Setup and restore ntp configuration on the client side properly

When setting up the client-side NTP configuration, make sure that /etc/ntp/step-tickers point to IPA NTP server as well. When restoring the client during ipa-client-install --uninstall, make sure NTP configuration is fully restored and NTP service is disabled if it was disabled before the installation. https://fedorahosted.org/freeipa/ticket/1770
2025-01-26 16:16:31 -06:00 · 2011-10-04 13:56:12 +03:00 · 2011-10-04 13:56:12 +03:00 · f93d71409a
commit f93d71409a
parent 12bfed37d4
2 changed files with 62 additions and 16 deletions
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@ -320,6 +320,30 @@ def uninstall(options, env, quiet=False):
        # this is optional service, just log
        logging.info("%s daemon is not installed, skip configuration" % (nslcd.service_name))

+    ntp_configured = statestore.has_state('ntp')
+    if ntp_configured:
+        ntp_enabled = statestore.restore_state('ntp', 'enabled')
+        ntp_step_tickers = statestore.restore_state('ntp', 'step-tickers')
+
+        try:
+            # Restore might fail due to file missing in backup
+            # the reason for it might be that freeipa-client was updated
+            # to this version but not unenrolled/enrolled again
+            # In such case it is OK to fail
+            restored = fstore.restore_file("/etc/ntp.conf")
+            restored |= fstore.restore_file("/etc/sysconfig/ntpd")
+            if ntp_step_tickers:
+               restored |= fstore.restore_file("/etc/ntp/step-tickers")
+        except:
+            pass
+
+        if not ntp_enabled:
+           ipaservices.knownservices.ntpd.stop()
+           ipaservices.knownservices.ntpd.disable()
+        else:
+           if restored:
+               ipaservices.knownservices.ntpd.restart()
+
    if not options.unattended:
        emit_quiet(quiet, "The original nsswitch.conf configuration has been restored.")
        emit_quiet(quiet, "You may need to restart services or reboot the machine.")
@ -1103,7 +1127,7 @@ def install(options, env, fstore, statestore):
            ntp_server = options.ntp_server
        else:
            ntp_server = cli_server
-        ipaclient.ntpconf.config_ntp(ntp_server, fstore)
+        ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore)
        print "NTP enabled"

    print "Client configuration complete."
--- a/ipa-client/ipaclient/ntpconf.py
+++ b/ipa-client/ipaclient/ntpconf.py
@ -20,6 +20,7 @@
 from ipapython import ipautil
 from ipapython import services as ipaservices
 import shutil
+import os

 ntp_conf = """# Permit time synchronization with our time source, but do not
 # permit the source to query or modify the service on this system.
@ -80,30 +81,51 @@ SYNC_HWCLOCK=yes
 # Additional options for ntpdate
 NTPDATE_OPTIONS=""
 """
+ntp_step_tickers = """# Use IPA-provided NTP server for initial time
+$SERVER
+"""
+def __backup_config(path, fstore = None):
+    if fstore:
+        fstore.backup_file(path)
+    else:
+        shutil.copy(path, "%s.ipasave" % (path))

-def config_ntp(server_fqdn, fstore = None):
+def __write_config(path, content):
+    fd = open(path, "w")
+    fd.write(content)
+    fd.close()
+
+def config_ntp(server_fqdn, fstore = None, sysstore = None):
+    path_step_tickers = "/etc/ntp/step-tickers"
+    path_ntp_conf = "/etc/ntp.conf"
+    path_ntp_sysconfig = "/etc/sysconfig/ntpd"
    sub_dict = { }
    sub_dict["SERVER"] = server_fqdn

    nc = ipautil.template_str(ntp_conf, sub_dict)
+    config_step_tickers = False

-    if fstore:
-        fstore.backup_file("/etc/ntp.conf")
-    else:
-        shutil.copy("/etc/ntp.conf", "/etc/ntp.conf.ipasave")

-    fd = open("/etc/ntp.conf", "w")
-    fd.write(nc)
-    fd.close()
+    if os.path.exists(path_step_tickers):
+        config_step_tickers = True
+        ns = ipautil.template_str(ntp_step_tickers, sub_dict)
+        __backup_config(path_step_tickers, fstore)
+        __write_config(path_step_tickers, ns)
+        ipaservices.restore_context(path_step_tickers)

-    if fstore:
-        fstore.backup_file("/etc/sysconfig/ntpd")
-    else:
-        shutil.copy("/etc/sysconfig/ntpd", "/etc/sysconfig/ntpd.ipasave")
+    if sysstore:
+        module = 'ntp'
+        sysstore.backup_state(module, "enabled", ipaservices.knownservices.ntpd.is_enabled())
+        if config_step_tickers:
+            sysstore.backup_state(module, "step-tickers", True)

-    fd = open("/etc/sysconfig/ntpd", "w")
-    fd.write(ntp_sysconfig)
-    fd.close()
+    __backup_config(path_ntp_conf, fstore)
+    __write_config(path_ntp_conf, nc)
+    ipaservices.restore_context(path_ntp_conf)
+
+    __backup_config(path_ntp_sysconfig, fstore)
+    __write_config(path_ntp_sysconfig, ntp_sysconfig)
+    ipaservices.restore_context(path_ntp_sysconfig)

    # Set the ntpd to start on boot
    ipaservices.knownservices.ntpd.enable()