0

Our setup is as follows. All machines are running under Centos 5.8. We have a gateway machine with a firewall,

gw.example.com,

through which all external traffic is funneled. Behind it we have 2 FreeIPA servers for remote user authentication,

ipa1.example.com and ipa2.example.com.

ipa1 is the main server, ipa2 is setup to be the failover, which is supposed to take over if ipa1 is unavailable. However, on several occasions when ipa1 kernel panicked, ipa2 never took over, which it was supposed too, as I understand it.

I googled extensively around for a solution, however found nothing coherent.

Did anyone have a similar issue and managed to resolve it?

If you need specifics detailing our freeipa configs, I can provide them.

UPDATE:

Issue resolved. The solution is in the comment below.

Chikipowpow
  • 101
  • 3
  • knowing what you mean by "take over" would be good. using dns srv records? – Sirex Nov 26 '13 at 18:00
  • We've figured it out. Our ipa2 replica server was setup temporally only after ipa-clients where installed and configured on the machines. Which is wrong. The order should be reversed: server and replica server first, then the clients. Rookie mistake. – Chikipowpow Nov 27 '13 at 20:42
  • ah, fair enough. you can actually do the replica last if you really want - for future reference. It'll sync over any missing data when it initializes the replica. – Sirex Nov 27 '13 at 23:45

0 Answers0