.\" A man page for ipa-replica-prepare
.\" Copyright (C) 2008 Red Hat, Inc.
.\"
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program.  If not, see <http://www.gnu.org/licenses/>.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-replica-prepare" "1" "Mar 14 2008" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-replica\-prepare \- Create an IPA replica file
.SH "SYNOPSIS"
ipa\-replica\-prepare [\fIOPTION\fR]... hostname
.SH "DESCRIPTION"
Generates a replica file that may be used with ipa\-replica\-install to create a replica of an IPA server.

A replica can be created on any IPA master or replica server.

You must provide the fully\-qualified hostname of the machine you want to install the replica on and a host\-specific replica_file will be created. It is host\-specific because SSL server certificates are generated as part of the process and they are specific to a particular hostname.

If IPA manages the DNS for your domain, you should either use the \fB\-\-ip\-address\fR option or add the forward and reverse records manually using IPA plugins.

Once the file has been created it will be named replica\-hostname. This file can then be moved across the network to the target machine and a new IPA replica setup by running ipa\-replica\-install replica\-hostname.
.SS "Limitations"
A replica should only be installed on the same or higher version of IPA on the remote system.

A replica with PKI can only be installed from a replica file prepared on a master with PKI.
.SH "OPTIONS"
.TP
\fB\-\-dirsrv\-cert\-file\fR=\fIFILE\fR
File containing the Directory Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
.TP
\fB\-\-http\-cert\-file\fR=\fIFILE\fR
File containing the Apache Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
.TP
\fB\-\-dirsrv\-pin\fR=\fIPIN\fR
The password to unlock the Directory Server private key
.TP
\fB\-\-http\-pin\fR=\fIPIN\fR
The password to unlock the Apache Server private key
.TP
\fB\-\-dirsrv\-cert\-name\fR=\fINAME\fR
Name of the Directory Server SSL certificate to install
.TP
\fB\-\-http\-cert\-name\fR=\fINAME\fR
Name of the Apache Server SSL certificate to install
.TP
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
Directory Manager (existing master) password
.TP
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
IPv4 or IPv6 address of the replica server. This option can be specified multiple times for each interface of the server
(e.g. multihomed and/or dualstacked server), or for each IPv4 and IPv6 address of the server. The corresponding A or AAAA and
PTR records will be added to the DNS if they do not exist already.
.TP
\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
.TP
\fB\-\-no\-reverse\fR
Do not create reverse DNS zone
.TP
\fB\-\-ca\fR=\fICA_FILE\fR
Location of CA PKCS#12 file, default /root/cacert.p12
.TP
\fB\-\-debug\fR
Prints info log messages to the output
.SH "EXIT STATUS"
0 if the command was successful

1 if an error occurred