Hello FreeIPA users interested in running the server in containers,
recently a couple of changes were pushed to
and to adelton/freeipa-server images on Docker hub that you might be
1) Option --setup-dns is no longer forced by the container image, you
have to specify it yourself in the ipa-server-install-options
file, together with any --forwarder settings. This makes DNS-less
2) If your setup has Domain Level > 0, you can create replicas without
GPG-encrypted replica information file, just by specifying
ipa-replica-install-options file. Make sure bi-directional
communication is allowed for the containers for replication to work.
3) Package (free)ipa-server-trust-ad and its dependencies are now on
the image, making it possible to run ipa-adtrust-install and
ipa trust-add, typically via docker exec -ti.
As has been the case for some time, docker run needs to be invoked
to make systemd in the container happy.
The automated build storage issues at Docker hub seem to have been
fixed and Fedora 23, 24, and CentOS 7 images are now up-to-date.
You can upgrade your setup by merely using new image and giving it the
existing directory used as the /data volume. The images will attempt
to do any configuration and data upgrades automatically. Only going
from older versions to newer ones works. Having backup of the directory
for cases when something fails during the upgrade process is useful.
For more information about running FreeIPA in containers, please check
and README at
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project