Add NTP to the list of services stored in IPA masters LDAP subtree

IPA masters can be configured as NTP servers but the status of this service
can not be determined centrally from querying relevant LDAP subtree. This
patch makes IPA master and replica publish the newly configured NTP service in
their service container during installation.

If the master was configured as NTP server, the NTP service entry will be
created upon upgrade.

https://fedorahosted.org/freeipa/ticket/5815
https://fedorahosted.org/freeipa/ticket/5826

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>

ipaserver/install/ntpinstance.py

@@ -19,6 +19,7 @@
 #
 
 from ipaserver.install import service
+from ipaserver.install import sysupgrade
 from ipapython import sysrestore
 from ipapython import ipautil
 from ipaplatform.constants import constants
@@ -28,9 +29,28 @@ from ipapython.ipa_log_manager import root_logger
 NTPD_OPTS_VAR = constants.NTPD_OPTS_VAR
 NTPD_OPTS_QUOTE = constants.NTPD_OPTS_QUOTE
 
+NTP_EXPOSED_IN_LDAP = 'exposed_in_ldap'
+
+
+def ntp_ldap_enable(fqdn, base_dn, realm):
+    ntp = NTPInstance(realm=realm)
+    is_exposed_in_ldap = sysupgrade.get_upgrade_state(
+        'ntp', NTP_EXPOSED_IN_LDAP)
+
+    was_running = ntp.is_running()
+
+    if ntp.is_configured() and not is_exposed_in_ldap:
+        ntp.ldap_enable('NTP', fqdn, None, base_dn)
+        sysupgrade.set_upgrade_state('ntp', NTP_EXPOSED_IN_LDAP, True)
+
+        if was_running:
+            ntp.start()
+
+
 class NTPInstance(service.Service):
-    def __init__(self, fstore=None):
+    def __init__(self, realm=None, fstore=None):
         service.Service.__init__(self, "ntpd", service_desc="NTP daemon")
+        self.realm = realm
 
         if fstore:
             self.fstore = fstore

ipaserver/install/server/install.py

@@ -856,6 +856,9 @@ def install(installer):
                                idstart=options.idstart, idmax=options.idmax,
                                subject_base=options.subject,
                                hbac_allow=not options.no_hbac_allow)
+
+        ntpinstance.ntp_ldap_enable(host_name, ds.suffix, realm_name)
+
     else:
         ds = dsinstance.DsInstance(fstore=fstore,
                                    domainlevel=options.domainlevel)

ipaserver/install/server/replicainstall.py

@@ -780,6 +780,8 @@ def install(installer):
         # Configure dirsrv
         ds = install_replica_ds(config, options, ca_enabled, remote_api)
 
+        ntpinstance.ntp_ldap_enable(config.host_name, ds.suffix, api.env.realm)
+
         # Always try to install DNS records
         install_dns_records(config, options, remote_api)
     finally:
@@ -1350,6 +1352,9 @@ def promote(installer):
         # or certmonger will fail to contact the peer master
         install_http_certs(config, fstore, remote_api)
 
+        ntpinstance.ntp_ldap_enable(config.host_name, ds.suffix,
+                                    remote_api.env.realm)
+
     finally:
         if conn.isconnected():
             conn.disconnect()

ipaserver/install/server/upgrade.py

@@ -32,6 +32,7 @@ from ipaserver.install import installutils
 from ipaserver.install import dsinstance
 from ipaserver.install import httpinstance
 from ipaserver.install import memcacheinstance
+from ipaserver.install import ntpinstance
 from ipaserver.install import bindinstance
 from ipaserver.install import service
 from ipaserver.install import cainstance
@@ -1584,6 +1585,8 @@ def upgrade_configuration():
 
     ds.configure_dirsrv_ccache()
 
+    ntpinstance.ntp_ldap_enable(api.env.host, api.env.basedn, api.env.realm)
+
     # ldap2 connection is not valid after DS restart, close connection otherwise
     # it will cause network errors
     if api.Backend.ldap2.isconnected():

ipaserver/install/service.py

@@ -41,6 +41,7 @@ SERVICE_LIST = {
     'MEMCACHE': ('ipa_memcached', 39),
     'HTTP': ('httpd', 40),
     'KEYS': ('ipa-custodia', 41),
+    'NTP': ('ntpd', 45),
     'CA': ('pki-tomcatd', 50),
     'KRA': ('pki-tomcatd', 51),
     'ADTRUST': ('smb', 60),