From 2cffd6ebf9edd80b01f921141e181ec40c961148 Mon Sep 17 00:00:00 2001 From: Thomas Woerner <twoerner@redhat.com> Date: Wed, 17 Apr 2019 14:36:50 +0200 Subject: [PATCH] ipaclient_setup_ntp: Use time sync code from 4.6.4 if sync_time is not defined The FreeIPA versions since 4.7.0 are using chrony and also the new sync_time function for time synchronization which has been added to ipaclient/install/client.py. The old version in ipaclient_setup_ntp has been updated to the code that has been used in 4.6.4. --- .../ipaclient/library/ipaclient_setup_ntp.py | 65 ++++++++++--------- 1 file changed, 34 insertions(+), 31 deletions(-) diff --git a/roles/ipaclient/library/ipaclient_setup_ntp.py b/roles/ipaclient/library/ipaclient_setup_ntp.py index d7b4f3b7..9f941942 100644 --- a/roles/ipaclient/library/ipaclient_setup_ntp.py +++ b/roles/ipaclient/library/ipaclient_setup_ntp.py @@ -115,11 +115,11 @@ def main(): cli_domain = module.params.get('domain') options.conf_ntp = not options.no_ntp + options.debug = False fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE) statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE) - ntp_servers = [ ] synced_ntp = False if sync_time is not None: if options.conf_ntp: @@ -133,40 +133,43 @@ def main(): else: logger.info("Skipping chrony configuration") - elif not options.on_master and options.conf_ntp: - # Attempt to sync time with IPA server. - # If we're skipping NTP configuration, we also skip the time sync here. - # We assume that NTP servers are discoverable through SRV records - # in the DNS. - # If that fails, we try to sync directly with IPA server, - # assuming it runs NTP - if not options.ntp_servers: - # Detect NTP servers + else: + ntp_srv_servers = [ ] + if not options.on_master and options.conf_ntp: + # Attempt to sync time with IPA server. + # If we're skipping NTP configuration, we also skip the time sync here. + # We assume that NTP servers are discoverable through SRV records + # in the DNS. + # If that fails, we try to sync directly with IPA server, + # assuming it runs NTP + logger.info('Synchronizing time with KDC...') ds = ipadiscovery.IPADiscovery() - ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp', - None, break_on_first=False) + ntp_srv_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp', + None, break_on_first=False) + synced_ntp = False + ntp_servers = ntp_srv_servers + + # use user specified NTP servers if there are any + if options.ntp_servers: + ntp_servers = options.ntp_servers + + for s in ntp_servers: + synced_ntp = ntpconf.synconce_ntp(s, options.debug) + if synced_ntp: + break + + if not synced_ntp and not options.ntp_servers: + synced_ntp = timeconf.synconce_ntp(cli_server[0], options.debug) + if not synced_ntp: + module.warn( + "Unable to sync time with NTP " + "server, assuming the time is in sync. Please check " + "that 123 UDP port is opened.") else: - ntp_servers = options.ntp_servers - - # Attempt to sync time: - # At first with given or dicovered time servers. If no ntp - # servers have been given or discovered, then with the ipa - # server. - module.log('Synchronizing time ...') - synced_ntp = False - # use user specified NTP servers if there are any - for s in ntp_servers: - synced_ntp = timeconf.synconce_ntp(s, False) - if synced_ntp: - break - if not synced_ntp and not ntp_servers: - synced_ntp = timeconf.synconce_ntp(cli_server[0], False) - if not synced_ntp: - module.warn("Unable to sync time with NTP server") + logger.info('Skipping synchronizing time with NTP server.') # Done - module.exit_json(changed=True, - synced_ntp=synced_ntp) + module.exit_json(changed=synced_ntp) if __name__ == '__main__': main() -- GitLab