Bug 1063512 - ipa-client fails to sync with ipa ntp server during setup if ntp in client is running
Summary: ipa-client fails to sync with ipa ntp server during setup if ntp in client is...
Keywords:
Status: CLOSED DUPLICATE of bug 975307
Alias: None
Product: Fedora
Classification: Fedora
Component: freeipa
Version: rawhide
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-10 21:37 UTC by raubvogel
Modified: 2014-02-11 09:16 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-02-11 09:16:36 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description raubvogel 2014-02-10 21:37:02 UTC 
Description of problem:

If you have a linux box you can run the ipaclient install script (ipa-client-install) that knows of a ntp server already, the installer will bark that it cannot sync time with the ipa ntp server.

Version-Release number of selected component (if applicable):

freeipa-3.3.4

How reproducible:

According to the freeipa-users, rather easily. That said, I only tested by running ipa-client-install in a centos 6.4 box. I did, however, checked the code in the release 3.3.4 of freeipa and the issue is still there.

Steps to Reproduce:
1. Setup the free ipa server (i.e. the kdc) to do ntp.
2. Configure ntp in the rehat/centos/fedora box that you are trying to create its host principal (using the ipa-client-install). In my case, I set my dhcp server to announce the kdc as the ntp server (option ntp-servers 10.0.0.11;)
3. Run ipa-client-install. It will be successful but will complain about not being able to sync against the ipa ntp server.

Actual results:

[root@centos64 ~]# hostname
centos64
[root@centos64 ~]# ipa-client-install --hostname=`hostname -f`
Discovery was successful!
Hostname: centos64.in.domain.com
Realm: DOMAIN.COM
DNS Domain: domain.com
IPA Server: auth.in.domain.com
BaseDN: dc=domain,dc=com

[so far so good!]

Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync.
Please check that 123 UDP port is opened.
Password for admin:

[Note that it will succeed in the setting up, which is not what this bug is all about. Here is what /var/log/ipaclient-install.log shows]

2014-02-08T13:14:31Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
auth.in.domain.com
2014-02-08T13:14:31Z DEBUG stdout=
2014-02-08T13:14:31Z DEBUG stderr=
2014-02-08T13:14:31Z WARNING Unable to sync time with IPA NTP server,
assuming the time is in sync. Please check that 123 UDP port is
opened.

Expected results:


Additional info:

Suggested solution is to edit ipa-client/ipaclient/ntpconf.py, function 
synconce_ntp(server_fqdn):

replace

        cmd = [ntpdate, "-U", "ntp", "-s", "-b", "-v", server_fqdn]

with

        cmd = [ntpdate, "-U", "ntp", "-s", "-b", "-v", "-u", server_fqdn]

Reasoning:

[root@centos64 ~]# date +%T -s "10:13:13"
10:13:13
[root@centos64 ~]# date
Mon Feb 10 10:13:15 EST 2014
[root@centos64 ~]# /usr/sbin/ntpdate -U ntp -s -b -v -u auth
[root@centos64 ~]# date
Mon Feb 10 16:05:49 EST 2014
[root@centos64 ~]# service ntpd status
ntpd (pid  8870) is running...
[root@centos64 ~]#
Comment 1 Martin Kosek 2014-02-11 09:16:36 UTC 
I just noticed this is a duplicate of Bug 975307. Let us track this issue there.

*** This bug has been marked as a duplicate of bug 975307 ***
Note You need to log in before you can comment on or make changes to this bug.