IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove unnecessary option --force-chrony

Browse Source 
FreeIPA will always force chrony service and disable any
other conflicting time synchronization daemon.
Add --ntp-server option to server manpage and note to NTP pool option.

Addresses: https://pagure.io/freeipa/issue/7024
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Tibor Dudlák 2018-03-26 15:54:13 +02:00 committed by Rob Crittenden
parent dba87a47a7
commit 74c2b46cde
8 changed files with 19 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
client/man/ipa-client-install.1
View File

@ -113,14 +113,11 @@ Join the host even if it is already enrolled.
Configure chronyd to use this NTP server. This option can be used multiple times and it is used to specify exactly one time server.
.TP
\fB\-\-ntp\-pool\fR=\fINTP_SERVER_POOL\fR
Configure chronyd to use this NTP server pool.
Configure chronyd to use this NTP server pool. This option is meant to be pool of multiple servers resolved as one host name. This pool's servers may vary but pool address will be still same and chrony will choose only one server from this pool.
.TP
\fB\-N\fR, \fB\-\-no\-ntp\fR
Do not configure NTP client (chronyd).
.TP
\fB\-\-force\-chrony\fR
Stop and disable any time&date synchronization services besides chronyd.
.TP
\fB\-\-nisdomain\fR=\fINIS_DOMAIN\fR
Set the NIS domain name as specified. By default, this is set to the IPA domain name.
.TP

5
install/tools/man/ipa-replica-install.1
View File

@ -87,14 +87,11 @@ Create home directories for users on their first login
Configure chronyd to use this NTP server. This option can be used multiple times and it is used to specify exactly one time server.
.TP
\fB\-\-ntp\-pool\fR=\fINTP_SERVER_POOL\fR
Configure chronyd to use this NTP server pool.
Configure chronyd to use this NTP server pool. This option is meant to be pool of multiple servers resolved as one host name. This pool's servers may vary but pool address will be still same and chrony will choose only one server from this pool.
.TP
\fB\-N\fR, \fB\-\-no\-ntp\fR
Do not configure NTP client (chronyd).
.TP
\fB\-\-force\-chrony\fR
Stop and disable any time&date synchronization services besides chronyd.
.TP
\fB\-\-no\-ui\-redirect\fR
Do not automatically redirect to the Web UI.
.TP

8
install/tools/man/ipa-server-install.1
View File

@ -44,15 +44,15 @@ This option can be used multiple times to specify more IP addresses of the serve
.TP
Configure chronyd to use this NTP server. This option can be used multiple times and it is used to specify exactly one time server.
.TP
\fB\-\-ntp\-server\fR=\fINTP_SERVER\fR
Configure chronyd to use this NTP server. This option can be used multiple times and it is used to specify exactly one time server.
.TP
\fB\-\-ntp\-pool\fR=\fINTP_SERVER_POOL\fR
Configure chronyd to use this NTP server pool.
Configure chronyd to use this NTP server pool. This option is meant to be pool of multiple servers resolved as one host name. This pool's servers may vary but pool address will be still same and chrony will choose only one server from this pool.
.TP
\fB\-N\fR, \fB\-\-no\-ntp\fR
Do not configure NTP client (chronyd).
.TP
\fB\-\-force\-chrony\fR
Stop and disable any time&date synchronization services besides chronyd.
.TP
\fB\-\-idstart\fR=\fIIDSTART\fR
The starting user and group id number (default random).
.TP

