[Pkg-freeipa-devel] Bug#869656: ipa-client-install dies about ntp service not installed

Harald Dunkel harald.dunkel at aixigo.de
Tue Jul 25 11:38:16 UTC 2017 

Package: freeipa-client
Version: 4.4.4-1+b1

ipa-client-install dies, if ntp is not installed (e.g.
on a LXC container). Sample session:

root at logs01:~# ipa-client-install --hostname `hostname` --no-ssh --no-sshd --no-nisdomain --no-sudo
Discovery was successful!
Client hostname: logs01.vs.example.com
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: ipa2.example.com
BaseDN: dc=example,dc=com

Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
Unable to sync time with NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
User authorized to enroll computers: admin
Password for admin at EXAMPLE.COM: 
Successfully retrieved CA cert
    Subject:     CN=example Root CA,OU=example Certificate Authority,O=example AG,C=COM
    Issuer:      CN=example Root CA,OU=example Certificate Authority,O=example AG,C=COM
    Valid From:  Tue May 26 07:14:50 2015 UTC
    Valid Until: Sun Dec 31 23:59:59 2045 UTC

    Subject:     CN=Certificate Authority,O=example AG,C=COM
    Issuer:      CN=example Root CA,OU=example Certificate Authority,O=example AG,C=COM
    Valid From:  Mon Dec 28 10:35:30 2015 UTC
    Valid Until: Mon Dec 31 23:59:59 2035 UTC

Enrolled in IPA realm EXAMPLE.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
trying https://ipa2.example.com/ipa/json
Forwarding 'schema' to json server 'https://ipa2.example.com/ipa/json'
trying https://ipa2.example.com/ipa/session/json
Forwarding 'ping' to json server 'https://ipa2.example.com/ipa/session/json'
Forwarding 'ca_is_enabled' to json server 'https://ipa2.example.com/ipa/session/json'
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key-cert.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Forwarding 'host_mod' to json server 'https://ipa2.example.com/ipa/session/json'
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 3138, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 3119, in main
    rval = install(options, env, fstore, statestore)
  File "/usr/sbin/ipa-client-install", line 3070, in install
    ipaclient.ntpconf.config_ntp(ntp_servers, fstore, statestore)
  File "/usr/lib/python2.7/dist-packages/ipaclient/ntpconf.py", line 137, in config_ntp
    services.knownservices.ntpd.restart()
  File "/usr/lib/python2.7/dist-packages/ipaplatform/services.py", line 95, in restart
    instance_name], capture_output=capture_output)
  File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 515, in run
    raise CalledProcessError(p.returncode, arg_string, str(output))
subprocess.CalledProcessError: Command '/usr/sbin/service ntp restart ' returned non-zero exit status 5


AFAICS this is a regression to version 4.4.3-3. Of course I know 
that there is an option --no-ntp, but it should be easy to either 
ignore this error or to print a more user-friendly error message.


Thanx in advance. Please keep on your good work.

Harri

More information about the Pkg-freeipa-devel mailing list