[Freeipa-devel] [PATCH] 0016 Setup and restore ntp configuration on the
Alexander Bokovoy
abokovoy at redhat.com
Tue Oct 4 20:51:00 UTC 2011
On Tue, 04 Oct 2011, Jan Cholasta wrote:
> Now ipa-client-install --uninstall fails with:
>
> Traceback (most recent call last):
> File "/usr/sbin/ipa-client-install", line 1165, in <module>
> sys.exit(main())
> File "/usr/sbin/ipa-client-install", line 1147, in main
> return uninstall(options, env)
> File "/usr/sbin/ipa-client-install", line 339, in uninstall
> restored = fstore.restore_file("/etc/ntp.conf")
> File "/usr/lib/python2.7/site-packages/ipapython/sysrestore.py",
> line 158, in restore_file
> raise ValueError("No such file name in the index")
> ValueError: No such file name in the index
Reproduced. This happens when the package freeipa-client is upgraded
after client is enrolled with previous version -- in such case there
is no backup state and therefore we can't restore.
Attached patch should fix it -- as we can ignore absent backup.
--
/ Alexander Bokovoy
-------------- next part --------------
>From a37e9ff4a35c4c9784bf6a174ca8a4da37a43f51 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Tue, 4 Oct 2011 13:56:12 +0300
Subject: [PATCH] Setup and restore ntp configuration on the client side
properly
When setting up the client-side NTP configuration, make sure that /etc/ntp/step-tickers
point to IPA NTP server as well.
When restoring the client during ipa-client-install --uninstall, make sure NTP configuration
is fully restored and NTP service is disabled if it was disabled before the installation.
https://fedorahosted.org/freeipa/ticket/1770
---
ipa-client/ipa-install/ipa-client-install | 26 ++++++++++++++-
ipa-client/ipaclient/ntpconf.py | 52 ++++++++++++++++++++--------
2 files changed, 62 insertions(+), 16 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 76f7f1913c804053edb8b90979286a0592fa5737..b8d4867ab3df119132b7d9da35803e50bbd4ea51 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -320,6 +320,30 @@ def uninstall(options, env, quiet=False):
# this is optional service, just log
logging.info("%s daemon is not installed, skip configuration" % (nslcd.service_name))
+ ntp_configured = statestore.has_state('ntp')
+ if ntp_configured:
+ ntp_enabled = statestore.restore_state('ntp', 'enabled')
+ ntp_step_tickers = statestore.restore_state('ntp', 'step-tickers')
+
+ try:
+ # Restore might fail due to file missing in backup
+ # the reason for it might be that freeipa-client was updated
+ # to this version but not unenrolled/enrolled again
+ # In such case it is OK to fail
+ restored = fstore.restore_file("/etc/ntp.conf")
+ restored |= fstore.restore_file("/etc/sysconfig/ntpd")
+ if ntp_step_tickers:
+ restored |= fstore.restore_file("/etc/ntp/step-tickers")
+ except:
+ pass
+
+ if not ntp_enabled:
+ ipaservices.knownservices.ntpd.stop()
+ ipaservices.knownservices.ntpd.disable()
+ else:
+ if restored:
+ ipaservices.knownservices.ntpd.restart()
+
if not options.unattended:
emit_quiet(quiet, "The original nsswitch.conf configuration has been restored.")
emit_quiet(quiet, "You may need to restart services or reboot the machine.")
@@ -1102,7 +1126,7 @@ def install(options, env, fstore, statestore):
ntp_server = options.ntp_server
else:
ntp_server = cli_server
- ipaclient.ntpconf.config_ntp(ntp_server, fstore)
+ ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore)
print "NTP enabled"
print "Client configuration complete."
diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py
index 3042005f41ea3ed6c8fee739b9cf2b833a8d6d59..cf203b90490f8268553229730cc2966d2c14f292 100644
--- a/ipa-client/ipaclient/ntpconf.py
+++ b/ipa-client/ipaclient/ntpconf.py
@@ -20,6 +20,7 @@
from ipapython import ipautil
from ipapython import services as ipaservices
import shutil
+import os
ntp_conf = """# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
@@ -80,30 +81,51 @@ SYNC_HWCLOCK=yes
# Additional options for ntpdate
NTPDATE_OPTIONS=""
"""
+ntp_step_tickers = """# Use IPA-provided NTP server for initial time
+$SERVER
+"""
+def __backup_config(path, fstore = None):
+ if fstore:
+ fstore.backup_file(path)
+ else:
+ shutil.copy(path, "%s.ipasave" % (path))
-def config_ntp(server_fqdn, fstore = None):
+def __write_config(path, content):
+ fd = open(path, "w")
+ fd.write(content)
+ fd.close()
+
+def config_ntp(server_fqdn, fstore = None, sysstore = None):
+ path_step_tickers = "/etc/ntp/step-tickers"
+ path_ntp_conf = "/etc/ntp.conf"
+ path_ntp_sysconfig = "/etc/sysconfig/ntpd"
sub_dict = { }
sub_dict["SERVER"] = server_fqdn
nc = ipautil.template_str(ntp_conf, sub_dict)
+ config_step_tickers = False
- if fstore:
- fstore.backup_file("/etc/ntp.conf")
- else:
- shutil.copy("/etc/ntp.conf", "/etc/ntp.conf.ipasave")
- fd = open("/etc/ntp.conf", "w")
- fd.write(nc)
- fd.close()
+ if os.path.exists(path_step_tickers):
+ config_step_tickers = True
+ ns = ipautil.template_str(ntp_step_tickers, sub_dict)
+ __backup_config(path_step_tickers, fstore)
+ __write_config(path_step_tickers, ns)
+ ipaservices.restore_context(path_step_tickers)
- if fstore:
- fstore.backup_file("/etc/sysconfig/ntpd")
- else:
- shutil.copy("/etc/sysconfig/ntpd", "/etc/sysconfig/ntpd.ipasave")
+ if sysstore:
+ module = 'ntp'
+ sysstore.backup_state(module, "enabled", ipaservices.knownservices.ntpd.is_enabled())
+ if config_step_tickers:
+ sysstore.backup_state(module, "step-tickers", True)
- fd = open("/etc/sysconfig/ntpd", "w")
- fd.write(ntp_sysconfig)
- fd.close()
+ __backup_config(path_ntp_conf, fstore)
+ __write_config(path_ntp_conf, nc)
+ ipaservices.restore_context(path_ntp_conf)
+
+ __backup_config(path_ntp_sysconfig)
+ __write_config(path_ntp_sysconfig, ntp_sysconfig)
+ ipaservices.restore_context(path_ntp_sysconfig)
# Set the ntpd to start on boot
ipaservices.knownservices.ntpd.enable()
--
1.7.6.4
More information about the Freeipa-devel
mailing list