On Tue, 04 Oct 2011, Alexander Bokovoy wrote:
> Reproduced. This happens when the package freeipa-client is upgraded 
> after client is enrolled with previous version -- in such case there 
> is no backup state and therefore we can't restore.
Also add fstore to /etc/sysconfig/ntpd to really backup it.

-- 
/ Alexander Bokovoy
>From 0aab495a8175b25ebd48e30715527fcf6737b22b Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Tue, 4 Oct 2011 13:56:12 +0300
Subject: [PATCH] Setup and restore ntp configuration on the client side
 properly

When setting up the client-side NTP configuration, make sure that 
/etc/ntp/step-tickers
point to IPA NTP server as well.
When restoring the client during ipa-client-install --uninstall, make sure NTP 
configuration
is fully restored and NTP service is disabled if it was disabled before the 
installation.

https://fedorahosted.org/freeipa/ticket/1770
---
 ipa-client/ipa-install/ipa-client-install |   26 ++++++++++++++-
 ipa-client/ipaclient/ntpconf.py           |   52 ++++++++++++++++++++--------
 2 files changed, 62 insertions(+), 16 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install 
b/ipa-client/ipa-install/ipa-client-install
index 
76f7f1913c804053edb8b90979286a0592fa5737..b8d4867ab3df119132b7d9da35803e50bbd4ea51
 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -320,6 +320,30 @@ def uninstall(options, env, quiet=False):
         # this is optional service, just log
         logging.info("%s daemon is not installed, skip configuration" % 
(nslcd.service_name))
 
+    ntp_configured = statestore.has_state('ntp')
+    if ntp_configured:
+        ntp_enabled = statestore.restore_state('ntp', 'enabled')
+        ntp_step_tickers = statestore.restore_state('ntp', 'step-tickers')
+
+        try:
+            # Restore might fail due to file missing in backup
+            # the reason for it might be that freeipa-client was updated
+            # to this version but not unenrolled/enrolled again
+            # In such case it is OK to fail
+            restored = fstore.restore_file("/etc/ntp.conf")
+            restored |= fstore.restore_file("/etc/sysconfig/ntpd")
+            if ntp_step_tickers:
+               restored |= fstore.restore_file("/etc/ntp/step-tickers")
+        except:
+            pass
+
+        if not ntp_enabled:
+           ipaservices.knownservices.ntpd.stop()
+           ipaservices.knownservices.ntpd.disable()
+        else:
+           if restored:
+               ipaservices.knownservices.ntpd.restart()
+
     if not options.unattended:
         emit_quiet(quiet, "The original nsswitch.conf configuration has been 
restored.")
         emit_quiet(quiet, "You may need to restart services or reboot the 
machine.")
@@ -1102,7 +1126,7 @@ def install(options, env, fstore, statestore):
             ntp_server = options.ntp_server
         else:
             ntp_server = cli_server
-        ipaclient.ntpconf.config_ntp(ntp_server, fstore)
+        ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore)
         print "NTP enabled"
 
     print "Client configuration complete."
diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py
index 
3042005f41ea3ed6c8fee739b9cf2b833a8d6d59..8e151089c81fe761dc57fc6e8fb7ff5ba30b98fa
 100644
--- a/ipa-client/ipaclient/ntpconf.py
+++ b/ipa-client/ipaclient/ntpconf.py
@@ -20,6 +20,7 @@
 from ipapython import ipautil
 from ipapython import services as ipaservices
 import shutil
+import os
 
 ntp_conf = """# Permit time synchronization with our time source, but do not
 # permit the source to query or modify the service on this system.
@@ -80,30 +81,51 @@ SYNC_HWCLOCK=yes
 # Additional options for ntpdate
 NTPDATE_OPTIONS=""
 """
+ntp_step_tickers = """# Use IPA-provided NTP server for initial time
+$SERVER
+"""
+def __backup_config(path, fstore = None):
+    if fstore:
+        fstore.backup_file(path)
+    else:
+        shutil.copy(path, "%s.ipasave" % (path))
 
-def config_ntp(server_fqdn, fstore = None):
+def __write_config(path, content):
+    fd = open(path, "w")
+    fd.write(content)
+    fd.close()
+
+def config_ntp(server_fqdn, fstore = None, sysstore = None):
+    path_step_tickers = "/etc/ntp/step-tickers"
+    path_ntp_conf = "/etc/ntp.conf"
+    path_ntp_sysconfig = "/etc/sysconfig/ntpd"
     sub_dict = { }
     sub_dict["SERVER"] = server_fqdn
 
     nc = ipautil.template_str(ntp_conf, sub_dict)
+    config_step_tickers = False
 
-    if fstore:
-        fstore.backup_file("/etc/ntp.conf")
-    else:
-        shutil.copy("/etc/ntp.conf", "/etc/ntp.conf.ipasave")
 
-    fd = open("/etc/ntp.conf", "w")
-    fd.write(nc)
-    fd.close()
+    if os.path.exists(path_step_tickers):
+        config_step_tickers = True
+        ns = ipautil.template_str(ntp_step_tickers, sub_dict)
+        __backup_config(path_step_tickers, fstore)
+        __write_config(path_step_tickers, ns)
+        ipaservices.restore_context(path_step_tickers)
 
-    if fstore:
-        fstore.backup_file("/etc/sysconfig/ntpd")
-    else:
-        shutil.copy("/etc/sysconfig/ntpd", "/etc/sysconfig/ntpd.ipasave")
+    if sysstore:
+        module = 'ntp'
+        sysstore.backup_state(module, "enabled", 
ipaservices.knownservices.ntpd.is_enabled())
+        if config_step_tickers:
+            sysstore.backup_state(module, "step-tickers", True)
 
-    fd = open("/etc/sysconfig/ntpd", "w")
-    fd.write(ntp_sysconfig)
-    fd.close()
+    __backup_config(path_ntp_conf, fstore)
+    __write_config(path_ntp_conf, nc)
+    ipaservices.restore_context(path_ntp_conf)
+
+    __backup_config(path_ntp_sysconfig, fstore)
+    __write_config(path_ntp_sysconfig, ntp_sysconfig)
+    ipaservices.restore_context(path_ntp_sysconfig)
 
     # Set the ntpd to start on boot
     ipaservices.knownservices.ntpd.enable()
-- 
1.7.6.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to