On 01/15/2015 08:56 AM, Nathan Kinder wrote: > > > On 01/15/2015 12:01 AM, Jan Pazdziora wrote:
... >> You need to use --cap-add=SYS_TIME when running the server container >> or ntpd will fail. > > Thanks for the tip. This works. It would be handy to add this to the > README for your freeipa-server container. Nevermind. I just saw your reply to Lukas on this. If we can keep the client install from hanging forever, then I agree that it's best to have it be noticeable that time sync is not working in the client installer output vs. hiding that it's not working. > >> >> Even if you do that, SELinux will likely prevent ntpd doing its job >> but at least it will stay around so that the client can connect to it. >> >> What is interesting though is the fact that the client hangs >> indefinitely instead of reporting that it cannot sync the time and >> proceeding. >> > > I think this is simply a behavior difference between ntpdate and ntpd > (which we are using now during the client install on f21). This issue > should not be specific to using IPA in a container. > > Hanging indefinitely is never a good thing, so I think it would be nice > to add a timeout in ipa-client-install in case we can't reach the server > for ntp. I have filed a ticket for this: > > https://fedorahosted.org/freeipa/ticket/4842 > > -NGK > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project