Mauricio Tavares via FreeIPA-users wrote: > I have two hosts; I will call them master (master.example.com) and > future replica (replica.example.com). Both master and future replica > are setup to use the same NTP servers. replica is currently > registered as a client to master; I am able to login as a realm user, > see my ticket using klist, and see the freeipa admin user. > > Before starting the replica install, I run the ipa-replica-conncheck > on both master and replica, setting the respective master and replica: > > [root@master ~]# /usr/sbin/ipa-replica-conncheck --replica replica.example.com > Check connection from master to remote replica 'replica.example.com': > Directory Service: Unsecure port (389): OK > Directory Service: Secure port (636): OK > Kerberos KDC: TCP (88): OK > Kerberos KDC: UDP (88): OK > Kerberos Kpasswd: TCP (464): OK > Kerberos Kpasswd: UDP (464): OK > HTTP Server: Unsecure port (80): OK > HTTP Server: Secure port (443): OK > > Connection from master to replica is OK. > [root@master ~]#` > > So far so good. > Based on https://www.freeipa.org/page/V4/NTP_Servers_Configuration#CLI, > I used the ipa-replica-install with the --no-ntp option because I did > not want the script to change the ntp settings. Here is the output: > > [root@replica ~]# ipa-replica-install --mkhomedir --no-ntp > Your system may be partly configured. > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > NTP configuration cannot be updated during promotion > The ipa-replica-install command failed. See > /var/log/ipareplica-install.log for more information > [root@replica ~]# > > Why does it want to "update the ntp configuration" given the --no-ntp option?
The NTP configuration is done during the client installation step. If you are promoting a client to a replica the NTP config cannnot be changed by the replica installer. So in short if you are doing promotion set up the client with NTP as you desire and don't pass any NTP-related options to ipa-replica-install. If you do only ipa-replica-install, you need to set the options. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
