Jan Pazdziora

Do I read it right that the concern is the master's container IP address used for the `ipa-ca` A record instead of the `IPA_SERVER_IP` value, and the replica's role in...

I did a quick test run and it seems that if you use `--ip-address=192.168.1.52` option to `ipa-server-install`, the `ipa-ca` will be set to that address. You likely still want that...

@dcode Did the combination of `-e IPA_SERVER_IP=192.168.1.52` and `--ip-address=192.168.1.52` yield acceptable results for you?

Right. I was aware of the note about the `--ip-address` in the documentation. In the past, the `ipa-server-install` failed when IP address was specified for which interface did not exist...

@frasertweedale, any suggestions about the correct handling of IP addresses where the IP addresses as seen by the FreeIPA server are internal ones that should never be advertised via DNS...

I tried a couple of approaches and test deployments and I have the following questions, likely on @abbra and @frasertweedale: What is the primary information about FreeIPA server's IP address?...

@abbra, @frasertweedale Would you have some answers to the questions above? I seem to have hit the limits of my understanding how things are expected to be structured and where...

Note to self: one implication of using `--ip-address` is https://pagure.io/freeipa/issue/8888, discussed in https://github.com/freeipa/freeipa-container/issues/383#issuecomment-864605076.

> > Without DNS server, `ipa dns-update-system-records --dry-run` does not show any A-record related information. Is that expected? > > I know its been a year since you originally posed...

I can imagine you should be able to store the `ipa-server-install` options as a secret and then set that secret to the appropriate location under `/data`: ``` --secret source=options-with-credentials,target=/data/ipa-server-install-options ```...