On 01/15/2015 08:56 AM, Nathan Kinder wrote:
> On 01/15/2015 12:01 AM, Jan Pazdziora wrote:
>> You need to use --cap-add=SYS_TIME when running the server container
>> or ntpd will fail.
> Thanks for the tip. This works. It would be handy to add this to the
> README for your freeipa-server container.
Nevermind. I just saw your reply to Lukas on this. If we can keep the
client install from hanging forever, then I agree that it's best to have
it be noticeable that time sync is not working in the client installer
output vs. hiding that it's not working.
>> Even if you do that, SELinux will likely prevent ntpd doing its job
>> but at least it will stay around so that the client can connect to it.
>> What is interesting though is the fact that the client hangs
>> indefinitely instead of reporting that it cannot sync the time and
> I think this is simply a behavior difference between ntpdate and ntpd
> (which we are using now during the client install on f21). This issue
> should not be specific to using IPA in a container.
> Hanging indefinitely is never a good thing, so I think it would be nice
> to add a timeout in ipa-client-install in case we can't reach the server
> for ntp. I have filed a ticket for this:
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project