[Freeipa-devel] ntp
Karl MacMillan
kmacmill at redhat.com
Fri Oct 12 20:01:28 UTC 2007
On Thu, 2007-10-11 at 17:56 -0400, Simo Sorce wrote:
> On Thu, 2007-10-11 at 14:27 -0700, Kevin McCarthy wrote:
> > Rob Crittenden wrote:
> > > We should require ntp be running in order to install IPA. I was thinking we
> > > could check the output of ntpq -p:
> > >
> > > 1. If ntpq is not installed, quit
> > > 2. If ntpq returns "Connection refused" quit
> > > 3. If ntpq returns a list of peers, continue
> >
> > I think only 1 is required of us. Maybe just printing a message warning
> > that correct time is essential for operation of the KDC.
> >
> > > Should we include an ntp configuration for clients as well?
> >
> > I think configuring ntp for them is a bit out of scope.
>
> It's not out of scope at all, we should do this for all clients anyway
> like we configure kerberos and ldap.
> The problem with ntp is that it seem that if it starts and it can't
> contact the server it just dies. I have been told some times ago that
> starting ntp with an empty configuration and piping in the right server
> after it is started using a client tool provided in the package solves
> this problem. Unfortunately it is too much for v1.
>
Since we don't have disconnected operation for v1 is this really an
issue?
> So for now we should just check ntp is up and running both on server and
> client, and just *warn*. They maybe running something different that
> keep clock in sync, we shouldn't force ntp at all costs.
>
Not certain what you mean - I think the server tools should setup an ntp
server regardless. It doesn't hurt. The client tools should optionally
configure ntp.
Karl
More information about the Freeipa-devel
mailing list