Hello FreeIPA users interested in running the server in containers, recently a couple of changes were pushed to
https://github.com/adelton/docker-freeipa and to adelton/freeipa-server images on Docker hub that you might be interested in: 1) Option --setup-dns is no longer forced by the container image, you have to specify it yourself in the ipa-server-install-options file, together with any --forwarder settings. This makes DNS-less setups easier. 2) If your setup has Domain Level > 0, you can create replicas without GPG-encrypted replica information file, just by specifying ipa-replica-install-options file. Make sure bi-directional communication is allowed for the containers for replication to work. 3) Package (free)ipa-server-trust-ad and its dependencies are now on the image, making it possible to run ipa-adtrust-install and ipa trust-add, typically via docker exec -ti. As has been the case for some time, docker run needs to be invoked with -v /sys/fs/cgroup:/sys/fs/cgroup:ro to make systemd in the container happy. The automated build storage issues at Docker hub seem to have been fixed and Fedora 23, 24, and CentOS 7 images are now up-to-date. You can upgrade your setup by merely using new image and giving it the existing directory used as the /data volume. The images will attempt to do any configuration and data upgrades automatically. Only going from older versions to newer ones works. Having backup of the directory for cases when something fails during the upgrade process is useful. For more information about running FreeIPA in containers, please check http://www.freeipa.org/page/Docker and README at https://github.com/adelton/docker-freeipa Sincerely, -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project