Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
On Tue, 04 Oct 2011, Alexander Bokovoy wrote: Reproduced. This happens when the package freeipa-client is upgraded after client is enrolled with previous version -- in such case there is no backup state and therefore we can't restore. Also add fstore to /etc/sysconfig/ntpd to really backup it. -- / Alexander Bokovoy From 0aab495a8175b25ebd48e30715527fcf6737b22b Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Tue, 4 Oct 2011 13:56:12 +0300 Subject: [PATCH] Setup and restore ntp configuration on the client side properly When setting up the client-side NTP configuration, make sure that /etc/ntp/step-tickers point to IPA NTP server as well. When restoring the client during ipa-client-install --uninstall, make sure NTP configuration is fully restored and NTP service is disabled if it was disabled before the installation. https://fedorahosted.org/freeipa/ticket/1770 --- ipa-client/ipa-install/ipa-client-install | 26 ++- ipa-client/ipaclient/ntpconf.py | 52 2 files changed, 62 insertions(+), 16 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 76f7f1913c804053edb8b90979286a0592fa5737..b8d4867ab3df119132b7d9da35803e50bbd4ea51 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -320,6 +320,30 @@ def uninstall(options, env, quiet=False): # this is optional service, just log logging.info(%s daemon is not installed, skip configuration % (nslcd.service_name)) +ntp_configured = statestore.has_state('ntp') +if ntp_configured: +ntp_enabled = statestore.restore_state('ntp', 'enabled') +ntp_step_tickers = statestore.restore_state('ntp', 'step-tickers') + +try: +# Restore might fail due to file missing in backup +# the reason for it might be that freeipa-client was updated +# to this version but not unenrolled/enrolled again +# In such case it is OK to fail +restored = fstore.restore_file(/etc/ntp.conf) +restored |= fstore.restore_file(/etc/sysconfig/ntpd) +if ntp_step_tickers: + restored |= fstore.restore_file(/etc/ntp/step-tickers) +except: +pass + +if not ntp_enabled: + ipaservices.knownservices.ntpd.stop() + ipaservices.knownservices.ntpd.disable() +else: + if restored: + ipaservices.knownservices.ntpd.restart() + if not options.unattended: emit_quiet(quiet, The original nsswitch.conf configuration has been restored.) emit_quiet(quiet, You may need to restart services or reboot the machine.) @@ -1102,7 +1126,7 @@ def install(options, env, fstore, statestore): ntp_server = options.ntp_server else: ntp_server = cli_server -ipaclient.ntpconf.config_ntp(ntp_server, fstore) +ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) print NTP enabled print Client configuration complete. diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py index 3042005f41ea3ed6c8fee739b9cf2b833a8d6d59..8e151089c81fe761dc57fc6e8fb7ff5ba30b98fa 100644 --- a/ipa-client/ipaclient/ntpconf.py +++ b/ipa-client/ipaclient/ntpconf.py @@ -20,6 +20,7 @@ from ipapython import ipautil from ipapython import services as ipaservices import shutil +import os ntp_conf = # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. @@ -80,30 +81,51 @@ SYNC_HWCLOCK=yes # Additional options for ntpdate NTPDATE_OPTIONS= +ntp_step_tickers = # Use IPA-provided NTP server for initial time +$SERVER + +def __backup_config(path, fstore = None): +if fstore: +fstore.backup_file(path) +else: +shutil.copy(path, %s.ipasave % (path)) -def config_ntp(server_fqdn, fstore = None): +def __write_config(path, content): +fd = open(path, w) +fd.write(content) +fd.close() + +def config_ntp(server_fqdn, fstore = None, sysstore = None): +path_step_tickers = /etc/ntp/step-tickers +path_ntp_conf = /etc/ntp.conf +path_ntp_sysconfig = /etc/sysconfig/ntpd sub_dict = { } sub_dict[SERVER] = server_fqdn nc = ipautil.template_str(ntp_conf, sub_dict) +config_step_tickers = False -if fstore: -fstore.backup_file(/etc/ntp.conf) -else: -shutil.copy(/etc/ntp.conf, /etc/ntp.conf.ipasave) -fd = open(/etc/ntp.conf, w) -fd.write(nc) -fd.close() +if os.path.exists(path_step_tickers): +config_step_tickers = True +ns = ipautil.template_str(ntp_step_tickers, sub_dict) +__backup_config(path_step_tickers, fstore) +__write_config(path_step_tickers, ns) +ipaservices.restore_context(path_step_tickers) -if fstore:
Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
On 5.10.2011 10:38, Alexander Bokovoy wrote: On Tue, 04 Oct 2011, Alexander Bokovoy wrote: Reproduced. This happens when the package freeipa-client is upgraded after client is enrolled with previous version -- in such case there is no backup state and therefore we can't restore. Also add fstore to /etc/sysconfig/ntpd to really backup it. ACK. Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
On Tue, 04 Oct 2011, Jan Cholasta wrote: On 4.10.2011 13:00, Alexander Bokovoy wrote: client Reply-To: Hi, attached patch addresses ticket #1770. ipa-client-install fails with: Traceback (most recent call last): File /usr/sbin/ipa-client-install, line 1165, in module sys.exit(main()) File /usr/sbin/ipa-client-install, line 1154, in main rval = install(options, env, fstore, statestore) File /usr/sbin/ipa-client-install, line 1122, in install ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) File /usr/lib/python2.7/site-packages/ipaclient/ntpconf.py, line 118, in config_ntp sysstore.backup_state(module, enabled, ipaservices.knownservices.ntp.enabled()) File /usr/lib/python2.7/site-packages/ipalib/plugable.py, line 167, in __getattr__ raise AttributeError('no magic attribute %r' % name) AttributeError: no magic attribute 'ntp' Mea culpa. :( Fixed patch attached. -- / Alexander Bokovoy From 2de0c707424e735faf03fb786b98cbb3e3ee55da Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Tue, 4 Oct 2011 13:56:12 +0300 Subject: [PATCH] Setup and restore ntp configuration on the client side properly When setting up the client-side NTP configuration, make sure that /etc/ntp/step-tickers point to IPA NTP server as well. When restoring the client during ipa-client-install --uninstall, make sure NTP configuration is fully restored and NTP service is disabled if it was disabled before the installation. https://fedorahosted.org/freeipa/ticket/1770 --- ipa-client/ipa-install/ipa-client-install | 19 ++- ipa-client/ipaclient/ntpconf.py | 52 2 files changed, 55 insertions(+), 16 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 76f7f1913c804053edb8b90979286a0592fa5737..4b6520f2c7ad67442f57a5d98d691912555c2c3c 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -331,6 +331,23 @@ def uninstall(options, env, quiet=False): emit_quiet(quiet, Reboot command failed to exceute. + str(e)) return CLIENT_UNINSTALL_ERROR +ntp_configured = statestore.has_state('ntp') +if ntp_configured: +ntp_enabled = statestore.restore_state('ntp', 'enabled') +ntp_step_tickers = statestore.restore_state('ntp', 'step-tickers') + +restored = fstore.restore_file(/etc/ntp.conf) +restored |= fstore.restore_file(/etc/sysconfig/ntpd) +if ntp_step_tickers: + restored |= fstore.restore_file(/etc/ntp/step-tickers) + +if not ntp_enabled: + ipaservices.knownservices.ntpd.stop() + ipaservices.knownservices.ntpd.disable() +else: + if restored: + ipaservices.knownservices.ntpd.restart() + # Remove the IPA configuration file try: os.remove(/etc/ipa/default.conf) @@ -1102,7 +1119,7 @@ def install(options, env, fstore, statestore): ntp_server = options.ntp_server else: