diff --git a/roles/base/templates/krb5.conf.j2 b/roles/base/templates/krb5.conf.j2
index 522abfe7b6..a7316b7a21 100644
--- a/roles/base/templates/krb5.conf.j2
+++ b/roles/base/templates/krb5.conf.j2
@@ -16,7 +16,7 @@
 [realms]
  {{ ipa_realm }} = {
 {% if ansible_distribution_major_version|default(0)|int == 6 and ansible_distribution == "RedHat" %}
-  kdc = ipa01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org
+  kdc = {{ ipa_server }}
 {% else %}
   kdc = https://id{{ env_suffix }}.fedoraproject.org/KdcProxy
 {% endif %}
diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index 9a9736838f..178ca6d9be 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -127,7 +127,7 @@
 - name: configure replication
   block:
   - name: create replica file
-    delegate_to: ipa01{{ env_suffix }}.iad2.fedoraproject.org
+    delegate_to: {{ ipa_server }}
     command: ipa-replica-prepare
              --password={{ipa_dm_password}}
              {{inventory_hostname}}
@@ -135,7 +135,7 @@
     when: ansible_distribution_major_version|int < 8
 
   - name: retrieve replica file
-    delegate_to: ipa01{{ env_suffix }}.iad2.fedoraproject.org
+    delegate_to: {{ ipa_server }}
     fetch: src=/var/lib/ipa/replica-info-{{inventory_hostname}}.gpg
            dest=/tmp/ipa_replica_{{inventory_hostname}}.gpg
            flat=yes
@@ -197,7 +197,7 @@
              --force-join
              --log-file=/var/log/ipainstall.log
              --domain={{ipa_realm}}
-             --server=ipa02{{ env_suffix }}.iad2.fedoraproject.org
+             --server={{ ipa_server }}
              --dirsrv-config-file=/root/ldif/replica-install.ldif
     when: ansible_distribution_major_version|int >= 8
   when: not ipa_initial and replication_status.rc > 0
diff --git a/roles/ipa/server/tasks/scripts.yml b/roles/ipa/server/tasks/scripts.yml
index e02c73f145..5d2d83c390 100644
--- a/roles/ipa/server/tasks/scripts.yml
+++ b/roles/ipa/server/tasks/scripts.yml
@@ -39,7 +39,7 @@
     ipa_pass: "{{ipa_admin_password}}"
     validate_certs: no
   run_once: yes
-  delegate_to: "ipa01{{ env_suffix }}.iad2.fedoraproject.org"
+  delegate_to: "{{ ipa_server }}"
   tags:
   - ipa/server
   - config
@@ -52,7 +52,7 @@
     mode: 0755
   # Only run the cron job on one server
   run_once: yes
-  delegate_to: "ipa01{{ env_suffix }}.iad2.fedoraproject.org"
+  delegate_to: "{{ ipa_server }}"
   tags:
   - ipa/server
   - config
@@ -109,4 +109,4 @@
     - collectd
   # Only collect stats on one server
   run_once: yes
-  delegate_to: "ipa01{{ env_suffix }}.iad2.fedoraproject.org"
+  delegate_to: "{{ ipa_server }}"
diff --git a/roles/ipa/server/templates/check_sysadmin_otp.py.j2 b/roles/ipa/server/templates/check_sysadmin_otp.py.j2
index ed00002aa4..bee419855e 100644
--- a/roles/ipa/server/templates/check_sysadmin_otp.py.j2
+++ b/roles/ipa/server/templates/check_sysadmin_otp.py.j2
@@ -59,7 +59,7 @@ def parse_args():
     parser = argparse.ArgumentParser(description="Check for sysadmin users with no otp token set, admin credentials are required to run script")
     parser.add_argument("-u", "--username", default="admin", help="ipa user to use")
     parser.add_argument("-c", "--cert-path", default="/etc/ipa/ca.crt", help="location of ipa cert")
-    parser.add_argument("-s", "--server-address", default="ipa01{{ env_suffix }}.iad2.fedoraproject.org", help="server to run against")
+    parser.add_argument("-s", "--server-address", default="{{ ipa_server }}", help="server to run against")
     parser.add_argument("-p", "--password", help="ipa user password", required=True)