RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2715

This ticket is a follow up for #2648.

Amazon EC2 cloud environment network architecture does not play well with IPA's demand for static IP address bound to one of its network interfaces. A short description of the EC2 networking:
* VM has a private dynamic IP address which changes upon reboot of the machine
* VM has a public IP address that can be used to access the IPA machine from the outside networks
* User can ask for ''elastic IP'' which are not assigned to an interface but are always redirected correctly to the current instance

To solve this ticket we would need to at least:
* Make IP address checks less strict - the check if IP address is assigned to interface should rather be a warning and not a blocking error
  * This would enable user to use elastic IP address as IPA IP address that is then inserted to the `/etc/hosts` and used in DNS records
  * We need to make sure that DNS, client enrollment, Web UI, replication works correctly
* Do more investigation if we can help with the use of dynamic address as IPA IP address. We can at least provide some example in our documentation about how to update IPA IP address in `/etc/hosts` after reboot

I think this bug is too general. FreeIPA can be already used in Cloud Environments (like FreeIPA Public Demo running in the OpenStack), we can work on improvements and usability, but I would rather track the specific improvement requests than this catch all Bugzilla.

It is sad to see this bugzilla closed without pointer to where those specific issues will be tracked.

I agree that the comment 0 could have described specific Steps to reproduce to make it more clear where the pain points but there is enough material there that we seem to lose. Can't we turn this bugzilla into a tracker, with the individual issues tracked under it?

I would rather track this in the upstream tracker and for example start marking related tickets with "ec2", "openstack" or similar keyword. I am afraid that maintaining the tracker here in the Bugzilla would just again lead to obsoleting Bug (like this one) that is not being actively updated.