ntp_server = cli_server -ipaclient.ntpconf.config_ntp(ntp_server, fstore) +ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) print NTP enabled print Client configuration complete. diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py index 3042005f41ea3ed6c8fee739b9cf2b833a8d6d59..cf203b90490f8268553229730cc2966d2c14f292 100644 --- a/ipa-client/ipaclient/ntpconf.py +++ b/ipa-client/ipaclient/ntpconf.py @@ -20,6 +20,7 @@ from ipapython import ipautil from ipapython import services as ipaservices import shutil +import os ntp_conf = # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. @@ -80,30 +81,51 @@ SYNC_HWCLOCK=yes # Additional options for ntpdate NTPDATE_OPTIONS= +ntp_step_tickers = # Use IPA-provided NTP server for initial time +$SERVER + +def __backup_config(path, fstore = None): +if fstore: +fstore.backup_file(path) +else: +shutil.copy(path, %s.ipasave % (path)) -def config_ntp(server_fqdn, fstore = None): +def __write_config(path, content): +fd = open(path, w) +fd.write(content) +fd.close() + +def config_ntp(server_fqdn, fstore = None, sysstore = None): +path_step_tickers = /etc/ntp/step-tickers +path_ntp_conf = /etc/ntp.conf +path_ntp_sysconfig = /etc/sysconfig/ntpd sub_dict = { } sub_dict[SERVER] = server_fqdn nc = ipautil.template_str(ntp_conf, sub_dict) +config_step_tickers = False -if fstore: -fstore.backup_file(/etc/ntp.conf) -else: -shutil.copy(/etc/ntp.conf, /etc/ntp.conf.ipasave) -fd = open(/etc/ntp.conf, w) -fd.write(nc) -fd.close() +if os.path.exists(path_step_tickers): +config_step_tickers = True +ns =
Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
On 4.10.2011 20:53, Alexander Bokovoy wrote: On Tue, 04 Oct 2011, Jan Cholasta wrote: On 4.10.2011 13:00, Alexander Bokovoy wrote: client Reply-To: Hi, attached patch addresses ticket #1770. ipa-client-install fails with: Traceback (most recent call last): File /usr/sbin/ipa-client-install, line 1165, inmodule sys.exit(main()) File /usr/sbin/ipa-client-install, line 1154, in main rval = install(options, env, fstore, statestore) File /usr/sbin/ipa-client-install, line 1122, in install ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) File /usr/lib/python2.7/site-packages/ipaclient/ntpconf.py, line 118, in config_ntp sysstore.backup_state(module, enabled, ipaservices.knownservices.ntp.enabled()) File /usr/lib/python2.7/site-packages/ipalib/plugable.py, line 167, in __getattr__ raise AttributeError('no magic attribute %r' % name) AttributeError: no magic attribute 'ntp' Mea culpa. :( Fixed patch attached. Now ipa-client-install --uninstall fails with: Traceback (most recent call last): File /usr/sbin/ipa-client-install, line 1165, in module sys.exit(main()) File /usr/sbin/ipa-client-install, line 1147, in main return uninstall(options, env) File /usr/sbin/ipa-client-install, line 339, in uninstall restored = fstore.restore_file(/etc/ntp.conf) File /usr/lib/python2.7/site-packages/ipapython/sysrestore.py, line 158, in restore_file raise ValueError(No such file name in the index) ValueError: No such file name in the index Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
On Tue, 04 Oct 2011, Jan Cholasta wrote: Now ipa-client-install --uninstall fails with: Traceback (most recent call last): File /usr/sbin/ipa-client-install, line 1165, in module sys.exit(main()) File /usr/sbin/ipa-client-install, line 1147, in main return uninstall(options, env) File /usr/sbin/ipa-client-install, line 339, in uninstall restored = fstore.restore_file(/etc/ntp.conf) File /usr/lib/python2.7/site-packages/ipapython/sysrestore.py, line 158, in restore_file raise ValueError(No such file name in the index) ValueError: No such file name in the index Reproduced. This happens when the package freeipa-client is upgraded after client is enrolled with previous version -- in such case there is no backup state and therefore we can't restore. Attached patch should fix it -- as we can ignore absent backup. -- / Alexander Bokovoy From a37e9ff4a35c4c9784bf6a174ca8a4da37a43f51 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy aboko...