Issue #3735: ipa-client-install should not run ntpdate when ntpd is running - freeipa

freeipa

#3735 ipa-client-install should not run ntpdate when ntpd is running

Closed: wontfix 5 years ago Opened 10 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 975307

Description of problem:

During ipa-client-install this warning is displayed:

WARNING Unable to sync time with IPA NTP server, assuming the time is in sync.
Please check that 123 UDP port is opened.

The IPA NTP server is available and responding to other clients.
ipa-client-install does configure and start ntpd which then works correctly.

This is not a big problem, more of an annoyance really, but it did cause me to
stop and check that NTP was working.


Version-Release number of selected component (if applicable):

freeipa-client-3.1.5-1.fc18.x86_64


How reproducible:

This warning is only displayed where the ipa client is being rebuilt.


Steps to Reproduce:

1. ipa-client-install --uninstall
2. reboot
3. ipa-client-install \
     --domain hunter.org \
     --enable-dns-updates \
     --password adminpassword \
     --principal admin \
     --realm HUNTER.ORG \
     --ssh-trust-dns \
     --unattended


Actual results: from ipaclient-install.log

2013-06-18T03:34:10Z INFO Synchronizing time with KDC...
2013-06-18T03:34:10Z DEBUG Search DNS for SRV record of _ntp._udp.hunter.org
2013-06-18T03:34:10Z DEBUG DNS record found: 0 100 123 ipa.hunter.org.
2013-06-18T03:34:10Z DEBUG Starting external process
2013-06-18T03:34:10Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
ipa.hunter.org
2013-06-18T03:34:10Z DEBUG Process finished, return code=1
2013-06-18T03:34:10Z DEBUG stdout=
2013-06-18T03:34:10Z DEBUG stderr=
2013-06-18T03:34:10Z DEBUG Starting external process
2013-06-18T03:34:10Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
ipa.hunter.org
2013-06-18T03:34:10Z DEBUG Process finished, return code=1
2013-06-18T03:34:10Z DEBUG stdout=
2013-06-18T03:34:10Z DEBUG stderr=
2013-06-18T03:34:10Z DEBUG Starting external process
2013-06-18T03:34:10Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
ipa.hunter.org
2013-06-18T03:34:10Z DEBUG Process finished, return code=1
2013-06-18T03:34:10Z DEBUG stdout=
2013-06-18T03:34:10Z DEBUG stderr=
2013-06-18T03:34:10Z DEBUG Starting external process
2013-06-18T03:34:10Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
ipa.hunter.org
2013-06-18T03:34:10Z DEBUG Process finished, return code=1
2013-06-18T03:34:10Z DEBUG stdout=
2013-06-18T03:34:10Z DEBUG stderr=
2013-06-18T03:34:10Z DEBUG Starting external process
2013-06-18T03:34:10Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
ipa.hunter.org
2013-06-18T03:34:10Z DEBUG Process finished, return code=1
2013-06-18T03:34:10Z DEBUG stdout=
2013-06-18T03:34:10Z DEBUG stderr=
2013-06-18T03:34:10Z DEBUG Starting external process
2013-06-18T03:34:10Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
ipa.hunter.org
2013-06-18T03:34:10Z DEBUG Process finished, return code=1
2013-06-18T03:34:10Z DEBUG stdout=
2013-06-18T03:34:10Z DEBUG stderr=
2013-06-18T03:34:10Z WARNING Unable to sync time with IPA NTP server, assuming
the time is in sync. Please check that 123 UDP port is opened.


Expected results:

This command:

  /usr/sbin/ntpdate -U ntp -s -b -v ipa.hunter.org

should be successful.


Additional info:

I believe the problem is that when the ipa client is uninstalled the
ntpd.service is not stopped. If ntpd.service is running ntpdate will fail
because it can not use the port. Inserting:

  systemctl stop ntpd.service

before:

  ipa-client-install \
    --domain hunter.org \
    --enable-dns-updates \
    --password adminpassword \
    --principal admin \
    --realm HUNTER.ORG \
    --ssh-trust-dns \
    --unattended

resolved the problem.