4.2. Prerequisites for Installing a Replica Server

Replicas are functionally the same as IdM servers, so they have the same installation requirements and packages. However, replicas are also copies of existing servers, so they must also mirror the originating server configuration.
  • Make sure that the machine meets all of the prerequisites listed in Chapter 2, Prerequisites for Installation.
  • The replica and the master server must be running the same version of IdM.
    The replica essentially is a copy of a server, based off the existing server configuration. Therefore, the server and the replica (its copy) must be running the same version of Identity Management so that the configuration can be properly copied from the server to the replica.
    If the master server is running on Red Hat Enterprise Linux 6, IdM version 3.0, then the replica must also run on Red Hat Enterprise Linux 6 and use the IdM 3.0 packages.

    IMPORTANT

    Creating a replica of a different version than the master is not supported. Attempting to create a replica using a different version fails when attempting to configure the 389 Directory Server instance.
  • Apart from the ports listed in Table 2.1, “IdM Ports”, installing a replica also requires port 22 to be free during the replica setup process. This port is required in order to use SSH to connect to the master server.
    Port 7389 must be free if there is an existing Dogtag Certificate System or Red Hat Certificate System instance on the replica machine during and after the replica configuration. This port is used by the master IdM server to communicate with the replica.

    Note

    The ipa-replica-install script includes the ipa-replica-conncheck utility that verifies the status of the required ports. You can also run ipa-replica-conncheck separately for troubleshooting purposes. For information on how to use the utility, see the ipa-replica-conncheck(1) man page.
  • The replica must use the same CA configuration as the server and must have the same root CA. For example, if the server is its own root CA (using Dogtag Certificate System), then that must be the root CA for the replica. If the server used an external CA to issue its certificates, than the replica must use that same external CA.