@redhat.com Date: Tue, 4 Oct 2011 13:56:12 +0300 Subject: [PATCH] Setup and restore ntp configuration on the client side properly When setting up the client-side NTP configuration, make sure that /etc/ntp/step-tickers point to IPA NTP server as well. When restoring the client during ipa-client-install --uninstall, make sure NTP configuration is fully restored and NTP service is disabled if it was disabled before the installation. https://fedorahosted.org/freeipa/ticket/1770 --- ipa-client/ipa-install/ipa-client-install | 26 ++- ipa-client/ipaclient/ntpconf.py | 52 2 files changed, 62 insertions(+), 16 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 76f7f1913c804053edb8b90979286a0592fa5737..b8d4867ab3df119132b7d9da35803e50bbd4ea51 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -320,6 +320,30 @@ def uninstall(options, env, quiet=False): # this is optional service, just log logging.info(%s daemon is not installed, skip configuration % (nslcd.service_name)) +ntp_configured = statestore.has_state('ntp') +if ntp_configured: +ntp_enabled = statestore.restore_state('ntp', 'enabled') +ntp_step_tickers = statestore.restore_state('ntp', 'step-tickers') + +try: +# Restore might fail due to file missing in backup +# the reason for it might be that freeipa-client was updated +# to this version but not unenrolled/enrolled again +# In such case it is OK to fail +restored = fstore.restore_file(/etc/ntp.conf) +restored |= fstore.restore_file(/etc/sysconfig/ntpd) +if ntp_step_tickers: + restored |= fstore.restore_file(/etc/ntp/step-tickers) +except: +pass + +if not ntp_enabled: + ipaservices.knownservices.ntpd.stop() + ipaservices.knownservices.ntpd.disable() +else: + if restored: + ipaservices.knownservices.ntpd.restart() + if not options.unattended: emit_quiet(quiet, The original nsswitch.conf configuration has been restored.) emit_quiet(quiet, You may need to restart services or reboot the machine.) @@ -1102,7 +1126,7 @@ def install(options, env, fstore, statestore): ntp_server = options.ntp_server else: ntp_server = cli_server -ipaclient.ntpconf.config_ntp(ntp_server, fstore) +ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) print NTP enabled print Client configuration complete. diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py index 3042005f41ea3ed6c8fee739b9cf2b833a8d6d59..cf203b90490f8268553229730cc2966d2c14f292 100644 --- a/ipa-client/ipaclient/ntpconf.py +++ b/ipa-client/ipaclient/ntpconf.py @@ -20,6 +20,7 @@ from ipapython import ipautil from ipapython import services as ipaservices import shutil +import os ntp_conf = # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. @@ -80,30 +81,51 @@ SYNC_HWCLOCK=yes # Additional options for ntpdate NTPDATE_OPTIONS= +ntp_step_tickers = # Use IPA-provided NTP server for initial time +$SERVER + +def __backup_config(path, fstore = None): +if fstore: +fstore.backup_file(path) +else: +shutil.copy(path, %s.ipasave % (path)) -def config_ntp(server_fqdn, fstore = None): +def __write_config(path, content): +fd = open(path, w) +fd.write(content) +fd.close() + +def config_ntp(server_fqdn, fstore = None, sysstore = None): +path_step_tickers = /etc/ntp/step-tickers +path_ntp_conf = /etc/ntp.conf +path_ntp_sysconfig = /etc/sysconfig/ntpd sub_dict = { } sub_dict[SERVER] = server_fqdn nc =