search

freeipa / ansible-freeipa

Ansible roles and modules for FreeIPA
GNU General Public License v3.0
500 stars 232 forks source link

ipareplica role does not setup NTP #150

Open ghost opened 4 years ago

ghost commented 4 years ago

ipareplica role does not setup 'NTP service' role. After role is complete, ntpd/chronyd are not running on host.

ipaserver role has ipaserver_setup_ntp.py and ipaserver playbook calls it, however all this seems to be missing from ipareplica.

jstaf commented 2 years ago

Yeah, this is a pretty massive bug - I just discovered today that all of my IPA replicas are not running NTP today like I thought they were. This role doesn't seem to install NTP like it's supposed to on replicas.

t-woerner commented 2 years ago

How did you install the replica? Which parameters have been set? Which system and ansible-freeipa version are you using?

jstaf commented 2 years ago

My replica was just installed via the ipareplica role on CentOS 7. There is no special settings required to reproduce this: just provision a server with the ipaserver role, and a replica using the ipareplica role (default settings are fine). The ipaserver server will have the "NTP server" role, and the ipareplica server will be missing the "NTP server" role.

The expected behavior is that the server provisioned using the ipareplica role should also have the "NTP server" role.

@jlanclos's original assessment of the problem is correct:

You can verify this is the problem by just copy/pasting the ipaserver_setup_ntp task to the correct spot in the ipareplica role: https://github.com/freeipa/ansible-freeipa/blob/master/roles/ipareplica/tasks/install.yml#L275. It looks like this was just accidentally left out when the role was created.

(It looks like the way to fix replicas post-hoc is following https://listman.redhat.com/archives/freeipa-users/2014-August/msg00197.html... they'll never show up as an "NTP server" in the FreeIPA UI though 😞)