Jump to: navigation, search


FreeIPA server in Docker containers

FreeIPA server can be run in a Docker container for testing or demo purposes. It makes it possible to run all the processes comprising the server in an isolated way, leaving the host free to run other software, not clashing with the FreeIPA server.

Dockerfile.* recipes with related content are available at repo on github with definitions for Fedora, RHELs, and CentOS 7. Automated build images are available in Docker index.

Note that the Docker version of FreeIPA is still just a proof of concept and is not fully supported. We would like to hear your feedback or ideas for improvement!

Also available are client repositories and images, to quickly start another container and let it IPA-enroll to the server.

Enroll the host to FreeIPA running in the container

If you have FreeIPA server running in a container, you can enroll the host machine that the FreeIPA server. You need to configure the IP address of the FreeIPA server (running in the container). You can configure it either in /etc/hosts or put its IP address to /etc/resolv.conf if you'd like to use FreeIPA's DNS as well.

If you've named your running container with FreeIPA server with --name option, for example docker run --name freeipa-server-container ..., you can use that name to retrieve the IP address:

SERVER_IP_ADDRESS=$( docker inspect --format '{{ .NetworkSettings.IPAddress }}' freeipa-server-container )

Otherwise you'd have to use the autogenerated container identifier. You can then add the IP address to /etc/hosts

echo $SERVER_IP_ADDRESS ipa.example.test >> /etc/hosts

or to /etc/resolv.conf

echo nameserver $SERVER_IP_ADDRESS > /etc/resolv.conf


ipa-client-install --server=ipa.example.test ...

should enroll the host to the containerized FreeIPA server.

Building the FreeIPA server container image

Further reading