43
ipaclient/install/client.py
View File

@ -1987,20 +1987,14 @@ def install_check(options):
"using 'ipa-client-install --uninstall'.")
raise ScriptError(rval=CLIENT_ALREADY_CONFIGURED)
if options.conf_ntp and not options.force_chrony:
if options.conf_ntp:
try:
timeconf.check_timedate_services()
except timeconf.NTPConflictingService as e:
print("WARNING: chronyd time&date synchronization service will not"
" be configured as")
print("conflicting service ({}) is enabled".format(
e.conflicting_service))
print("Use --force-chrony option to disable it and force "
"use of chronyd")
print("WARNING: conflicting time&date synchronization service '{}'"
" will be disabled".format(e.conflicting_service))
print("in favor of chronyd")
print("")
# TODO decide what to do if there is conflicting service
# configuration of chrony is disabled in this case
options.conf_ntp = False
except timeconf.NTPConfigurationError:
pass
@ -2345,19 +2339,17 @@ def update_ipa_nssdb():
(nickname, sys_db.secdir, e))
def sync_time(options, fstore, statestore, force):
def sync_time(options, fstore, statestore):
"""
Will disable any other time synchronization service if the --force-chrony
option set, and configure chrony with given ntp(chrony) server and/or pool
using Augeas in configure_chrony method.
Will disable any other time synchronization service and configure chrony
with given ntp(chrony) server and/or pool using Augeas.
If there is no option --ntp-server set IPADiscovery will try to find ntp
server in DNS records.
"""
# We assume that NTP servers are discoverable through SRV records in DNS.
# disable other time&date services first
if force:
timeconf.force_chrony(statestore)
timeconf.force_chrony(statestore)
print("Synchronizing time")
logger.info('Synchronizing time with KDC...')
@ -2462,7 +2454,7 @@ def _install(options):
if options.conf_ntp:
# Attempt to sync time with NTP server (chrony).
sync_time(options, fstore, statestore, options.force_chrony)
sync_time(options, fstore, statestore)
elif options.on_master:
# If we're on master skipping the time sync here because it was done
# in ipa-server-install
@ -3478,18 +3470,10 @@ class ClientInstallInterface(hostname_.HostNameInstallInterface,
None, False,
deprecated=True,
description="Stop and disable any time&date synchronization services "
"besides ntpd. "
"This option has been obsoleted by --force-chrony",
"besides ntpd. This option has been deprecated",
)
force_ntpd = enroll_only(force_ntpd)
force_chrony = knob(
None,
description="Stop and disable any time&date synchronization services "
"besides chrony",
)
force_chrony = enroll_only(force_chrony)
nisdomain = knob(
str, None,
description="NIS domain name",
@ -3557,12 +3541,7 @@ class ClientInstallInterface(hostname_.HostNameInstallInterface,
"--server cannot be used without providing --domain")
if self.force_ntpd:
raise RuntimeError(
"--force-ntpd has been obsoleted by --force-chrony")
if self.force_chrony and self.no_ntp:
raise RuntimeError(
"--force-chrony cannot be used together with --no-ntp")
logger.warning("Option --force-ntpd has been deprecated")
if self.ntp_servers and self.no_ntp:
raise RuntimeError(

2
ipaclient/install/timeconf.py
View File

@ -168,7 +168,7 @@ def force_chrony(statestore):
def restore_forced_timeservices(statestore, skip_service='chronyd'):
"""
Restore from --force-chronyd installation and enable/start service that
Restore from installation and enable/start service that
were disabled/stopped during installation
"""
for service in services.timedate_services:

1
ipaserver/install/server/__init__.py
View File

@ -168,7 +168,6 @@ class ServerInstallInterface(ServerCertificateInstallInterface,
kinit_attempts = 1
fixed_primary = True
force_chrony = False
permit = False
enable_dns_updates = False
no_krb5_offline_passwords = False

3
ipaserver/install/server/install.py
View File

@ -766,8 +766,7 @@ def install(installer):
# chrony will be handled here in uninstall() method as well by invoking
# the ipa-server-install --uninstall
if not options.no_ntp:
ipaclient.install.client.sync_time(
options, fstore, sstore, force=True)
ipaclient.install.client.sync_time(options, fstore, sstore)
if options.dirsrv_cert_files:
ds = dsinstance.DsInstance(fstore=fstore,

2
ipaserver/install/server/replicainstall.py
View File

@ -947,8 +947,6 @@ def ensure_enrolled(installer):
args.append("--force-join")
if installer.no_ntp:
args.append("--no-ntp")
else:
args.append("--force-chrony")
try:
# Call client install script