Remove unnecessary option --force-chrony

FreeIPA will always force chrony service and disable any
other conflicting time synchronization daemon.
Add --ntp-server option to server manpage and note to NTP pool option.

Addresses: https://pagure.io/freeipa/issue/7024
Reviewed-By: Rob Crittenden <rcritten@redhat.com>

client/man/ipa-client-install.1

@@ -113,14 +113,11 @@ Join the host even if it is already enrolled.
 Configure chronyd to use this NTP server. This option can be used multiple times and it is used to specify exactly one time server.
 .TP
 \fB\-\-ntp\-pool\fR=\fINTP_SERVER_POOL\fR
-Configure chronyd to use this NTP server pool.
+Configure chronyd to use this NTP server pool. This option is meant to be pool of multiple servers resolved as one host name. This pool's servers may vary but pool address will be still same and chrony will choose only one server from this pool.
 .TP
 \fB\-N\fR, \fB\-\-no\-ntp\fR
 Do not configure NTP client (chronyd).
 .TP
-\fB\-\-force\-chrony\fR
-Stop and disable any time&date synchronization services besides chronyd.
-.TP
 \fB\-\-nisdomain\fR=\fINIS_DOMAIN\fR
 Set the NIS domain name as specified. By default, this is set to the IPA domain name.
 .TP

install/tools/man/ipa-replica-install.1

@@ -87,14 +87,11 @@ Create home directories for users on their first login
 Configure chronyd to use this NTP server. This option can be used multiple times and it is used to specify exactly one time server.
 .TP
 \fB\-\-ntp\-pool\fR=\fINTP_SERVER_POOL\fR
-Configure chronyd to use this NTP server pool.
+Configure chronyd to use this NTP server pool. This option is meant to be pool of multiple servers resolved as one host name. This pool's servers may vary but pool address will be still same and chrony will choose only one server from this pool.
 .TP
 \fB\-N\fR, \fB\-\-no\-ntp\fR
 Do not configure NTP client (chronyd).
 .TP
-\fB\-\-force\-chrony\fR
-Stop and disable any time&date synchronization services besides chronyd.
-.TP
 \fB\-\-no\-ui\-redirect\fR
 Do not automatically redirect to the Web UI.
 .TP

install/tools/man/ipa-server-install.1

@@ -44,15 +44,15 @@ This option can be used multiple times to specify more IP addresses of the serve
 .TP
 Configure chronyd to use this NTP server. This option can be used multiple times and it is used to specify exactly one time server.
 .TP
+\fB\-\-ntp\-server\fR=\fINTP_SERVER\fR
+Configure chronyd to use this NTP server. This option can be used multiple times and it is used to specify exactly one time server.
+.TP
 \fB\-\-ntp\-pool\fR=\fINTP_SERVER_POOL\fR
-Configure chronyd to use this NTP server pool.
+Configure chronyd to use this NTP server pool. This option is meant to be pool of multiple servers resolved as one host name. This pool's servers may vary but pool address will be still same and chrony will choose only one server from this pool.
 .TP
 \fB\-N\fR, \fB\-\-no\-ntp\fR
 Do not configure NTP client (chronyd).
 .TP
-\fB\-\-force\-chrony\fR
-Stop and disable any time&date synchronization services besides chronyd.
-.TP
 \fB\-\-idstart\fR=\fIIDSTART\fR
 The starting user and group id number (default random).
 .TP

ipaclient/install/client.py

@@ -1987,20 +1987,14 @@ def install_check(options):
             "using 'ipa-client-install --uninstall'.")
         raise ScriptError(rval=CLIENT_ALREADY_CONFIGURED)
 
-    if options.conf_ntp and not options.force_chrony:
+    if options.conf_ntp:
         try:
             timeconf.check_timedate_services()
         except timeconf.NTPConflictingService as e:
-            print("WARNING: chronyd time&date synchronization service will not"
+            print("WARNING: conflicting time&date synchronization service '{}'"
-                  " be configured as")
+                  " will be disabled".format(e.conflicting_service))
-            print("conflicting service ({}) is enabled".format(
+            print("in favor of chronyd")
-                e.conflicting_service))
-            print("Use --force-chrony option to disable it and force "
-                  "use of chronyd")
             print("")
-            # TODO decide what to do if there is conflicting service
-            # configuration of chrony is disabled in this case
-            options.conf_ntp = False
         except timeconf.NTPConfigurationError:
             pass
 
