[Freeipa-devel] ntp
Simo Sorce
ssorce at redhat.com
Thu Oct 11 21:56:29 UTC 2007
On Thu, 2007-10-11 at 14:27 -0700, Kevin McCarthy wrote:
> Rob Crittenden wrote:
> > We should require ntp be running in order to install IPA. I was thinking we
> > could check the output of ntpq -p:
> >
> > 1. If ntpq is not installed, quit
> > 2. If ntpq returns "Connection refused" quit
> > 3. If ntpq returns a list of peers, continue
>
> I think only 1 is required of us. Maybe just printing a message warning
> that correct time is essential for operation of the KDC.
>
> > Should we include an ntp configuration for clients as well?
>
> I think configuring ntp for them is a bit out of scope.
It's not out of scope at all, we should do this for all clients anyway
like we configure kerberos and ldap.
The problem with ntp is that it seem that if it starts and it can't
contact the server it just dies. I have been told some times ago that
starting ntp with an empty configuration and piping in the right server
after it is started using a client tool provided in the package solves
this problem. Unfortunately it is too much for v1.
So for now we should just check ntp is up and running both on server and
client, and just *warn*. They maybe running something different that
keep clock in sync, we shouldn't force ntp at all costs.
Simo.
More information about the Freeipa-devel
mailing list