xenial (1) ipa-replica-prepare.1.gz

Provided by: freeipa-server_4.3.1-0ubuntu1_amd64 bug

NAME
       ipa-replica-prepare - Create an IPA replica file


SYNOPSIS
       ipa-replica-prepare [OPTION]... hostname


DESCRIPTION
       Generates a replica file that may be used with ipa-replica-install to create a replica of an IPA server.

       A replica can be created on any IPA master or replica server.

       You  must  provide  the  fully-qualified hostname of the machine you want to install the replica on and a
       host-specific replica_file will be created. It is  host-specific  because  SSL  server  certificates  are
       generated as part of the process and they are specific to a particular hostname.

       If  IPA manages the DNS for your domain, you should either use the --ip-address option or add the forward
       and reverse records manually using IPA plugins.

       Once the file has been created it will be named replica-hostname. This file can then be moved across  the
       network   to   the   target   machine  and  a  new  IPA  replica  setup  by  running  ipa-replica-install
       replica-hostname.

   Limitations
       A replica should only be installed on the same or higher version of IPA on the remote system.

       A replica with PKI can only be installed from a replica file prepared on a master with PKI.


OPTIONS
       --dirsrv-cert-file=FILE
              File containing the Directory Server SSL certificate and private key. The files  are  accepted  in
              PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats.
              This option may be used multiple times.

       --http-cert-file=FILE
              File containing the Apache Server SSL certificate and private key. The files are accepted  in  PEM
              and  DER  certificate,  PKCS#7  certificate chain, PKCS#8 and raw private key and PKCS#12 formats.
              This option may be used multiple times.

       --pkinit-cert-file=FILE
              File containing the Kerberos KDC SSL certificate and private key. The files are  accepted  in  PEM
              and  DER  certificate,  PKCS#7  certificate chain, PKCS#8 and raw private key and PKCS#12 formats.
              This option may be used multiple times.

       --dirsrv-pin=PIN
              The password to unlock the Directory Server private key

       --http-pin=PIN
              The password to unlock the Apache Server private key

       --pkinit-pin=PIN
              The password to unlock the Kerberos KDC private key

       --dirsrv-cert-name=NAME
              Name of the Directory Server SSL certificate to install

       --http-cert-name=NAME
              Name of the Apache Server SSL certificate to install

       --pkinit-cert-name=NAME
              Name of the Kerberos KDC SSL certificate to install

       -p DM_PASSWORD, --password=DM_PASSWORD
              Directory Manager (existing master) password

       --ip-address=IP_ADDRESS
              IPv4 or IPv6 address of the replica server. This option can be specified multiple times  for  each
              interface  of  the  server  (e.g. multihomed and/or dualstacked server), or for each IPv4 and IPv6
              address of the server. The corresponding A or AAAA and PTR records will be added  to  the  DNS  if
              they do not exist already.

       --reverse-zone=REVERSE_ZONE
              The  reverse  DNS  zone to use. This option can be used multiple times to specify multiple reverse
              zones.

       --no-reverse
              Do not create reverse DNS zone

       --ca=CA_FILE
              Location of CA PKCS#12 file, default /root/cacert.p12

       --no-pkinit
              Disables pkinit setup steps

       --debug
              Prints info log messages to the output


EXIT STATUS
       0 if the command was successful

       1 if an error occurred