Having only one IPA server with CA is very dangerous because CA cannot be installed if CA certificate private keys are lost. In such case it is required to recreate all certs which is a very tedious process.
With introduction of server roles web ui will receive information of how many CA exist in a topology.
Web UI should warn admins at a server role page if there is only one replica with CA.
4.4.0 was released, moving open tickets to 4.4.1
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1367759
Metadata Update from @pvoborni:
- Issue assigned to pvomacka
- Issue set to the milestone: FreeIPA 4.4.1
to comment on this ticket.