[Pkg-freeipa-devel] Bug#869656: Bug#869656: ipa-client-install dies about ntp service not installed

Timo Aaltonen tjaalton at debian.org
Tue Jul 25 13:13:55 UTC 2017 

On 25.07.2017 14:38, Harald Dunkel wrote:
> Package: freeipa-client
> Version: 4.4.4-1+b1
> 
> ipa-client-install dies, if ntp is not installed (e.g.
> on a LXC container). Sample session:
> 
> root at logs01:~# ipa-client-install --hostname `hostname` --no-ssh --no-sshd --no-nisdomain --no-sudo
> Discovery was successful!
> Client hostname: logs01.vs.example.com
> Realm: EXAMPLE.COM
> DNS Domain: example.com
> IPA Server: ipa2.example.com
> BaseDN: dc=example,dc=com
> 
> Continue to configure the system with these values? [no]: yes
> Synchronizing time with KDC...
> Unable to sync time with NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
> User authorized to enroll computers: admin
> Password for admin at EXAMPLE.COM: 
> Successfully retrieved CA cert
>     Subject:     CN=example Root CA,OU=example Certificate Authority,O=example AG,C=COM
>     Issuer:      CN=example Root CA,OU=example Certificate Authority,O=example AG,C=COM
>     Valid From:  Tue May 26 07:14:50 2015 UTC
>     Valid Until: Sun Dec 31 23:59:59 2045 UTC
> 
>     Subject:     CN=Certificate Authority,O=example AG,C=COM
>     Issuer:      CN=example Root CA,OU=example Certificate Authority,O=example AG,C=COM
>     Valid From:  Mon Dec 28 10:35:30 2015 UTC
>     Valid Until: Mon Dec 31 23:59:59 2035 UTC
> 
> Enrolled in IPA realm EXAMPLE.COM
> Created /etc/ipa/default.conf
> New SSSD config will be created
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
> trying https://ipa2.example.com/ipa/json
> Forwarding 'schema' to json server 'https://ipa2.example.com/ipa/json'
> trying https://ipa2.example.com/ipa/session/json
> Forwarding 'ping' to json server 'https://ipa2.example.com/ipa/session/json'
> Forwarding 'ca_is_enabled' to json server 'https://ipa2.example.com/ipa/session/json'
> Systemwide CA database updated.
> Adding SSH public key from /etc/ssh/ssh_host_rsa_key-cert.pub
> Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
> Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
> Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
> Forwarding 'host_mod' to json server 'https://ipa2.example.com/ipa/session/json'
> Could not update DNS SSHFP records.
> SSSD enabled
> Configured /etc/openldap/ldap.conf
> Traceback (most recent call last):
>   File "/usr/sbin/ipa-client-install", line 3138, in <module>
>     sys.exit(main())
>   File "/usr/sbin/ipa-client-install", line 3119, in main
>     rval = install(options, env, fstore, statestore)
>   File "/usr/sbin/ipa-client-install", line 3070, in install
>     ipaclient.ntpconf.config_ntp(ntp_servers, fstore, statestore)
>   File "/usr/lib/python2.7/dist-packages/ipaclient/ntpconf.py", line 137, in config_ntp
>     services.knownservices.ntpd.restart()
>   File "/usr/lib/python2.7/dist-packages/ipaplatform/services.py", line 95, in restart
>     instance_name], capture_output=capture_output)
>   File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 515, in run
>     raise CalledProcessError(p.returncode, arg_string, str(output))
> subprocess.CalledProcessError: Command '/usr/sbin/service ntp restart ' returned non-zero exit status 5
> 
> 
> AFAICS this is a regression to version 4.4.3-3. Of course I know 
> that there is an option --no-ntp, but it should be easy to either 
> ignore this error or to print a more user-friendly error message.

I don't see anything changing wrt ntp since 4.4.3-3..

More information about the Pkg-freeipa-devel mailing list