to unlock the Directory Server private key
|
|
.TP
|
|
\fB\-\-http\-pin\fR=\fIPIN\fR
|
|
The password to unlock the Apache Server private key
|
|
.TP
|
|
\fB\-\-pkinit\-pin\fR=\fIPIN\fR
|
|
The password to unlock the Kerberos KDC private key
|
|
.TP
|
|
\fB\-\-dirsrv\-cert\-name\fR=\fINAME\fR
|
|
Name of the Directory Server SSL certificate to install
|
|
.TP
|
|
\fB\-\-http\-cert\-name\fR=\fINAME\fR
|
|
Name of the Apache Server SSL certificate to install
|
|
.TP
|
|
\fB\-\-pkinit\-cert\-name\fR=\fINAME\fR
|
|
Name of the Kerberos KDC SSL certificate to install
|
|
.TP
|
|
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
|
|
Directory Manager (existing master) password
|
|
.TP
|
|
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
|
|
IPv4 or IPv6 address of the replica server. This option can be specified multiple times for each interface of the server
|
|
(e.g. multihomed and/or dualstacked server), or for each IPv4 and IPv6 address of the server. The corresponding A or AAAA and
|
|
PTR records will be added to the DNS if they do not exist already.
|
|
.TP
|
|
\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
|
|
The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
|
|
.TP
|
|
\fB\-\-no\-reverse\fR
|
|
Do not create reverse DNS zone
|
|
.TP
|
|
\fB\-\-ca\fR=\fICA_FILE\fR
|
|
Location of CA PKCS#12 file, default /root/cacert.p12
|
|
.TP
|
|
\fB\-\-no\-pkinit\fR
|
|
Disables pkinit setup steps
|
|
.TP
|
|
\fB\-\-debug\fR
|
|
Prints info log messages to the output
|
|
.SH "EXIT STATUS"
|
|
0 if the command was successful
|
|
|
|
1 if an error occurred
|