diff --git a/ipaserver/install/ntpinstance.py b/ipaserver/install/ntpinstance.py index 8b0f0e539..2cac7baf1 100644 --- a/ipaserver/install/ntpinstance.py +++ b/ipaserver/install/ntpinstance.py @@ -19,6 +19,7 @@ # from ipaserver.install import service +from ipaserver.install import sysupgrade from ipapython import sysrestore from ipapython import ipautil from ipaplatform.constants import constants @@ -28,9 +29,28 @@ from ipapython.ipa_log_manager import root_logger NTPD_OPTS_VAR = constants.NTPD_OPTS_VAR NTPD_OPTS_QUOTE = constants.NTPD_OPTS_QUOTE +NTP_EXPOSED_IN_LDAP = 'exposed_in_ldap' + + +def ntp_ldap_enable(fqdn, base_dn, realm): + ntp = NTPInstance(realm=realm) + is_exposed_in_ldap = sysupgrade.get_upgrade_state( + 'ntp', NTP_EXPOSED_IN_LDAP) + + was_running = ntp.is_running() + + if ntp.is_configured() and not is_exposed_in_ldap: + ntp.ldap_enable('NTP', fqdn, None, base_dn) + sysupgrade.set_upgrade_state('ntp', NTP_EXPOSED_IN_LDAP, True) + + if was_running: + ntp.start() + + class NTPInstance(service.Service): - def __init__(self, fstore=None): + def __init__(self, realm=None, fstore=None): service.Service.__init__(self, "ntpd", service_desc="NTP daemon") + self.realm = realm if fstore: self.fstore = fstore diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index e8d4db878..46b7190dc 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -856,6 +856,9 @@ def install(installer): idstart=options.idstart, idmax=options.idmax, subject_base=options.subject, hbac_allow=not options.no_hbac_allow) + + ntpinstance.ntp_ldap_enable(host_name, ds.suffix, realm_name) + else: ds = dsinstance.DsInstance(fstore=fstore, domainlevel=options.domainlevel) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 6c0ad6939..f59788047 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -780,6 +780,8 @@ def install(installer): # Configure dirsrv ds = install_replica_ds(config, options, ca_enabled, remote_api) + ntpinstance.ntp_ldap_enable(config.host_name, ds.suffix, api.env.realm) + # Always try to install DNS records install_dns_records(config, options, remote_api) finally: @@ -1350,6 +1352,9 @@ def promote(installer): # or certmonger will fail to contact the peer master install_http_certs(config, fstore, remote_api) + ntpinstance.ntp_ldap_enable(config.host_name, ds.suffix, + remote_api.env.realm) + finally: if conn.isconnected(): conn.disconnect() diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index cd9b7c4a8..0c5f32d95 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -32,6 +32,7 @@ from ipaserver.install import installutils from ipaserver.install import dsinstance from ipaserver.install import httpinstance from ipaserver.install import memcacheinstance +from ipaserver.install import ntpinstance from ipaserver.install import bindinstance from ipaserver.install import service from ipaserver.install import cainstance @@ -1584,6 +1585,8 @@ def upgrade_configuration(): ds.configure_dirsrv_ccache() + ntpinstance.ntp_ldap_enable(api.env.host, api.env.basedn, api.env.realm) + # ldap2 connection is not valid after DS restart, close connection otherwise # it will cause network errors if api.Backend.ldap2.isconnected(): diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 40767acd5..cdd4354df 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -41,6 +41,7 @@ SERVICE_LIST = { 'MEMCACHE': ('ipa_memcached', 39), 'HTTP': ('httpd', 40), 'KEYS': ('ipa-custodia', 41), + 'NTP': ('ntpd', 45), 'CA': ('pki-tomcatd', 50), 'KRA': ('pki-tomcatd', 51), 'ADTRUST': ('smb', 60),