Re: [Freeipa-devel] [PATCHES 0224-0225] Use NTP servers detected from SRV records in ntp configuration
On 04/16/2015 06:20 PM, Martin Babinsky wrote: On 04/16/2015 05:14 PM, Martin Basti wrote: On 16/04/15 13:53, Martin Babinsky wrote: On 04/16/2015 01:34 PM, Martin Babinsky wrote: On 04/15/2015 04:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4981 Stupid me, thank you Updated patches attached. ACK pushed to master: * e395bdb911ebf69fbf6b3e1c9e0e148a9600bd90 ipa client: make --ntp-server option multivalued * e55d8ee5d4649b2fd35aa6f29ed2a8f60088d1a8 ipa client: use NTP servers detected from SRV -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES 0224-0225] Use NTP servers detected from SRV records in ntp configuration
On 04/16/2015 01:34 PM, Martin Babinsky wrote: On 04/15/2015 04:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4981 These patches keep usage of IPA server address as NTP server in NTP configuration on clients, in case that no NTP servers were specified by user, and no NTP servers were resolved from SRV records. This will ensure backward compatibility, as IPA does not configure NTP SRV records for each domain automatically. Patches attached. Martin^2 PATCH 224 NACK PATCH 225 ACK Patch 224 you keep the original destination (dest=ntp_server) for --ntp-server option, but in patch 226 the code attempts to get the server names from options.ntpservers resulting in: Traceback (most recent call last): File /sbin/ipa-client-install, line 2932, in module sys.exit(main()) File /sbin/ipa-client-install, line 2913, in main rval = install(options, env, fstore, statestore) File /sbin/ipa-client-install, line 2342, in install if options.ntp_servers: AttributeError: Values instance has no attribute 'ntp_servers' So please fix this. Naming the destination 'ntp_servers' (plural form) seems best because we now store multiple values. Also, if renaming option.ntp_server to option.ntp_servers, do not forget to change also these lines in ipa-client-install: 2852 if options.ntp_server: 2853 ntp_servers = options.ntp_server (line numbers after applying patches 224-226) -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES 0224-0225] Use NTP servers detected from SRV records in ntp configuration
On 04/15/2015 04:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4981 These patches keep usage of IPA server address as NTP server in NTP configuration on clients, in case that no NTP servers were specified by user, and no NTP servers were resolved from SRV records. This will ensure backward compatibility, as IPA does not configure NTP SRV records for each domain automatically. Patches attached. Martin^2 PATCH 224 NACK PATCH 225 ACK Patch 224 you keep the original destination (dest=ntp_server) for --ntp-server option, but in patch 226 the code attempts to get the server names from options.ntpservers resulting in: Traceback (most recent call last): File /sbin/ipa-client-install, line 2932, in module sys.exit(main()) File /sbin/ipa-client-install, line 2913, in main rval = install(options, env, fstore, statestore) File /sbin/ipa-client-install, line 2342, in install if options.ntp_servers: AttributeError: Values instance has no attribute 'ntp_servers' So please fix this. Naming the destination 'ntp_servers' (plural form) seems best because we now store multiple values. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES 0224-0225] Use NTP servers detected from SRV records in ntp configuration
On 16/04/15 13:53, Martin Babinsky wrote:
On 04/16/2015 01:34 PM, Martin Babinsky wrote:
On 04/15/2015 04:17 PM, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/4981
These patches keep usage of IPA server address as NTP server in NTP
configuration on clients, in case that no NTP servers were
specified by
user, and no NTP servers were resolved from SRV records. This will
ensure backward compatibility, as IPA does not configure NTP SRV
records
for each domain automatically.
Patches attached.
Martin^2
PATCH 224 NACK
PATCH 225 ACK
Patch 224 you keep the original destination (dest=ntp_server)
for --ntp-server option, but in patch 226 the code attempts to get the
server names from options.ntpservers resulting in:
Traceback (most recent call last):
File /sbin/ipa-client-install, line 2932, in module
sys.exit(main())
File /sbin/ipa-client-install, line 2913, in main
rval = install(options, env, fstore, statestore)
File /sbin/ipa-client-install, line 2342, in install
if options.ntp_servers:
AttributeError: Values instance has no attribute 'ntp_servers'
So please fix this.
Naming the destination 'ntp_servers' (plural form) seems best because we
now store multiple values.
Also, if renaming option.ntp_server to option.ntp_servers, do not
forget to change also these lines in ipa-client-install:
2852 if options.ntp_server:
2853 ntp_servers = options.ntp_server
(line numbers after applying patches 224-226)
Stupid me, thank you
Updated patches attached.
