On 11/15/2012 10:49 PM, Simo Sorce wrote:
> On Thu, 2012-11-15 at 17:33 +0100, Martin Kosek wrote:
>> On 11/15/2012 03:22 PM, Simo Sorce wrote:
>>> On Thu, 2012-11-15 at 12:34 +0100, Martin Kosek wrote:
>>>> Fedora 16 introduced chrony as default client time&date synchronization
>>>> service:
>>>> http://fedoraproject.org/wiki/Features/ChronyDefaultNTP
>>>> Thus, there may be people already using chrony as their time and date
>>>> synchronization service before installing IPA.
>>>> However, installing IPA server or client on such machine may lead to
>>>> unexpected behavior, as the IPA installer would configure ntpd and leave
>>>> the machine with both ntpd and chronyd enabled. However, since the OS
>>>> does not allow both chronyd and ntpd to be running concurrently and chronyd
>>>> has the precedence, ntpd would not be run on that system at all.
>>>> Make sure, that user is warned when trying to install IPA on such
>>>> system and is given a possibility to either not to let IPA configure
>>>> ntpd at all or to let the installer stop and disable chronyd.
>>>> https://fedorahosted.org/freeipa/ticket/2974
>>> This looks a bit backwards to me.
>>> The IPA server can only configure ntpd because it configures it to serve
>>> time to the clients. So on a server force_ntpd should be the default and
>>> the install should automatically shutdown crony.
>> I considered that option too, but it simply just did not seem very "polite" 
>> to
>> silently stop and disable chrony with some custom user time&date
>> synchronization configuration that user may rely on.
>> Telling user what's the problem and providing him with options what to do
>> seemed more user friendly to me...
> not on the server, no you don;t get to choose there, unless you call
> install script with --no-ntp

Well, IMO this is exactly what my patch does on the server side. Allows user to
either run the server install with --no-ntp or let it install with --force-ntpd
which disables other time&date services. That are the only 2 choices, I just
did the ntpd configuration in a polite way.

>>> On clients we may give a choice, but then we should not stop, we should
>>> instead configure the one tool the admin wants to use and point it to
>>> the server, because time synchronization is critical. Not syncing time
>>> is basically not an option so our default behavior must be to make sure
>>> one of the time tool is properly configured and require a force flag if
>>> the admin wants to 'not' configure a time sync tool.
>>> Simo.
>> The force flag to not configure time sync tool is already there as --no-ntp. 
>> I
>> already discussed this with Rob before, I was advised to rather stick with 
>> the
>> ntpd only for the time being. Adding Rob to CC to comment on this one.
> Not sure I grok what this entails, support only ntpd ?

At this moment, yes.

> In this case we can error out if crony is there on the client, but not
> on the server. On the server we just roll over crony, as crony is not an
> ntp server at all so it should go
> if the admin *really*insist in using crony then they'll have to
> explicitly install the server with --no-ntp
> note that we are not going to change crony;s configuration just turn it
> off and start ntpd instead.
> Simo.

Do I understand this right, that you also want to add a support for chrony?
I.e. that ipa-client-install should be able to configure either ntpd or chronyd
for synchronization based on user's choice? If yes, I am OK with that and I can
implement it - I just wanted to make sure that this is what we want.

In current state, ipa-client-install errors out when chrony is configured and
allows user to either run with --no-ntp (and thus keep the chrony running) or
with --force-ntpd which would disable chronyd and configure&enable ntpd.


Freeipa-devel mailing list

Reply via email to