Hello FreeIPA users interested in running the server in containers,

recently a couple of changes were pushed to


and to adelton/freeipa-server images on Docker hub that you might be
interested in:

1) Option --setup-dns is no longer forced by the container image, you
   have to specify it yourself in the ipa-server-install-options
   file, together with any --forwarder settings. This makes DNS-less
   setups easier.

2) If your setup has Domain Level > 0, you can create replicas without
   GPG-encrypted replica information file, just by specifying
   ipa-replica-install-options file. Make sure bi-directional
   communication is allowed for the containers for replication to work.

3) Package (free)ipa-server-trust-ad and its dependencies are now on
   the image, making it possible to run ipa-adtrust-install and
   ipa trust-add, typically via docker exec -ti.

As has been the case for some time, docker run needs to be invoked

        -v /sys/fs/cgroup:/sys/fs/cgroup:ro

to make systemd in the container happy.

The automated build storage issues at Docker hub seem to have been
fixed and Fedora 23, 24, and CentOS 7 images are now up-to-date.

You can upgrade your setup by merely using new image and giving it the
existing directory used as the /data volume. The images will attempt
to do any configuration and data upgrades automatically. Only going
from older versions to newer ones works. Having backup of the directory
for cases when something fails during the upgrade process is useful.

For more information about running FreeIPA in containers, please check


and README at



Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to