--
Martin Basti
From 73a920ad890ddbce953daf1317034f21da07c529 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Tue, 14 Apr 2015 18:56:47 +0200
Subject: [PATCH 1/2] ipa client: make --ntp-server option multivalued
There can be more ntp servers in ntp.conf
Required for ticket: https://fedorahosted.org/freeipa/ticket/4981
---
ipa-client/ipa-install/ipa-client-install | 19 +++
ipa-client/ipaclient/ntpconf.py | 11 ++-
ipa-client/man/ipa-client-install.1 | 2 +-
3 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 1590a08600bbb1b2fd7f4c3338b5060156d7dc38..b9c7df1485bf60c4c073cd168c8731a8130d8ac9 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -118,7 +118,9 @@ def parse_options():
basic_group.add_option(, --force-join, dest=force_join,
action=store_true, default=False,
help=Force client enrollment even if already enrolled)
-basic_group.add_option(--ntp-server, dest=ntp_server, help=ntp server to use)
+basic_group.add_option(--ntp-server, dest=ntp_servers, action=append,
+ help=ntp server to use. This option can be used
+multiple times)
basic_group.add_option(-N, --no-ntp, action=store_false,
help=do not configure ntp, default=True, dest=conf_ntp)
basic_group.add_option(, --force-ntpd, dest=force_ntpd,
@@ -2330,10 +2332,11 @@ def install(options, env, fstore, statestore):
# We assume that NTP servers are discoverable through SRV records in the DNS
# If that fails, we try to sync directly with IPA server, assuming it runs NTP
root_logger.info('Synchronizing time with KDC...')
-ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp', None, break_on_first=False)
+ntp_srv_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp',
+ None, break_on_first=False)
synced_ntp = False
-if ntp_servers:
-for s in ntp_servers:
+if ntp_srv_servers:
+for s in ntp_srv_servers:
synced_ntp = ipaclient.ntpconf.synconce_ntp(s)
if synced_ntp:
break
@@ -2838,11 +2841,11 @@ def install(options, env, fstore, statestore):
# disable other timedate services first
if options.force_ntpd:
ipaclient.ntpconf.force_ntpd(statestore)
-if options.ntp_server:
-ntp_server = options.ntp_server
+if options.ntp_servers:
+ntp_servers = options.ntp_servers
else:
-ntp_server = cli_server[0]
-ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore)
+ntp_servers = cli_server
+ipaclient.ntpconf.config_ntp(ntp_servers, fstore, statestore)
root_logger.info(NTP enabled)
if options.conf_ssh:
diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py
index 7d5c82a89b51f68362f12869a9234f5b69aa5ba9..c22fba401d33009b3b95d1418dc7c8a03328d569 100644
--- a/ipa-client/ipaclient/ntpconf.py
+++ b/ipa-client/ipaclient/ntpconf.py
@@ -41,7 +41,7 @@ restrict -6 ::1
# Use public servers from the pool.ntp.org project.
# Please consider
Re: [Freeipa-devel] [PATCHES 0224-0225] Use NTP servers detected from SRV records in ntp configuration
On 04/16/2015 05:14 PM, Martin Basti wrote: On 16/04/15 13:53, Martin Babinsky wrote: On 04/16/2015 01:34 PM, Martin Babinsky wrote: On 04/15/2015 04:17 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4981 These patches keep usage of IPA server address as NTP server in NTP configuration on clients, in case that no NTP servers were specified by user, and no NTP servers were resolved from SRV records. This will ensure backward compatibility, as IPA does not configure NTP SRV records for each domain automatically. Patches attached. Martin^2 PATCH 224 NACK PATCH 225 ACK Patch 224 you keep the original destination (dest=ntp_server) for --ntp-server option, but in patch 226 the code attempts to get the server names from options.ntpservers resulting in: Traceback (most recent call last): File /sbin/ipa-client-install, line 2932, in module sys.exit(main()) File /sbin/ipa-client-install, line 2913, in main rval = install(options, env, fstore, statestore) File /sbin/ipa-client-install, line 2342, in install if options.ntp_servers: AttributeError: Values instance has no attribute 'ntp_servers' So please fix this. Naming the destination 'ntp_servers' (plural form) seems best because we now store multiple values. Also, if renaming option.ntp_server to option.ntp_servers, do not forget to change also these lines in ipa-client-install: 2852 if options.ntp_server: 2853 ntp_servers = options.ntp_server (line numbers after applying patches 224-226) Stupid me, thank you Updated patches attached. ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCHES 0224-0225] Use NTP servers detected from SRV records in ntp configuration
https://fedorahosted.org/freeipa/ticket/4981
These patches keep usage of IPA server address as NTP server in NTP
configuration on clients, in case that no NTP servers were specified by
user, and no NTP servers were resolved from SRV records. This will
ensure backward compatibility, as IPA does not configure NTP SRV records
for each domain automatically.
