On Mon, Feb 10, 2014 at 3:40 PM, Dmitri Pal <d...@redhat.com> wrote:
> On 02/09/2014 09:52 PM, Mauricio Tavares wrote:
>>
>> On Sun, Feb 9, 2014 at 9:07 PM, Steve Dainard<sdain...@miovision.com>
>> wrote:
>>>
>>> I've noticed if ntpd is already running on the client when you run the
>>> ipa-client-install, you will get that error. I'm guessing its using
>>> ntpdate
>>> IP ADDRESS to sync time, and cannot do so when the daemon is running.
>>>
>>> I've noticed if ntpd is already running on the client when you run the
>>> ipa-client-install, you will get that error. I'm guessing its using
>>> ntpdate
>>> IP ADDRESS to sync time, and cannot do so when the daemon is running.
>>>
>> Now that you mentioned that I would agree with you in that it is
>> failing because ntpd is running already; I could not see it because of
>> the option "-s" in
>>
>> [root@centos64 ~]# service ntpd status
>> ntpd (pid 3721) is running...
>> [root@centos64 ~]# /usr/sbin/ntpdate -U ntp -s -b -v auth.in.domain.com
>> [root@centos64 ~]#
>>
>> I could not find what all of those arguments mean in the centos 6.5
>> ntpdate man page, but here is what I found under ubuntu's:
>>
>> -b Force the time to be stepped using the settimeofday()
>> system
>> call, rather than slewed (default) using the adjtime()
>> system
>> call. This option should be used when called from a startup
>> file
>> at boot time.
>>
>> -s Divert logging output from the standard output (default) to
>> the
>> system syslog facility. This is designed primarily for
>> conve‐
>> nience of cron scripts.
>>
>> -v Be verbose. This option will cause ntpdate's version
>> identifica‐
>> tion string to be logged.
>>
>> In other words, -s is sending the output to syslog. And, if we check
>> /var/log/messages we will find that
>>
>> Feb 9 21:17:06 centos64 ntpdate[8275]: the NTP socket is in use, exiting
>>
>> as you expected. Now, how did it detect the ntpdate failed?
>>
>>> Steve
>>>
>>>
>>> On Sat, Feb 8, 2014 at 8:34 AM, Mauricio Tavares<raubvo...@gmail.com>
>>> wrote:
>>>>
>>>> Even though I already have a ntp server, I setup my newly
>>>> created freeipa kdc to do that too (it is a slave to my primary ntp).
>>>>
>>>> I then build a centos host to be the test client. Just to make sure it
>>>> can see and use auth's ntp, I tested with ntpdate:
>>>>
>>>> [root@centos64 ~]# ntpdate auth
>>>> 8 Feb 08:13:35 ntpdate[3251]: adjust time server 10.0.0.11 offset
>>>> -0.003097 sec
>>>> [root@centos64 ~]#
>>>>
>>>> so far so good, so how about running ipa-client-install?
>>>>
>>>> [root@centos64 ~]# hostname
>>>> centos64
>>>> [root@centos64 ~]# ipa-client-install --hostname=`hostname -f`
>>>> Discovery was successful!
>>>> Hostname: centos64.in.domain.com
>>>> Realm: DOMAIN.COM
>>>> DNS Domain: domain.com
>>>> IPA Server: auth.in.domain.com
>>>> BaseDN: dc=domain,dc=com
>>>>
>>>> [so far so good!]
>>>>
>>>> Continue to configure the system with these values? [no]: yes
>>>> User authorized to enroll computers: admin
>>>> Synchronizing time with KDC...
>>>> Unable to sync time with IPA NTP server, assuming the time is in sync.
>>>> Please check that 123 UDP port is opened.
>>>> Password for ad...@domain.com:
>>>>
>>>> But, it had not problems using ntpdate against auth. to add insult to
>>>> injury, the log claims it is using ntpdate:
>>>>
>>>> 2014-02-08T13:14:31Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
>>>> auth.in.domain.com
>>>> 2014-02-08T13:14:31Z DEBUG stdout=
>>>> 2014-02-08T13:14:31Z DEBUG stderr=
>>>> 2014-02-08T13:14:31Z WARNING Unable to sync time with IPA NTP server,
>>>> assuming the time is in sync. Please check that 123 UDP port is
>>>> opened.
>>>>
>>>> Could it be it is pissed because it was in sync to begin with? I mean,
>>>> if we run the exact command the log file claims to have run,
>>>>
>>>> [root@centos64 ~]# /usr/sbin/ntpdate -U ntp -s -b -v auth.in.domain.com|
>>>> echo $?
>>>> 0
>>>> [root@centos64 ~]#
>>>>
>>>> We see it was successful.
>>>>
>>>> I am feeling rather clueless here...
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users@redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> This sounds like a bug to me but I would wait for European gurus to chime in
> the morning.
> If it is a bug we need a ticket.
>
I dunno where to file a ticket but here is my suggestion:
in /usr/lib/python2.6/site-packages/ipaclient/ntpconf.py, function def
synconce_ntp(server_fqdn):
replace
cmd = [ntpdate, "-U", "ntp", "-s", "-b", "-v", server_fqdn]
with
cmd = [ntpdate, "-U", "ntp", "-s", "-b", "-v", "-u", server_fqdn]
Reasoning:
[root@centos64 ~]# date +%T -s "10:13:13"
10:13:13
[root@centos64 ~]# date
Mon Feb 10 10:13:15 EST 2014
[root@centos64 ~]# /usr/sbin/ntpdate -U ntp -s -b -v -u auth
[root@centos64 ~]# date
Mon Feb 10 16:05:49 EST 2014
[root@centos64 ~]# service ntpd status
ntpd (pid 8870) is running...
[root@centos64 ~]#
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
