freeipa / ansible-freeipa

Ansible roles and modules for FreeIPA
GNU General Public License v3.0
504 stars 231 forks source link

ipareplica role ignore "ipaclient_no_ntp" #479

Open jake2184 opened 3 years ago

jake2184 commented 3 years ago

I have ipaclient_no_ntp: False , but the ipareplica role doesn't use this in the task "Install - Setup Client". It uses the following logic:

      ipaclient_no_ntp: "{{ result_ipareplica_test.ipa_python_version
                            < 40690 }}"

Causing the client role to edit NTP config.

Is there a reason for this?

dsroark-dt commented 3 years ago

This breaks for me when I try to use my own set of NTP servers:

TASK [freeipa.ansible_freeipa.ipaclient : Install - IPA client test] ********************************************************************
Thursday 01 April 2021  16:27:31 -0400 (0:00:00.042)       0:01:33.304 ********
fatal: [freeipa-replica]: FAILED! => changed=false
  msg: --ntp-server cannot be used together with --no-ntp

I also have ipaclient_no_ntp: no everywhere I can think, but strategically placed debug tasks show me that the above conditional changes it back to true. Only deploying with -e ipaclient_no_ntp=no ensures it doesn't get overwritten.

rjeffman commented 2 years ago

@dsroark-dt, you can't set ipaclient_ntp_servers and have ipaclient_no_ntp: yes. If you provide the list of NTP servers, the configuration will be modified.

If that is not the case, can you share your inventory and role task?

dsroark commented 2 years ago

I appreciate you're checking in on this, but since the company I was working at was acquired the project associated with using this role has been abandoned, so I don't have a convenient way to demonstrate on my end. Going off the top of my head, I probably didn't understand the use case for ipaclient_ntp_servers in that case and should have just left the option as yes for ipaclient_no_ntp and configured the servers' ntp using a more basic role

j-vanwijk commented 2 years ago

install-cluster.yml.txt ipa-cluster.txt I have troboules with the precedence of the ipaclient_no_ntp.

I want to deploy a Master and a Replication server on a lxd environment. On the LXD environment the hosts manage the time management for the guest so there is no NTP default possible. ( Maby with some config changes on the lxd profile it can be possible but not default).

My Master deployment works fine. But if I deploy a replication server it wil fail. This at the point of configure the TASK [ipaclient : Install - Configure NTP].

If I run the command "ansible-playbook -v -i ipa-cluster install-cluster.yml " It wil fail If I run the command "ansible-playbook -v -i ipa-cluster install-cluster.yml -e ipaclient_no_ntp=yes" it will work.

I have tested it with the ipaclient_no_ntp on different levels of precedence but on my tests it will only work with the "-e ipaclient_no_ntp=yes" level.

roles:

Thats what is can find. It would be nice if I/We can use the playbooks on a clean way. Can I some where help to get things clearlyer ?

rmbleeker commented 1 year ago

This seems to be a duplicate of #281