The current method to install a replica requires a 2 phases approach where an admin physically logs into a master and generates an installation package, then transfers it to a new server and performs the replica install procedure. This method is cumbersome, require interaction (the ipa-replica-prepare command wants the Directory Manager password) and is generally hard to deal with in an automated fashion. A new method to promote a regular client to a replica and in general simplify replica installs will make a number of maintenance operations easier. A new replica promotion sequence will allow easier provisioning via an external infrastructure management system, while retaining a reasonable level of security (or increasing the security of the solution in some areas). 

Usage:
As an Administrator I want to deploy my multi master IdM Server infrastructure cluster using deployment tools of my choice (Ansible, Puppet, Foreman...) without leaking the IdM passwords to the infrastructure so that they do not end up in any answer file or argument database. The installation scripts should not require interactive logging to the target replica or copying of any file on the server.