_kerberos-master._tcp.magevent.net. 86400 IN SRV 0 100 88 freeipa.magevent.net.
_kerberos-master._udp.magevent.net. 86400 IN SRV 0 100 88 freeipa.magevent.net.
_kerberos._tcp.magevent.net. 86400 IN SRV 0 100 88 freeipa.magevent.net.
_kerberos._udp.magevent.net. 86400 IN SRV 0 100 88 freeipa.magevent.net.
_kerberos.magevent.net. 86400 IN TXT "MAGEVENT.NET"
_kpasswd._tcp.magevent.net. 86400 IN SRV 0 100 464 freeipa.magevent.net.
_kpasswd._udp.magevent.net. 86400 IN SRV 0 100 464 freeipa.magevent.net.
_ldap._tcp.magevent.net. 86400 IN SRV 0 100 389 freeipa.magevent.net.
ipa-ca.magevent.net. 86400 IN A 10.101.22.11
#Finds all users with display name (so not admin/system users) and prints them each on one line. nice for AWK stuff
ldapsearch -x -W "(displayname=*)" displayname | sed -e '/c/N;y/\\n/ /'|sed -e '/c/N;y/\\n/ /'| grep <domain> | awk '{print $2" "$9" "$10}' | sed 's/,//' | grep -v displayname
Installing:
Currently done via a bash script calling docker run. See /srv/freeipa on docker box or later in document for example scripts
Caveats: Host box should have a second IP to forward IPA server traffic from. While not needed, this will allow the IPA container to manage logins for the host box. Without a secondary IP the box will get confused if it has to authenticate to the docker inside of itself.
Replicating:
Same as installing, but mildly different script
Backups and upgrading:
The volume/folder for the data needs to be copied carefully. I have found that cp -rap is sufficient to prevent issues. Normal cp -r or mv does seem to break something in the data, probably a symbolic link or permissions on some of the files for service accounts used by a sub component of IPA.
Steps to upgrade:
data for IPA docker volume is /ipadata
Caveat: I wrote this for work when I was looking into options to migrate their existing freeIPA solutions to new containerized ones. The main good info is the first page, but included the old analysis I did for migration of an existing freeIPA to a new one in case it’s useful either later on or for your use personally or professionally
Option 1- Replicate to same domain
Components- Two Docker IPA containers running Centos 8 and freeIPA 4.8.4 in replica mode living in 2 different VMs. Also DNS using bind on both VMs