ipa-client-install stops chrony before enabling and configuring the NTP service. However, even before that step, initial NTP-based synchronization is done that can fail if chrony is running.
# service chrony start # ipa-client-install --domain f21 --force-ntpd Discovery was successful! Hostname: vm-039.idm.lab.bos.redhat.com Realm: F21 DNS Domain: f21 IPA Server: ipa.f21 BaseDN: dc=f21 Continue to configure the system with these values? [no]: y Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. User authorized to enroll computers: admin Password for admin@F21: Successfully retrieved CA cert ...
Related sequent of the NTP/chrony related steps:
# egrep "(chronyd|ntpd)" /var/log/ipaclient-install.log 2015-03-25T12:10:20Z DEBUG /usr/sbin/ipa-client-install was invoked with options: {'domain': 'f21', 'force': False, 'krb5_offline_passwords': True, 'configure_firefox': False, 'primary': False, 'conf_sudo': True, 'force_ntpd': True, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': False, 'no_nisdomain': False, 'nisdomain': None, 'ntp_server': None, 'principal': None, 'keytab': None, 'hostname': None, 'request_cert': False, 'no_ac': False, 'unattended': None, 'location': None, 'sssd': True, 'trust_sshfp': False, 'dns_updates': False, 'realm_name': None, 'conf_ssh': True, 'force_join': False, 'firefox_dir': None, 'ca_cert_file': None, 'server': None, 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'mkhomedir': False, 'uninstall': False} 2015-03-25T12:10:21Z DEBUG args='/usr/sbin/ntpd' '-qgc' '/tmp/tmpLYAIXF' 2015-03-25T12:10:21Z DEBUG args='/usr/sbin/ntpd' '-qgc' '/tmp/tmpdvenOx' chronyd.service enabled ntpd.service disabled ntpdate.service disabled chronyd.service enabled ntpd.service disabled ntpdate.service disabled 2015-03-25T12:10:35Z DEBUG args='/bin/systemctl' 'is-enabled' 'chronyd.service' 2015-03-25T12:10:35Z DEBUG args='/bin/systemctl' 'is-active' 'chronyd.service' 2015-03-25T12:10:35Z DEBUG args='/bin/systemctl' 'stop' 'chronyd.service' 2015-03-25T12:10:35Z DEBUG args='/bin/systemctl' 'disable' 'chronyd.service' 2015-03-25T12:10:35Z DEBUG stderr=rm '/etc/systemd/system/multi-user.target.wants/chronyd.service' 2015-03-25T12:10:35Z DEBUG args='/bin/systemctl' 'is-enabled' 'ntpd.service' 2015-03-25T12:10:35Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' 2015-03-25T12:10:35Z DEBUG args='/sbin/restorecon' '/etc/sysconfig/ntpd' 2015-03-25T12:10:35Z DEBUG args='/bin/systemctl' 'enable' 'ntpd.service' 2015-03-25T12:10:36Z DEBUG stderr=ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-user.target.wants/ntpd.service' 2015-03-25T12:10:36Z DEBUG args='/bin/systemctl' 'restart' 'ntpd.service' 2015-03-25T12:10:36Z DEBUG args='/bin/systemctl' 'is-active' 'ntpd.service'
Related to #4669. Related freeipa-users thread.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1206608 (Red Hat Enterprise Linux 7)
During processing of remaining tickets in 4.2 Backlog, this ticket was found as suitable to be fixed in the nearest bugfixing branch - which is 4.2.x.
FreeIPA 4.2.1 was released, moving to 4.2.x.
Metadata Update from @mkosek: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5 backlog
The ntpd has been deprecated in FreeIPA upstream. https://pagure.io/freeipa/issue/7024 https://github.com/freeipa/freeipa/pull/1535
Changes are described in design page https://www.freeipa.org/page/V4/ntpd_deprecation/chronyd_support Closing as wont fix.
Metadata Update from @tdudlak: - Issue close_status updated to: None
Metadata Update from @tdudlak: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.