[Freeipa-users] ipa fails to start after centos 7.3 upgrade
Brian Candler
b.candler at pobox.com
Wed Dec 14 11:06:25 UTC 2016
On 12/12/2016 19:53, Rob Verduijn wrote:
> I've recently upgraded to centos 7.3.
> Didn't intend to so soon but should have checked the anounce lists
> before launching my ansible update playbook.
>
> Most of my servers came through, and mostly also the ipa server.
> There were duplicate rpms and a failed rpm upgrade.
> After some yum magic the rpm duplicates where gone and all the updates
> installed.
>
> Manually running ipa-server-upgrade also seems to finish properly.
>
> However
> ipactl start keeps failing on the ntpd service.
> Not a big surprise since its running chronyd.
>
> I now start the ipa server with 'ipactl start --ignore-service-failure'
>
> Is there a way to explain the script that it should check for chronyd
> instead of ntpd ?
Aside: I also have a use case for running without ntp. I run freeipa
inside an lxd container (*), so ntpd is running on the outer host, not
in the container.
However unlike you, after upgrading to CentOS 7.3 / FreeIPA 4.4.0 inside
the container I don't see any problem:
[root at ipa-2 ~]# ipactl stop
Stopping ipa-otpd Service
Stopping pki-tomcatd Service
Stopping ntpd Service
Stopping ipa-custodia Service
Stopping httpd Service
Stopping ipa_memcached Service
Stopping kadmin Service
Stopping krb5kdc Service
Stopping Directory Service
ipa: INFO: The ipactl command was successful
[root at ipa-2 ~]# ipactl start
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting ipa_memcached Service
Starting httpd Service
Starting ipa-custodia Service
Starting ntpd Service
Starting pki-tomcatd Service
Starting ipa-otpd Service
ipa: INFO: The ipactl command was successful
[root at ipa-2 ~]#
ntpd won't run inside the container, which is expected:
[root at ipa-2 ~]# systemctl status ntpd
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled;
vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2016-12-14 10:51:09
UTC; 2min 18s ago
Process: 1357 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS
(code=exited, status=0/SUCCESS)
Main PID: 1358 (code=exited, status=255)
Dec 14 10:51:08 ipa-2.int.cityfibre.com ntpd[1358]: Listen normally on 4
eth0:1 10.0.0.149 UDP 123
Dec 14 10:51:08 ipa-2.int.cityfibre.com ntpd[1358]: Listen normally on 5
lo ::1 UDP 123
Dec 14 10:51:08 ipa-2.int.cityfibre.com ntpd[1358]: Listen normally on 6
eth0 fe80::216:3eff:fef2:a083 UDP 123
Dec 14 10:51:08 ipa-2.int.cityfibre.com ntpd[1358]: Listening on routing
socket on fd #23 for interface updates
Dec 14 10:51:09 ipa-2.int.cityfibre.com ntpd[1358]: 0.0.0.0 c016 06 restart
Dec 14 10:51:09 ipa-2.int.cityfibre.com ntpd[1358]: 0.0.0.0 c012 02
freq_set ntpd 0.000 PPM
Dec 14 10:51:09 ipa-2.int.cityfibre.com ntpd[1358]: 0.0.0.0 c011 01
freq_not_set
Dec 14 10:51:09 ipa-2.int.cityfibre.com systemd[1]: ntpd.service: main
process exited, code=exited, status=255/n/a
Dec 14 10:51:09 ipa-2.int.cityfibre.com systemd[1]: Unit ntpd.service
entered failed state.
Dec 14 10:51:09 ipa-2.int.cityfibre.com systemd[1]: ntpd.service failed.
But ipactl is not complaining, which is good. But I don't know why it
works for me and not for you.
Anyway, I hope that for future reference this use case remains
supported. In a container environment like lxd or docker, you *cannot*
run ntpd (but that doesn't mean the time isn't synced!)
Regards,
Brian.
(*) Aside: this makes snapshotting IPA a breeze.
More information about the Freeipa-users
mailing list