Red Hat Summit21.2. Installing an IdM replica with integrated DNS and a CA
Follow this procedure to install an Identity Management (IdM) replica:
- With integrated DNS
- With a certificate authority (CA)
You can do this to, for example, replicate the CA service for resiliency after installing an IdM server with an integrated CA.
When configuring a replica with a CA, the CA configuration of the replica must mirror the CA configuration of the other server.
For example, if the server includes an integrated IdM CA as the root CA, the new replica must also be installed with an integrated CA as the root CA. No other CA configuration is available in this case.
Including the --setup-ca option in the ipa-replica-install command copies the CA configuration of the initial server.
Prerequisites
- Ensure your system is prepared for an IdM replica installation.
Procedure
Enter
ipa-replica-installwith these options:-
--setup-dnsto configure the replica as a DNS server --forwarderto specify a per-server forwarder, or--no-forwarderif you do not want to use any per-server forwarders. To specify multiple per-server forwarders for failover reasons, use--forwardermultiple times.注記The
ipa-replica-installutility accepts a number of other options related to DNS settings, such as--no-reverseor--no-host-dns. For more information about them, see theipa-replica-install(1) man page.-
--setup-cato include a CA on the replica
For example, to set up a replica with an integrated DNS server and a CA that forwards all DNS requests not managed by the IdM servers to the DNS server running on IP 192.0.2.1:
# ipa-replica-install --setup-dns --forwarder 192.0.2.1 --setup-ca-
After the installation completes, add a DNS delegation from the parent domain to the IdM DNS domain. For example, if the IdM DNS domain is
idm.example.com, add a name server (NS) record to theexample.comparent domain.重要Repeat this step each time after you install an IdM DNS server.
Next steps
- In large deployments, you might want to tune specific parameters of IdM replicas for better performance. Consult the Tuning Performance in Identity Management title to find tuning instructions to best suit your scenario.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}