@@ -2345,18 +2339,16 @@ def update_ipa_nssdb():
                                    (nickname, sys_db.secdir, e))
 
 
-def sync_time(options, fstore, statestore, force):
+def sync_time(options, fstore, statestore):
     """
-    Will disable any other time synchronization service if the --force-chrony
+    Will disable any other time synchronization service and configure chrony
-    option set, and configure chrony with given ntp(chrony) server and/or pool
+    with given ntp(chrony) server and/or pool using Augeas.
-    using Augeas in configure_chrony method.
     If there is no option --ntp-server set IPADiscovery will try to find ntp
     server in DNS records.
     """
     # We assume that NTP servers are discoverable through SRV records in DNS.
 
     # disable other time&date services first
-    if force:
     timeconf.force_chrony(statestore)
 
     print("Synchronizing time")
@@ -2462,7 +2454,7 @@ def _install(options):
 
     if options.conf_ntp:
         # Attempt to sync time with NTP server (chrony).
-        sync_time(options, fstore, statestore, options.force_chrony)
+        sync_time(options, fstore, statestore)
     elif options.on_master:
         # If we're on master skipping the time sync here because it was done
         # in ipa-server-install
@@ -3478,18 +3470,10 @@ class ClientInstallInterface(hostname_.HostNameInstallInterface,
         None, False,
         deprecated=True,
         description="Stop and disable any time&date synchronization services "
-                    "besides ntpd. "
+                    "besides ntpd. This option has been deprecated",
-                    "This option has been obsoleted by --force-chrony",
     )
     force_ntpd = enroll_only(force_ntpd)
 
-    force_chrony = knob(
-        None,
-        description="Stop and disable any time&date synchronization services "
-                    "besides chrony",
-    )
-    force_chrony = enroll_only(force_chrony)
-
     nisdomain = knob(
         str, None,
         description="NIS domain name",
@@ -3557,12 +3541,7 @@ class ClientInstallInterface(hostname_.HostNameInstallInterface,
                 "--server cannot be used without providing --domain")
 
         if self.force_ntpd:
-            raise RuntimeError(
+            logger.warning("Option --force-ntpd has been deprecated")
-                "--force-ntpd has been obsoleted by --force-chrony")
-
-        if self.force_chrony and self.no_ntp:
-            raise RuntimeError(
-                "--force-chrony cannot be used together with --no-ntp")
 
         if self.ntp_servers and self.no_ntp:
             raise RuntimeError(

ipaclient/install/timeconf.py

@@ -168,7 +168,7 @@ def force_chrony(statestore):
 
 def restore_forced_timeservices(statestore, skip_service='chronyd'):
     """
-    Restore from --force-chronyd installation and enable/start service that
+    Restore from installation and enable/start service that
     were disabled/stopped during installation
     """
     for service in services.timedate_services:

ipaserver/install/server/__init__.py

@@ -168,7 +168,6 @@ class ServerInstallInterface(ServerCertificateInstallInterface,
 
     kinit_attempts = 1
     fixed_primary = True
-    force_chrony = False
     permit = False
     enable_dns_updates = False
     no_krb5_offline_passwords = False

ipaserver/install/server/install.py

@@ -766,8 +766,7 @@ def install(installer):
         # chrony will be handled here in uninstall() method as well by invoking
         # the ipa-server-install --uninstall
         if not options.no_ntp:
-            ipaclient.install.client.sync_time(
+            ipaclient.install.client.sync_time(options, fstore, sstore)
-                options, fstore, sstore, force=True)
 
         if options.dirsrv_cert_files:
             ds = dsinstance.DsInstance(fstore=fstore,

ipaserver/install/server/replicainstall.py

@@ -947,8 +947,6 @@ def ensure_enrolled(installer):
         args.append("--force-join")
     if installer.no_ntp:
         args.append("--no-ntp")
-    else:
-        args.append("--force-chrony")
 
     try:
         # Call client install script