ipaserver: Support sync_time changes of 4.8.0

sync_time is not using options anymore, but has two new arguments. These are ntp_servers and ntp_pool. The options argument is not used anymore. This requires to use inspect on sync_time to be able to detect if the old or the new function is available. The call for get_time_source has been added, but is documented out as the call is only useful in interactive mode. ipaserver_test now returns ntp_servers and ntp_pool, which are then used for ipaserver_setup_ntp.

ipaserver: Support sync_time changes of 4.8.0
d2968b26 · Thomas Woerner · 03d904b7 · d2968b26 · d2968b26 · d2968b26
Commit d2968b26 authored 5 years ago by Thomas Woerner
--- a/roles/ipaserver/library/ipaserver_setup_ntp.py
+++ b/roles/ipaserver/library/ipaserver_setup_ntp.py
@@ -51,12 +51,20 @@ from ansible.module_utils.ansible_ipa_server import *
 def main():
    ansible_module = AnsibleModule(
-        argument_spec = dict(),
+        argument_spec = dict(
+            ntp_servers=dict(required=False, type='list', default=None),
+            ntp_pool=dict(required=False, default=None),
+        ),
    )
    ansible_module._ansible_debug = True
    ansible_log = AnsibleModuleLog(ansible_module)
+    # set values ############################################################
+    options.ntp_servers = ansible_module.params.get('ntp_servers')
+    options.ntp_pool = ansible_module.params.get('ntp_pool')
    # init ##########################################################
    fstore = sysrestore.FileStore(paths.SYSRESTORE)
@@ -70,13 +78,18 @@ def main():
        # chrony will be handled here in uninstall() method as well by invoking
        # the ipa-server-install --uninstall
        ansible_module.log("Synchronizing time")
-        options.ntp_servers = None
-        options.ntp_pool = None
+        argspec = inspect.getargspec(sync_time)
-        if sync_time(options, fstore, sstore):
+        if "options" not in argspec.args:
-            ansible_module.log("Time synchronization was successful.")
+            synced_ntp = sync_time(options.ntp_servers, options.ntp_pool,
+                                   fstore, sstore)
        else:
-            ansible_module.warn("IPA was unable to sync time with chrony!")
+            synced_ntp = sync_time(options, fstore, sstore)
-            ansible_module.warn("Time synchronization is required for IPA "
+        if not synced_ntp:
+            ansible_module.log(
+                "Warning: IPA was unable to sync time with chrony!")
+            ansible_module.log(
+                "         Time synchronization is required for IPA "
                "to work correctly")
    else:
        # Configure ntpd

--- a/roles/ipaserver/library/ipaserver_test.py
+++ b/roles/ipaserver/library/ipaserver_test.py
@@ -88,6 +88,8 @@ def main():
            pkinit_cert_name=dict(required=False),
            ### client ###
            # mkhomedir
+            ntp_servers=dict(required=False, type='list', default=None),
+            ntp_pool=dict(required=False, default=None),
            no_ntp=dict(required=False, type='bool', default=False),
            # ssh_trust_dns
            # no_ssh
@@ -164,6 +166,8 @@ def main():
    options.pkinit_cert_name = ansible_module.params.get('pkinit_cert_name'),
    ### client ###
    # mkhomedir
+    options.ntp_servers = ansible_module.params.get('ntp_servers')
+    options.ntp_pool = ansible_module.params.get('ntp_pool')
    options.no_ntp = ansible_module.params.get('no_ntp')
    # ssh_trust_dns
    # no_ssh
@@ -705,9 +709,10 @@ def main():
        try:
            timeconf.check_timedate_services()
        except timeconf.NTPConflictingService as e:
-            ansible_module.log("Conflicting time&date synchronization service '%s'"
+            ansible_module.log(
-                       " will be disabled in favor of %s" % \
+                "WARNING: conflicting time&date synchronization service "
-                       (e.conflicting_service, time_service))
+                "'%s' will be disabled in favor of chronyd" % \
+                e.conflicting_service)
        except timeconf.NTPConfigurationError:
            pass
@@ -777,6 +782,11 @@ def main():
                "You will not be able to establish trusts with Active "
                "Directory.")
+    # Do not ask for time source
+    #if not options.no_ntp and not options.unattended and not (
+    #        options.ntp_servers or options.ntp_pool):
+    #    options.ntp_servers, options.ntp_pool = timeconf.get_time_source()
    #########################################################################
    http_pkcs12_file = None
@@ -871,6 +881,9 @@ def main():
                             ### ad trust ###
                             rid_base=options.rid_base,
                             secondary_rid_base=options.secondary_rid_base,
+                             ### client ###
+                             ntp_servers=options.ntp_servers,
+                             ntp_pool=options.ntp_pool,
                             ### additional ###
                             _installation_cleanup=_installation_cleanup,
                             domainlevel=options.domainlevel)

--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -64,6 +64,8 @@
    # pkinit_name
    ### client ###
    # mkhomedir
+    ntp_servers: "{{ ipaclient_ntp_servers | default(omit) }}"
+    ntp_pool: "{{ ipaclient_ntp_pool | default(omit) }}"
    no_ntp: "{{ ipaclient_no_ntp }}"
    # ssh_trust_dns
    # no_ssh
@@ -166,6 +168,8 @@
  - name: Install - Setup NTP
    ipaserver_setup_ntp:
+      ntp_servers: "{{ result_ipaserver_test.ntp_servers | default(omit) }}"
+      ntp_pool: "{{ result_ipaserver_test.ntp_pool | default(omit) }}"
    when: not ipaclient_no_ntp | bool and (ipaserver_external_cert_files
          is undefined or ipaserver_external_cert_files|length < 1)