[Freeipa-devel] [PATCH] 335 Stop and disable conflicting time&date services

Rob Crittenden rcritten at redhat.com
Fri Dec 7 18:07:51 UTC 2012 

Martin Kosek wrote:
> On 12/07/2012 02:51 PM, Simo Sorce wrote:
>> On Fri, 2012-12-07 at 13:14 +0100, Martin Kosek wrote:
>>> On 11/15/2012 10:49 PM, Simo Sorce wrote:
>>>> On Thu, 2012-11-15 at 17:33 +0100, Martin Kosek wrote:
>>>>> On 11/15/2012 03:22 PM, Simo Sorce wrote:
>>>>>> On Thu, 2012-11-15 at 12:34 +0100, Martin Kosek wrote:
>>>>>>> Fedora 16 introduced chrony as default client time&date synchronization
>>>>>>> service:
>>>>>>> http://fedoraproject.org/wiki/Features/ChronyDefaultNTP
>>>>>>> Thus, there may be people already using chrony as their time and date
>>>>>>> synchronization service before installing IPA.
>>>>>>>
>>>>>>> However, installing IPA server or client on such machine may lead to
>>>>>>> unexpected behavior, as the IPA installer would configure ntpd and leave
>>>>>>> the machine with both ntpd and chronyd enabled. However, since the OS
>>>>>>> does not allow both chronyd and ntpd to be running concurrently and chronyd
>>>>>>> has the precedence, ntpd would not be run on that system at all.
>>>>>>>
>>>>>>> Make sure, that user is warned when trying to install IPA on such
>>>>>>> system and is given a possibility to either not to let IPA configure
>>>>>>> ntpd at all or to let the installer stop and disable chronyd.
>>>>>>>
>>>>>>> https://fedorahosted.org/freeipa/ticket/2974
>>>>>>
>>>>>> This looks a bit backwards to me.
>>>>>>
>>>>>> The IPA server can only configure ntpd because it configures it to serve
>>>>>> time to the clients. So on a server force_ntpd should be the default and
>>>>>> the install should automatically shutdown crony.
>>>>>
>>>>> I considered that option too, but it simply just did not seem very "polite" to
>>>>> silently stop and disable chrony with some custom user time&date
>>>>> synchronization configuration that user may rely on.
>>>>>
>>>>> Telling user what's the problem and providing him with options what to do
>>>>> seemed more user friendly to me...
>>>>
>>>> not on the server, no you don;t get to choose there, unless you call
>>>> install script with --no-ntp
>>>
>>> Well, IMO this is exactly what my patch does on the server side. Allows user to
>>> either run the server install with --no-ntp or let it install with --force-ntpd
>>> which disables other time&date services. That are the only 2 choices, I just
>>> did the ntpd configuration in a polite way.
>>>
>>>>
>>>>>>
>>>>>> On clients we may give a choice, but then we should not stop, we should
>>>>>> instead configure the one tool the admin wants to use and point it to
>>>>>> the server, because time synchronization is critical. Not syncing time
>>>>>> is basically not an option so our default behavior must be to make sure
>>>>>> one of the time tool is properly configured and require a force flag if
>>>>>> the admin wants to 'not' configure a time sync tool.
>>>>>>
>>>>>> Simo.
>>>>>>
>>>>>
>>>>> The force flag to not configure time sync tool is already there as --no-ntp. I
>>>>> already discussed this with Rob before, I was advised to rather stick with the
>>>>> ntpd only for the time being. Adding Rob to CC to comment on this one.
>>>>
>>>> Not sure I grok what this entails, support only ntpd ?
>>>
>>> At this moment, yes.
>>>
>>>> In this case we can error out if crony is there on the client, but not
>>>> on the server. On the server we just roll over crony, as crony is not an
>>>> ntp server at all so it should go
>>>> if the admin *really*insist in using crony then they'll have to
>>>> explicitly install the server with --no-ntp
>>>> note that we are not going to change crony;s configuration just turn it
>>>> off and start ntpd instead.
>>>>
>>>> Simo.
>>>>
>>>
>>> Do I understand this right, that you also want to add a support for chrony?
>>> I.e. that ipa-client-install should be able to configure either ntpd or chronyd
>>> for synchronization based on user's choice? If yes, I am OK with that and I can
>>> implement it - I just wanted to make sure that this is what we want.
>>>
>>> In current state, ipa-client-install errors out when chrony is configured and
>>> allows user to either run with --no-ntp (and thus keep the chrony running) or
>>> with --force-ntpd which would disable chronyd and configure&enable ntpd.
>>
>> No, that is not what I am saying.
>>
>> I think these should be the actions taken:
>>
>> 1. Server install (no flags).
>> a. nothing is found: install ntpd as usual (unless --no-ntp is passed)
>> b. ntpd is found: reconfigure it
>> c.1. crony is found: disable it and reconfigure ntpd, no questions asked
>> c.2. if --no-ntp is passed in then do not disable crony
>>
>> 2. client install
>> a. nothing is found: install ntpd as usual (unless --no-ntp is passed)
>> b. ntpd is found: whatever is done now
>> c.1. crony is found: warn that crony is in use, but proceed with install
>> c.2. if --force-ntpd is passed then disable crony and configure ntpd
>>
>> Basically in the server we imply a default of --force-ntpd, unless you
>> pass --no-ntp
>>
>> Simo.
>>
>
> Ok, I see your point now. Sending an updated version.
>
> During server installation, user is warned when running conflicting time
> service. Installation then enforces ntpd configuration.
>
> During client installation, user is also warned, but continuing in installation
> omits ntpd configuration instead. But user can use --force-ntpd to force ntpd
> configuration.
>
> Martin
>

ACK

I tweaked this error to wrap differently before pushing:

It went from this:

WARNING: conflicting time&date synchronization service 'chronyd' will be 
disabled
in favor of ntpd

To this:

WARNING: conflicting time&date synchronization service 'chronyd' will be 
disabled in favor of ntpd

pushed to master

More information about the Freeipa-devel mailing list