[Freeipa-devel] NTP in FreeIPA

David Kupka dkupka at redhat.com
Wed Nov 30 15:57:35 UTC 2016 

On 30/11/16 16:09, Rob Crittenden wrote:
> David Kupka wrote:
>> On 29/11/16 18:10, Alexander Bokovoy wrote:
>>> Still, bug reports and users' complaints is the only external measure we
>>> have. There are close to nothing in complaints about NTP functionality,
>>> other than requests to support chronyd and a better discover of existing
>>> NTP setups. I don't think that requires dramatic action like removal of
>>> NTP support at all.
>>>
>>
>> As Petr already pointed out, since Fedora 16 chronyd is enabled by
>> default and ipa-client-install doesn't configure time synchronization
>> when chronyd is enabled.
>>
>> I believe that majority of users haven't used '--force-ntpd' and since
>> it still worked they haven't filed any ticket.
>>
>> IMO in this case no bug reports means no users rather than no bugs or
>> requests.
>>
>> Unfortunately, this is just my guess and AFAIK we don't have any data
>> from users showing how they use FreeIPA.
>
> For argument's sake, let's say NTP configuration in the client is
> dropped and managed by the OS or other administrators.
>
> What implication does this have for configuring NTP server on masters?
> Would that be stopped as well? What about existing installs?
>
> I don't believe there is a precedence for removing a service from IPA.
>
> rob
>

Well, everything was done for the first time at some point in history.

I would prefer removing it from server too.

I imagine it this way:
0. We agree that NTP as FreeIPA service will be dropped in 4.x
1. We add big fat warning to nearest release (currently 4.5) that 
FreeIPA will stop supporting NTP as its service on server and client and 
if NTP was configured by FreeIPA (we can tell from sysrestore) upgrade 
will revert those changes.
2. New installations of 4.x will not configure NTP on server nor client. 
Upgrades to 4.x will revert configuration if done by FreeIPA.

I think it's actually that simple. The only hard part is reaching the 
agreement.

While I understand that the value of FreeIPA is entirely in taking care 
of non-trivial services and orchestrating them in a way most comfortable 
for the administrator I think configuring NTP is:
  * reasonably easy (<5 lines on client, <10 lines on server),
  * unnecessary in most cases (distributions defaults or 
DHCP+NetworkManager just work)
and so not worth keeping in FreeIPA.

-- 
David Kupka

More information about the Freeipa-devel mailing list