ansible-freeipa icon indicating copy to clipboard operation
ansible-freeipa copied to clipboard

Published 20 hours ago verified publisher icon freeipa

ipareplica role does not setup NTP

Open ghost opened this issue 5 years ago • 3 comments

ipareplica role does not setup 'NTP service' role. After role is complete, ntpd/chronyd are not running on host.

ipaserver role has ipaserver_setup_ntp.py and ipaserver playbook calls it, however all this seems to be missing from ipareplica.

ghost avatar Nov 20 '19 23:11 ghost

Yeah, this is a pretty massive bug - I just discovered today that all of my IPA replicas are not running NTP today like I thought they were. This role doesn't seem to install NTP like it's supposed to on replicas.

jstaf avatar May 30 '22 19:05 jstaf

How did you install the replica? Which parameters have been set? Which system and ansible-freeipa version are you using?

t-woerner avatar May 31 '22 09:05 t-woerner

My replica was just installed via the ipareplica role on CentOS 7. There is no special settings required to reproduce this: just provision a server with the ipaserver role, and a replica using the ipareplica role (default settings are fine). The ipaserver server will have the "NTP server" role, and the ipareplica server will be missing the "NTP server" role.

The expected behavior is that the server provisioned using the ipareplica role should also have the "NTP server" role.

@jlanclos's original assessment of the problem is correct:

  • the ipaserver role sets up NTP here: https://github.com/freeipa/ansible-freeipa/blob/master/roles/ipaserver/tasks/install.yml#L197-L200
  • the ipareplica role should also setup NTP here, but the task is missing (so NTP is never setup on new replicas): https://github.com/freeipa/ansible-freeipa/blob/master/roles/ipareplica/tasks/install.yml#L275

You can verify this is the problem by just copy/pasting the ipaserver_setup_ntp task to the correct spot in the ipareplica role: https://github.com/freeipa/ansible-freeipa/blob/master/roles/ipareplica/tasks/install.yml#L275. It looks like this was just accidentally left out when the role was created.

(It looks like the way to fix replicas post-hoc is following https://listman.redhat.com/archives/freeipa-users/2014-August/msg00197.html... they'll never show up as an "NTP server" in the FreeIPA UI though 😞)

jstaf avatar May 31 '22 20:05 jstaf