Patches attached.
Martin^2
From 55f7717b37b205bd5f9a6d068868fd370ee9c539 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Tue, 14 Apr 2015 18:56:47 +0200
Subject: [PATCH 1/2] ipa client: make --ntp-server option multivalued
There can be more ntp servers in ntp.conf
Required for ticket: https://fedorahosted.org/freeipa/ticket/4981
---
ipa-client/ipa-install/ipa-client-install | 17 ++---
ipa-client/ipaclient/ntpconf.py | 11 ++-
ipa-client/man/ipa-client-install.1 | 2 +-
3 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 1ab6cc37bb172fb9d9ca4273567a9e38687c763f..6ff63e505a0dc627a3bdf1ab3445d156149fec73 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -118,7 +118,9 @@ def parse_options():
basic_group.add_option(, --force-join, dest=force_join,
action=store_true, default=False,
help=Force client enrollment even if already enrolled)
-basic_group.add_option(--ntp-server, dest=ntp_server, help=ntp server to use)
+basic_group.add_option(--ntp-server, dest=ntp_server, action=append,
+ help=ntp server to use. This option can be used
+multiple times)
basic_group.add_option(-N, --no-ntp, action=store_false,
help=do not configure ntp, default=True, dest=conf_ntp)
basic_group.add_option(, --force-ntpd, dest=force_ntpd,
@@ -2330,10 +2332,11 @@ def install(options, env, fstore, statestore):
# We assume that NTP servers are discoverable through SRV records in the DNS
# If that fails, we try to sync directly with IPA server, assuming it runs NTP
root_logger.info('Synchronizing time with KDC...')
-ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp', None, break_on_first=False)
+ntp_srv_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp',
+ None, break_on_first=False)
synced_ntp = False
-if ntp_servers:
-for s in ntp_servers:
+if ntp_srv_servers:
+for s in ntp_srv_servers:
synced_ntp = ipaclient.ntpconf.synconce_ntp(s)
if synced_ntp:
break
@@ -2839,10 +2842,10 @@ def install(options, env, fstore, statestore):
if options.force_ntpd:
ipaclient.ntpconf.force_ntpd(statestore)
if options.ntp_server:
-ntp_server = options.ntp_server
+ntp_servers = options.ntp_server
else:
-ntp_server = cli_server[0]
-ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore)
+ntp_servers = cli_server
+ipaclient.ntpconf.config_ntp(ntp_servers, fstore, statestore)
root_logger.info(NTP enabled)
if options.conf_ssh:
diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py
index 7d5c82a89b51f68362f12869a9234f5b69aa5ba9..c22fba401d33009b3b95d1418dc7c8a03328d569 100644
--- a/ipa-client/ipaclient/ntpconf.py
+++ b/ipa-client/ipaclient/ntpconf.py
@@ -41,7 +41,7 @@ restrict -6 ::1
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
-server $SERVER
+$SERVERS_BLOCK
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
@@ -84,7 +84,7 @@ SYNC_HWCLOCK=yes
NTPDATE_OPTIONS=
ntp_step_tickers = # Use IPA-provided NTP server for initial time
-$SERVER
+$TICKER_SERVERS_BLOCK
def __backup_config(path, fstore = None):
if fstore:
@@ -97,12 +97,13 @@ def __write_config(path, content):
fd.write(content)
fd.close()
-def config_ntp(server_fqdn, fstore = None, sysstore = None):
+def config_ntp(ntp_servers, fstore = None, sysstore = None):
path_step_tickers = paths.NTP_STEP_TICKERS
path_ntp_conf = paths.NTP_CONF
path_ntp_sysconfig = paths.SYSCONFIG_NTPD
-sub_dict = { }
-sub_dict[SERVER] = server_fqdn
+sub_dict = {}
+sub_dict[SERVERS_BLOCK] = \n.join(server %s % s for s in ntp_servers)
+sub_dict[TICKER_SERVERS_BLOCK] = \n.join(ntp_servers)
nc = ipautil.template_str(ntp_conf, sub_dict)
config_step_tickers = False
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 726a6c133132dd2e3ba2fde43d8a2ec0549bfcef..978ac38c09567c101f9ad36598bb6d286284daa1 100644
---
