Bug 736617 – ipa-client-install mishandles ntp service configuration

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 736617 - ipa-client-install mishandles ntp service configuration

Summary:	ipa-client-install mishandles ntp service configuration

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa (Show other bugs)
Sub Component:
Version:	6.1
Hardware:	Unspecified Unspecified

Priority	low Severity low
Target Milestone:	rc
Target Release:	---
Assigned To:	Alexander Bokovoy
QA Contact:	Chandrasekar Kannan
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2011-09-08 05:22 EDT by Marko Myllynen
Modified:	2015-01-04 18:50 EST (History)
CC List:	5 users (show)

See Also:
Fixed In Version:	ipa-2.1.2-1.el6
Doc Type:	Bug Fix
Doc Text:	Cause: ipa-client-install does not configure /usr/sbin/ntpdate to use a correct NTP servers in /etc/ntp/step-tickers. Additionally, the the ipa-client-install does not store the state of the ntpd service before installation Consequence: When IPA client is installed, ntpdate may use incorrect servers to synchronize with. When the IPA client is uninstalled, ntpd may be set to incorrect state. Fix: ipa-client-install configures /usr/sbin/ntpdate to use the IPA NTP server for synchronization. When IPA client is uninstalled, both ntpdate configuration and ntpd status is restored Result: ntpdate run on IPA client machine synchronizes with correct NTP server and ntpdate and ntpd configuration is correctly restored after uninstallation
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-12-06 13:30:53 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:1533	normal	SHIPPED_LIVE	Moderate: ipa security and bug fix update	2011-12-05 20:23:31 EST

Groups: None (edit)

Description Marko Myllynen 2011-09-08 05:22:42 EDT

Description of problem:
After running ipa-client-install on a system when ntpdate has already been configured using /etc/ntp/step-tickers, both ntpd and ntpdate are enabled after enrollment. This means that during system boot first ntpdate is run (using the non-IPA servers from step-tickers) and the ntpd is started which is using the configuration from ntp.conf with IPA settings.

Also, after running ipa-client-install --uninstall, ntpd is left enabled even though it was not enabled before enrolling the system.

Version-Release number of selected component (if applicable):
RHEL 6.1 / IPA 2.1

Comment 2 Martin Kosek 2011-09-08 05:28:56 EDT

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/1770

Comment 3 Martin Kosek 2011-10-05 06:53:45 EDT

Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/f93d71409aa78c4e5c860405cdcc3bc6ffc49280
ipa-2-1: https://fedorahosted.org/freeipa/changeset/12ac2bd20ac1ca810e566afa2e94a2452739040c

Comment 5 Namita Soman 2011-10-17 13:34:34 EDT

Verified using ipa-client-2.1.2-2.el6.x86_64

before installing:
# service ntpd status
ntpd is stopped

# cat /etc/ntp/step-tickers 
# List of servers used for initial synchronization.
clock.corp.redhat.com
clock2.corp.redhat.com
clock.redhat.com
clock2.redhat.com


after installing:
# service ntpd status
ntpd (pid  25162) is running...

# cat /etc/ntp/step-tickers 
# Use IPA-provided NTP server for initial time
rhel62-server1.testrelm

after uninstalling:
ntpd is stopped, and step-tickers is restored back

Comment 6 Martin Kosek 2011-11-01 08:50:29 EDT

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: ipa-client-install does not configure /usr/sbin/ntpdate to use a correct NTP servers in /etc/ntp/step-tickers. Additionally, the the ipa-client-install does not store the state of the ntpd service before installation
Consequence: When IPA client is installed, ntpdate may use incorrect servers to synchronize with. When the IPA client is uninstalled, ntpd may be set to incorrect state.
Fix: ipa-client-install configures /usr/sbin/ntpdate to use the IPA NTP server for synchronization. When IPA client is uninstalled, both ntpdate configuration and ntpd status is restored
Result: ntpdate run on IPA client machine synchronizes with correct NTP server and ntpdate and ntpd configuration is correctly restored after uninstallation

Comment 7 errata-xmlrpc 2011-12-06 13:30:53 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html

Note You need to log in before you can comment on or make changes to this bug.