Package: freeipa-client Version: 4.4.4-1+b1 ipa-client-install dies, if ntp is not installed (e.g. on a LXC container). Sample session:
root@logs01:~# ipa-client-install --hostname `hostname` --no-ssh --no-sshd --no-nisdomain --no-sudo Discovery was successful! Client hostname: logs01.vs.example.com Realm: EXAMPLE.COM DNS Domain: example.com IPA Server: ipa2.example.com BaseDN: dc=example,dc=com Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Unable to sync time with NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. User authorized to enroll computers: admin Password for ad...@example.com: Successfully retrieved CA cert Subject: CN=example Root CA,OU=example Certificate Authority,O=example AG,C=COM Issuer: CN=example Root CA,OU=example Certificate Authority,O=example AG,C=COM Valid From: Tue May 26 07:14:50 2015 UTC Valid Until: Sun Dec 31 23:59:59 2045 UTC Subject: CN=Certificate Authority,O=example AG,C=COM Issuer: CN=example Root CA,OU=example Certificate Authority,O=example AG,C=COM Valid From: Mon Dec 28 10:35:30 2015 UTC Valid Until: Mon Dec 31 23:59:59 2035 UTC Enrolled in IPA realm EXAMPLE.COM Created /etc/ipa/default.conf New SSSD config will be created Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm EXAMPLE.COM trying https://ipa2.example.com/ipa/json Forwarding 'schema' to json server 'https://ipa2.example.com/ipa/json' trying https://ipa2.example.com/ipa/session/json Forwarding 'ping' to json server 'https://ipa2.example.com/ipa/session/json' Forwarding 'ca_is_enabled' to json server 'https://ipa2.example.com/ipa/session/json' Systemwide CA database updated. Adding SSH public key from /etc/ssh/ssh_host_rsa_key-cert.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://ipa2.example.com/ipa/session/json' Could not update DNS SSHFP records. SSSD enabled Configured /etc/openldap/ldap.conf Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 3138, in <module> sys.exit(main()) File "/usr/sbin/ipa-client-install", line 3119, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 3070, in install ipaclient.ntpconf.config_ntp(ntp_servers, fstore, statestore) File "/usr/lib/python2.7/dist-packages/ipaclient/ntpconf.py", line 137, in config_ntp services.knownservices.ntpd.restart() File "/usr/lib/python2.7/dist-packages/ipaplatform/services.py", line 95, in restart instance_name], capture_output=capture_output) File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 515, in run raise CalledProcessError(p.returncode, arg_string, str(output)) subprocess.CalledProcessError: Command '/usr/sbin/service ntp restart ' returned non-zero exit status 5 AFAICS this is a regression to version 4.4.3-3. Of course I know that there is an option --no-ntp, but it should be easy to either ignore this error or to print a more user-friendly error message. Thanx in advance. Please keep on your good work. Harri