On 25.07.2017 14:38, Harald Dunkel wrote: > Package: freeipa-client > Version: 4.4.4-1+b1 > > ipa-client-install dies, if ntp is not installed (e.g. > on a LXC container). Sample session: > > root@logs01:~# ipa-client-install --hostname `hostname` --no-ssh --no-sshd > --no-nisdomain --no-sudo > Discovery was successful! > Client hostname: logs01.vs.example.com > Realm: EXAMPLE.COM > DNS Domain: example.com > IPA Server: ipa2.example.com > BaseDN: dc=example,dc=com > > Continue to configure the system with these values? [no]: yes > Synchronizing time with KDC... > Unable to sync time with NTP server, assuming the time is in sync. Please > check that 123 UDP port is opened. > User authorized to enroll computers: admin > Password for [email protected]: > Successfully retrieved CA cert > Subject: CN=example Root CA,OU=example Certificate > Authority,O=example AG,C=COM > Issuer: CN=example Root CA,OU=example Certificate > Authority,O=example AG,C=COM > Valid From: Tue May 26 07:14:50 2015 UTC > Valid Until: Sun Dec 31 23:59:59 2045 UTC > > Subject: CN=Certificate Authority,O=example AG,C=COM > Issuer: CN=example Root CA,OU=example Certificate > Authority,O=example AG,C=COM > Valid From: Mon Dec 28 10:35:30 2015 UTC > Valid Until: Mon Dec 31 23:59:59 2035 UTC > > Enrolled in IPA realm EXAMPLE.COM > Created /etc/ipa/default.conf > New SSSD config will be created > Configured /etc/sssd/sssd.conf > Configured /etc/krb5.conf for IPA realm EXAMPLE.COM > trying https://ipa2.example.com/ipa/json > Forwarding 'schema' to json server 'https://ipa2.example.com/ipa/json' > trying https://ipa2.example.com/ipa/session/json > Forwarding 'ping' to json server 'https://ipa2.example.com/ipa/session/json' > Forwarding 'ca_is_enabled' to json server > 'https://ipa2.example.com/ipa/session/json' > Systemwide CA database updated. > Adding SSH public key from /etc/ssh/ssh_host_rsa_key-cert.pub > Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub > Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub > Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub > Forwarding 'host_mod' to json server > 'https://ipa2.example.com/ipa/session/json' > Could not update DNS SSHFP records. > SSSD enabled > Configured /etc/openldap/ldap.conf > Traceback (most recent call last): > File "/usr/sbin/ipa-client-install", line 3138, in <module> > sys.exit(main()) > File "/usr/sbin/ipa-client-install", line 3119, in main > rval = install(options, env, fstore, statestore) > File "/usr/sbin/ipa-client-install", line 3070, in install > ipaclient.ntpconf.config_ntp(ntp_servers, fstore, statestore) > File "/usr/lib/python2.7/dist-packages/ipaclient/ntpconf.py", line 137, in > config_ntp > services.knownservices.ntpd.restart() > File "/usr/lib/python2.7/dist-packages/ipaplatform/services.py", line 95, > in restart > instance_name], capture_output=capture_output) > File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 515, in > run > raise CalledProcessError(p.returncode, arg_string, str(output)) > subprocess.CalledProcessError: Command '/usr/sbin/service ntp restart ' > returned non-zero exit status 5 > > > AFAICS this is a regression to version 4.4.3-3. Of course I know > that there is an option --no-ntp, but it should be easy to either > ignore this error or to print a more user-friendly error message.
I don't see anything changing wrt ntp since 4.4.3-3..
