https://fedorahosted.org/freeipa/ticket/4981

These patches keep usage of IPA server address as NTP server in NTP configuration on clients, in case that no NTP servers were specified by user, and no NTP servers were resolved from SRV records. This will ensure backward compatibility, as IPA does not configure NTP SRV records for each domain automatically.

Patches attached.

Martin^2
From 55f7717b37b205bd5f9a6d068868fd370ee9c539 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Tue, 14 Apr 2015 18:56:47 +0200
Subject: [PATCH 1/2] ipa client: make --ntp-server option multivalued

There can be more ntp servers in ntp.conf

Required for ticket: https://fedorahosted.org/freeipa/ticket/4981
---
 ipa-client/ipa-install/ipa-client-install | 17 ++++++++++-------
 ipa-client/ipaclient/ntpconf.py           | 11 ++++++-----
 ipa-client/man/ipa-client-install.1       |  2 +-
 3 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 1ab6cc37bb172fb9d9ca4273567a9e38687c763f..6ff63e505a0dc627a3bdf1ab3445d156149fec73 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -118,7 +118,9 @@ def parse_options():
     basic_group.add_option("", "--force-join", dest="force_join",
                       action="store_true", default=False,
                       help="Force client enrollment even if already enrolled")
-    basic_group.add_option("--ntp-server", dest="ntp_server", help="ntp server to use")
+    basic_group.add_option("--ntp-server", dest="ntp_server", action="append",
+                           help="ntp server to use. This option can be used "
+                                "multiple times")
     basic_group.add_option("-N", "--no-ntp", action="store_false",
                       help="do not configure ntp", default=True, dest="conf_ntp")
     basic_group.add_option("", "--force-ntpd", dest="force_ntpd",
@@ -2330,10 +2332,11 @@ def install(options, env, fstore, statestore):
         # We assume that NTP servers are discoverable through SRV records in the DNS
         # If that fails, we try to sync directly with IPA server, assuming it runs NTP
         root_logger.info('Synchronizing time with KDC...')
-        ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp', None, break_on_first=False)
+        ntp_srv_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp',
+                                               None, break_on_first=False)
         synced_ntp = False
-        if ntp_servers:
-            for s in ntp_servers:
+        if ntp_srv_servers:
+            for s in ntp_srv_servers:
                 synced_ntp = ipaclient.ntpconf.synconce_ntp(s)
                 if synced_ntp:
                     break
@@ -2839,10 +2842,10 @@ def install(options, env, fstore, statestore):
         if options.force_ntpd:
             ipaclient.ntpconf.force_ntpd(statestore)
         if options.ntp_server:
-            ntp_server = options.ntp_server
+            ntp_servers = options.ntp_server
         else:
-            ntp_server = cli_server[0]
-        ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore)
+            ntp_servers = cli_server
+        ipaclient.ntpconf.config_ntp(ntp_servers, fstore, statestore)
         root_logger.info("NTP enabled")
 
     if options.conf_ssh:
diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py
index 7d5c82a89b51f68362f12869a9234f5b69aa5ba9..c22fba401d33009b3b95d1418dc7c8a03328d569 100644
--- a/ipa-client/ipaclient/ntpconf.py
+++ b/ipa-client/ipaclient/ntpconf.py
@@ -41,7 +41,7 @@ restrict -6 ::1
 
 # Use public servers from the pool.ntp.org project.
 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
-server $SERVER
+$SERVERS_BLOCK
 
 #broadcast 192.168.1.255 key 42		# broadcast server
 #broadcastclient			# broadcast client
@@ -84,7 +84,7 @@ SYNC_HWCLOCK=yes
 NTPDATE_OPTIONS=""
 """
 ntp_step_tickers = """# Use IPA-provided NTP server for initial time
-$SERVER
+$TICKER_SERVERS_BLOCK
 """
 def __backup_config(path, fstore = None):
     if fstore:
@@ -97,12 +97,13 @@ def __write_config(path, content):
     fd.write(content)
     fd.close()
 
-def config_ntp(server_fqdn, fstore = None, sysstore = None):
+def config_ntp(ntp_servers, fstore = None, sysstore = None):
     path_step_tickers = paths.NTP_STEP_TICKERS
     path_ntp_conf = paths.NTP_CONF
     path_ntp_sysconfig = paths.SYSCONFIG_NTPD
-    sub_dict = { }
-    sub_dict["SERVER"] = server_fqdn
+    sub_dict = {}
+    sub_dict["SERVERS_BLOCK"] = "\n".join("server %s" % s for s in ntp_servers)
+    sub_dict["TICKER_SERVERS_BLOCK"] = "\n".join(ntp_servers)
 
     nc = ipautil.template_str(ntp_conf, sub_dict)
     config_step_tickers = False
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 726a6c133132dd2e3ba2fde43d8a2ec0549bfcef..978ac38c09567c101f9ad36598bb6d286284daa1 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -117,7 +117,7 @@ The hostname of this machine (FQDN). If specified, the hostname will be set and
 Join the host even if it is already enrolled.
 .TP
 \fB\-\-ntp\-server\fR=\fINTP_SERVER\fR
-Configure ntpd to use this NTP server.
+Configure ntpd to use this NTP server. This option can be used multiple times.
 .TP
 \fB\-N\fR, \fB\-\-no\-ntp\fR
 Do not configure or enable NTP.
-- 
2.1.0

From 8b3ece591ac97d15c05514fa82a666e74614233c Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 15 Apr 2015 14:32:17 +0200
Subject: [PATCH 2/2] ipa client: use NTP servers detected from SRV

Detected NTP servers from SRV records should be used in NTP client
configuration.

https://fedorahosted.org/freeipa/ticket/4981
---
 ipa-client/ipa-install/ipa-client-install | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 6ff63e505a0dc627a3bdf1ab3445d156149fec73..55648bafee6437af6acfcc79c76df22bf0426003 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -2326,6 +2326,7 @@ def install(options, env, fstore, statestore):
         # hostname if different from system hostname
         tasks.backup_and_replace_hostname(fstore, statestore, options.hostname)
 
+    ntp_srv_servers = []
     if not options.on_master and options.conf_ntp:
         # Attempt to sync time with IPA server.
         # If we're skipping NTP configuration, we also skip the time sync here.
@@ -2839,12 +2840,18 @@ def install(options, env, fstore, statestore):
 
     if options.conf_ntp and not options.on_master:
         # disable other time&date services first
+        ntp_servers = None
         if options.force_ntpd:
             ipaclient.ntpconf.force_ntpd(statestore)
         if options.ntp_server:
             ntp_servers = options.ntp_server
+        elif ntp_srv_servers:
+            ntp_servers = ntp_srv_servers
         else:
+            root_logger.warning("No SRV records of NTP servers found. IPA "
+                                "server address will be used")
             ntp_servers = cli_server
+
         ipaclient.ntpconf.config_ntp(ntp_servers, fstore, statestore)
         root_logger.info("NTP enabled")
 
-- 
2.1.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to