On 11/15/2012 10:49 PM, Simo Sorce wrote: > On Thu, 2012-11-15 at 17:33 +0100, Martin Kosek wrote: >> On 11/15/2012 03:22 PM, Simo Sorce wrote: >>> On Thu, 2012-11-15 at 12:34 +0100, Martin Kosek wrote: >>>> Fedora 16 introduced chrony as default client time&date synchronization >>>> service: >>>> http://fedoraproject.org/wiki/Features/ChronyDefaultNTP >>>> Thus, there may be people already using chrony as their time and date >>>> synchronization service before installing IPA. >>>> >>>> However, installing IPA server or client on such machine may lead to >>>> unexpected behavior, as the IPA installer would configure ntpd and leave >>>> the machine with both ntpd and chronyd enabled. However, since the OS >>>> does not allow both chronyd and ntpd to be running concurrently and chronyd >>>> has the precedence, ntpd would not be run on that system at all. >>>> >>>> Make sure, that user is warned when trying to install IPA on such >>>> system and is given a possibility to either not to let IPA configure >>>> ntpd at all or to let the installer stop and disable chronyd. >>>> >>>> https://fedorahosted.org/freeipa/ticket/2974 >>> >>> This looks a bit backwards to me. >>> >>> The IPA server can only configure ntpd because it configures it to serve >>> time to the clients. So on a server force_ntpd should be the default and >>> the install should automatically shutdown crony. >> >> I considered that option too, but it simply just did not seem very "polite" >> to >> silently stop and disable chrony with some custom user time&date >> synchronization configuration that user may rely on. >> >> Telling user what's the problem and providing him with options what to do >> seemed more user friendly to me... > > not on the server, no you don;t get to choose there, unless you call > install script with --no-ntp
Well, IMO this is exactly what my patch does on the server side. Allows user to either run the server install with --no-ntp or let it install with --force-ntpd which disables other time&date services. That are the only 2 choices, I just did the ntpd configuration in a polite way. > >>> >>> On clients we may give a choice, but then we should not stop, we should >>> instead configure the one tool the admin wants to use and point it to >>> the server, because time synchronization is critical. Not syncing time >>> is basically not an option so our default behavior must be to make sure >>> one of the time tool is properly configured and require a force flag if >>> the admin wants to 'not' configure a time sync tool. >>> >>> Simo. >>> >> >> The force flag to not configure time sync tool is already there as --no-ntp. >> I >> already discussed this with Rob before, I was advised to rather stick with >> the >> ntpd only for the time being. Adding Rob to CC to comment on this one. > > Not sure I grok what this entails, support only ntpd ? At this moment, yes. > In this case we can error out if crony is there on the client, but not > on the server. On the server we just roll over crony, as crony is not an > ntp server at all so it should go > if the admin *really*insist in using crony then they'll have to > explicitly install the server with --no-ntp > note that we are not going to change crony;s configuration just turn it > off and start ntpd instead. > > Simo. > Do I understand this right, that you also want to add a support for chrony? I.e. that ipa-client-install should be able to configure either ntpd or chronyd for synchronization based on user's choice? If yes, I am OK with that and I can implement it - I just wanted to make sure that this is what we want. In current state, ipa-client-install errors out when chrony is configured and allows user to either run with --no-ntp (and thus keep the chrony running) or with --force-ntpd which would disable chronyd and configure&enable ntpd. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
