On 08/04/2016 07:34 AM, Jan Cholasta wrote:
Please see the attached patch that always adds the --no-ntp option to
On 3.8.2016 19:39, Martin Basti wrote:
On 03.08.2016 18:10, Petr Vobornik wrote:
On 07/13/2016 12:36 PM, Stanislav Laznicka wrote:
On 07/13/2016 09:51 AM, Petr Vobornik wrote:
On 07/13/2016 08:26 AM, Stanislav Laznicka wrote:
IMO client installation initiated from replica needs to have a
On 07/12/2016 08:44 AM, Stanislav Laznicka wrote:
On 07/11/2016 04:27 PM, Petr Vobornik wrote:
On 07/11/2016 01:23 PM, Stanislav Laznicka wrote:
Isn't the bug about something else?
The issue was that ipa-replica-install doesn't have --force-ntpd
It is an option of ipa-client-install which is run from replica
The unattended mode is unrelated.
My understanding is that the bug says that '--force-ntpd' option
should not be shown when ipa-client-install is run during replica
During replica installation, the ipa-client-install script is run
the '--unattended' flag in the 'ensure_enrolled()' function.
separate script, there's not many options on how to pass the
information not to show the message to ipa-client-install. Using
already used flag to get rid of the message seemed easiest to me.
Introducing a new 'hidden' flag (like '--from-replica'), on the
hand, seems a bit harsh.
Just to throw it out there - it's possible that the '--force-join'
client option would also appear as a hint from the client install
(during replica installation). Should this also be muted somehow?
it seems reasonable to rather add it as an argument to
ipa-replica-install to pass it to the client install script.
option(hidden in help) similar to --on-server (or what's its name).
the name can be --replica-install. Maybe --on-server can be used
may have other implication which might not be valid for this use
Anything else are just workarounds. Imagine that admin runs
ipa-client-install with --unattended or --force-join. He would
get the message as now.
Reviving thread to get other opinion.
The --on-master option won't do here as it seems that the client would
require some IPA pre-configuration for successful install. A new
will have to be created, then.
I'm for new "hidden" option.
I'm against any hidden options, this should be made correctly by
modularization/fixing of client install, to be able call it from python
not as external process
+1, but this is non-trivial and definitely not material for 4.4.1. For
4.4.1 the hidden option should be OK.
Just from top of my head, can we just use option --no-ntp with client
install in replica installer? Server NTP should not depend on client ntp
I'm just afraid that we may get kerberos time issue during client
install if client time does not match server time.
Or second approach, always call client install from replica with
--force-ntpd, unless there is --no-ntp used for replica, then call
ipa-client-install with --no-ntp
But it needs investigation.
CCing David as he knows everything NTP-related.
As I was trying to point out, the situation about --force-join is a
different. The option again would be shown and is not available in
ipa-replica-install. I think it should be available to allow direct
replica installation even when previous installation failed/left some
mess on the master (ofc the user could run `ipa-replica-manage del
<bad-bad-hostname> --cleanup` on the master instead).
That could work but imho is out of scope of this ticket.
From f563794f3f5f6f9d92ffc257489e92147b398ccf Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Tue, 9 Aug 2016 15:22:33 +0200
Subject: [PATCH] Don't show --force-ntpd option in replica install
Always run the client installation script with --no-ntp
option so that it does not show the message about --force-ntpd
option that does not exist in ipa-replica-install. The time
synchronization is done elsewhere anyway.
ipaserver/install/server/replicainstall.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 9d05a0be5a2679d825b4ee6bc2ea55ed358e8ff9..f54ff7da06c57b9c8251429cbdacc5c300805f84 100644
@@ -881,7 +881,7 @@ def install(installer):
args = [paths.IPA_CLIENT_INSTALL, "--on-master", "--unattended",
"--domain", config.domain_name, "--server", config.host_name,
- "--realm", config.realm_name]
+ "--realm", config.realm_name, "--no-ntp"]
@@ -918,7 +918,7 @@ def ensure_enrolled(installer):
installer._enrollment_performed = True
- args = [paths.IPA_CLIENT_INSTALL, "--unattended"]
+ args = [paths.IPA_CLIENT_INSTALL, "--unattended", "--no-ntp"]
stdin = None
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code