[Freeipa-devel] NTP in FreeIPA
David Kupka
dkupka at redhat.com
Tue Nov 22 11:15:05 UTC 2016
Hello everyone!
Is it worth to keep configuring NTP in FreeIPA?
In usual environment there're no special requirements for time
synchronization and the distribution default (be it ntpd, chrony or
anything else) will just work. Any tampering with the configuration
can't make it any better.
In environment with special requirements (network disconnected from
public internet, nodes disconnected from topology for longer time, ...)
time synchronization must be taken care of accordingly by system
administrator and FreeIPA simply can't help here.
Also there are problems and weird behavior with the current FreeIPA
installers:
* ipa-client-install replaces all servers in /etc/ntp.conf with the ones
specified by user or resolved from DNS. If none were provided nor
resolved the FreeIPA server specified/resolved during installation it
used. This leads in just single server in the configuration and no time
synchronization when this server is down/decommissioned.
* ipa-client-install replaces the NTP configuration. If there was any
parts previously edited by system administrator it's lost.
* ipa-server-install adds {0-4}.$PLATFORM.pool.ntp.org to /etc/ntp.conf.
What's the point in doing that? These servers're already in the
configuration file installed with ntp package.
I have NTP-related WIP patches that solve some of the issues but in
general I would prefer to remove the whole thing together with
documenting "Please make sure that time on all FreeIPA servers and
clients is synchronized. On most distributions this was already done
during system installation."
Can we mark NTP options deprecated in 4.5 and remove them and stop
touching any time syncing service in 4.6?
--
David Kupka
More information about the Freeipa-devel
mailing list