Provided by: freeipa-server_4.3.1-0ubuntu1_amd64 bug

NAME

       ipa-replica-prepare - Create an IPA replica file

SYNOPSIS

       ipa-replica-prepare [OPTION]... hostname

DESCRIPTION

       Generates  a replica file that may be used with ipa-replica-install to create a replica of
       an IPA server.

       A replica can be created on any IPA master or replica server.

       You must provide the fully-qualified hostname of the  machine  you  want  to  install  the
       replica  on  and a host-specific replica_file will be created. It is host-specific because
       SSL server certificates are generated as part of the process and they are  specific  to  a
       particular hostname.

       If  IPA  manages the DNS for your domain, you should either use the --ip-address option or
       add the forward and reverse records manually using IPA plugins.

       Once the file has been created it will be named replica-hostname. This file  can  then  be
       moved  across  the  network  to  the target machine and a new IPA replica setup by running
       ipa-replica-install replica-hostname.

   Limitations
       A replica should only be installed on the same or higher version  of  IPA  on  the  remote
       system.

       A  replica  with  PKI  can only be installed from a replica file prepared on a master with
       PKI.

OPTIONS

       --dirsrv-cert-file=FILE
              File containing the Directory Server SSL certificate and private key. The files are
              accepted  in  PEM  and  DER  certificate,  PKCS#7 certificate chain, PKCS#8 and raw
              private key and PKCS#12 formats. This option may be used multiple times.

       --http-cert-file=FILE
              File containing the Apache Server SSL certificate and private key.  The  files  are
              accepted  in  PEM  and  DER  certificate,  PKCS#7 certificate chain, PKCS#8 and raw
              private key and PKCS#12 formats. This option may be used multiple times.

       --pkinit-cert-file=FILE
              File containing the Kerberos KDC SSL certificate and private  key.  The  files  are
              accepted  in  PEM  and  DER  certificate,  PKCS#7 certificate chain, PKCS#8 and raw
              private key and PKCS#12 formats. This option may be used multiple times.

       --dirsrv-pin=PIN
              The password to unlock the Directory Server private key

       --http-pin=PIN
              The password to unlock the Apache Server private key

       --pkinit-pin=PIN
              The password to unlock the Kerberos KDC private key

       --dirsrv-cert-name=NAME
              Name of the Directory Server SSL certificate to install

       --http-cert-name=NAME
              Name of the Apache Server SSL certificate to install

       --pkinit-cert-name=NAME
              Name of the Kerberos KDC SSL certificate to install

       -p DM_PASSWORD, --password=DM_PASSWORD
              Directory Manager (existing master) password

       --ip-address=IP_ADDRESS
              IPv4 or IPv6 address of the replica server. This option can be  specified  multiple
              times for each interface of the server (e.g. multihomed and/or dualstacked server),
              or for each IPv4 and IPv6 address of the server. The corresponding A  or  AAAA  and
              PTR records will be added to the DNS if they do not exist already.

       --reverse-zone=REVERSE_ZONE
              The  reverse  DNS  zone  to  use. This option can be used multiple times to specify
              multiple reverse zones.

       --no-reverse
              Do not create reverse DNS zone

       --ca=CA_FILE
              Location of CA PKCS#12 file, default /root/cacert.p12

       --no-pkinit
              Disables pkinit setup steps

       --debug
              Prints info log messages to the output

EXIT STATUS

       0 if the command was successful

       1 if an error occurred