Hello.

I have several suggestions:

1) make an optional requires of server/client packages to ntpd, because last could conflict with another NTP server/client (based to platform);

2) make an abstract NTP module to easy change basic operations (like read/write configuration, time sync);

3) based on above each Linux distribution team can contribute easily (e.g. from ALTLinux - openntpd ;-) );

4) Of course manual steps(not by installers) are error prone(misconfiguration, wrong configuration, etc.).

But IPA controls NTP configuration upon installation only (not at runtime or start time) as far as i know.

May be add time syncing check?


Thank you.



29.01.2018 17:57, Tibor Dudlák via FreeIPA-devel пишет:


On Mon, Jan 29, 2018 at 3:09 PM, Simo Sorce <ssorce@redhat.com> wrote:
On Mon, 2018-01-29 at 14:54 +0100, Tibor Dudlák wrote:

[...]

> > > > So given the above we initially decided to make IPA servers also ntp
> > > > servers and configure client to use IPA server as time sources.
>
> Not configuring NTP service but still requiting it might be way to give
> freedom of choice to IPA administrator to set one they prefer before
> installing IPA. :)

I think this is the worst of the possible outcomes, as now you need to
add one more manual step to the configuration of the system.
The point of ipa-server-install is to simplify installation and
configure everything that is *required* except the Operating System.
Requiring something and not installing it would be a net regression.

[...]

> So should we only replace ntpd with chronyd and have option to not
> configure NTP service (chronyd) as it is now if administrator wants to use
> other than chronyd?

This is certainly an option, but we would then require to have code for
both ntpd and chronyd upstream, because some older distros use NTP.
Not that this is too difficult, we already have the platform
absraction, so it is a simply a matter of adding chronyd w/o removing
ntpd.

HTH,
Simo.

Thanks for input Simo.

--
Tibor Dudlák
Identity management - freeIPA
Brno, TPB-C, 2C407
Red Hat


_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-leave@lists.fedorahosted.org