Description of problem: In F14 the ntpd init scripts has hardcoded options in the actual init scripts and not in /ect/sysconfig/ntp where they can be customized. this is how it is started: daemon $prog -u ntp:ntp -p /var/run/ntpd.pid $OPTIONS $OPTIONS is sources from /etc/sysconfig/ntp where customizations can be made. Freeipa infact depends on beeing able to change some options and in f14 the installation replaces OPTIONS in /etc/sysconfig/ntp so that it looks like: OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid" Now when ntps is started it blows up complaining that the -u option is passed multiple times. The startup options should be stored in /etc/sysconfig/ntp and not hardcoded in the ntpd init script. This blocks IPA from working (changing freeipa is difficult as it would have to behave differently depending on which fedora version you run.) Previous ferdora versions work just fine as they do not hardcode options in the init script.
Btw, while looking at the package I saw that the systemd script is broken too That one also hardcodes these options instead of just sourcing them out of /etc/sysconfig/ntp That needs fixing too.
This causes problems for folk distributing /etc/sysconfig/ntpd via cfengine or puppet too.
ntpd could be made more forgiving when parsing its command line arguments. If it tolerated multiple occurrences of "-u" and "-p" by accepting the last one given, it would fix the problem, wouldn't it? I don't see why anyone would need to change the "-u" or "-p" options from the default (so hardcoding them is justified), but not breaking old /etc/sysconfig/ntp configs would be nice.
The -p option is used only in the SysV script, so I think it made sense to move the options related to init scripts to the scripts themselves. If the user, group and capabilities were set in the systemd unit file by the User=, Group=, Capabilities= directives, the -u option wouldn't be needed at all. Why IPA doesn't only add the -x option instead of replacing the whole line? Anyway, as Michal suggested, I'd rather "fix" this by allowing multiple -u options, the later would take precedence. Is that acceptable for you?
(In reply to comment #4) > The -p option is used only in the SysV script, so I think it made sense to move > the options related to init scripts to the scripts themselves. If the user, > group and capabilities were set in the systemd unit file by the User=, Group=, > Capabilities= directives, the -u option wouldn't be needed at all. > > Why IPA doesn't only add the -x option instead of replacing the whole line? Because it was the simplest thing to do ? :) > Anyway, as Michal suggested, I'd rather "fix" this by allowing multiple -u > options, the later would take precedence. Is that acceptable for you? It will make my stuff work, if you think it is better to hardcode these options in the init script then it is up to you I guess. My main issue is to not break working configurations, for the rest I let you choose what's the best way to achieve it. It looked simpler to me to patch the init script then to patch the binary (and faster). Simo.
(In reply to comment #5) > It will make my stuff work, if you think it is better to hardcode these options > in the init script then it is up to you I guess. There is a different set of options used when started by systemd and when started the SysV script, so we can put only the common options to the sysconfig file. > My main issue is to not break working configurations, for the rest I let you > choose what's the best way to achieve it. It looked simpler to me to patch the > init script then to patch the binary (and faster). Ok, I'll patch ntpd to allow -u and -p options to be specified twice. I'm hoping this is only a temporary fix and IPA will eventually do the right thing :).
ntp-4.2.6p2-7.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/ntp-4.2.6p2-7.fc14
Thank you Miroslaw, I opened this bug upstream to avoid issues in future: https://fedorahosted.org/freeipa/ticket/319
ntp-4.2.6p2-7.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update ntp'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/ntp-4.2.6p2-7.fc14
ntp-4.2.6p2-7.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
Was IPA fixed meanwhile? Because that patch still exists...
(In reply to Robert Scheck from comment #11) > Was IPA fixed meanwhile? Because that patch still exists... Yes, about 2 years ago.
FYI, the patch in ntp allowing two -u or -p options on command line is now removed in ntp-4.2.6p5-18.fc20.