On 01/15/2015 08:56 AM, Nathan Kinder wrote:
> On 01/15/2015 12:01 AM, Jan Pazdziora wrote:


>> You need to use --cap-add=SYS_TIME when running the server container
>> or ntpd will fail.
> Thanks for the tip.  This works.  It would be handy to add this to the
> README for your freeipa-server container.

Nevermind.  I just saw your reply to Lukas on this.  If we can keep the
client install from hanging forever, then I agree that it's best to have
it be noticeable that time sync is not working in the client installer
output vs. hiding that it's not working.

>> Even if you do that, SELinux will likely prevent ntpd doing its job
>> but at least it will stay around so that the client can connect to it.
>> What is interesting though is the fact that the client hangs
>> indefinitely instead of reporting that it cannot sync the time and
>> proceeding.
> I think this is simply a behavior difference between ntpdate and ntpd
> (which we are using now during the client install on f21).  This issue
> should not be specific to using IPA in a container.
> Hanging indefinitely is never a good thing, so I think it would be nice
> to add a timeout in ipa-client-install in case we can't reach the server
> for ntp.   I have filed a ticket for this:
>   https://fedorahosted.org/freeipa/ticket/4842
> -NGK

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to