On 12/12/2016 19:53, Rob Verduijn wrote:
I've recently upgraded to centos 7.3.
Didn't intend to so soon but should have checked the anounce lists
before launching my ansible update playbook.
Most of my servers came through, and mostly also the ipa server.
There were duplicate rpms and a failed rpm upgrade.
After some yum magic the rpm duplicates where gone and all the updates
installed.
Manually running ipa-server-upgrade also seems to finish properly.
However
ipactl start keeps failing on the ntpd service.
Not a big surprise since its running chronyd.
I now start the ipa server with 'ipactl start --ignore-service-failure'
Is there a way to explain the script that it should check for chronyd
instead of ntpd ?
Aside: I also have a use case for running without ntp. I run freeipa
inside an lxd container (*), so ntpd is running on the outer host, not
in the container.
However unlike you, after upgrading to CentOS 7.3 / FreeIPA 4.4.0 inside
the container I don't see any problem:
[root@ipa-2 ~]# ipactl stop
Stopping ipa-otpd Service
Stopping pki-tomcatd Service
Stopping ntpd Service
Stopping ipa-custodia Service
Stopping httpd Service
Stopping ipa_memcached Service
Stopping kadmin Service
Stopping krb5kdc Service
Stopping Directory Service
ipa: INFO: The ipactl command was successful
[root@ipa-2 ~]# ipactl start
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting ipa_memcached Service
Starting httpd Service
Starting ipa-custodia Service
Starting ntpd Service
Starting pki-tomcatd Service
Starting ipa-otpd Service
ipa: INFO: The ipactl command was successful
[root@ipa-2 ~]#
ntpd won't run inside the container, which is expected:
[root@ipa-2 ~]# systemctl status ntpd
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled;
vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2016-12-14 10:51:09
UTC; 2min 18s ago
Process: 1357 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS
(code=exited, status=0/SUCCESS)
Main PID: 1358 (code=exited, status=255)
Dec 14 10:51:08 ipa-2.int.cityfibre.com ntpd[1358]: Listen normally on 4
eth0:1 10.0.0.149 UDP 123
Dec 14 10:51:08 ipa-2.int.cityfibre.com ntpd[1358]: Listen normally on 5
lo ::1 UDP 123
Dec 14 10:51:08 ipa-2.int.cityfibre.com ntpd[1358]: Listen normally on 6
eth0 fe80::216:3eff:fef2:a083 UDP 123
Dec 14 10:51:08 ipa-2.int.cityfibre.com ntpd[1358]: Listening on routing
socket on fd #23 for interface updates
Dec 14 10:51:09 ipa-2.int.cityfibre.com ntpd[1358]: 0.0.0.0 c016 06 restart
Dec 14 10:51:09 ipa-2.int.cityfibre.com ntpd[1358]: 0.0.0.0 c012 02
freq_set ntpd 0.000 PPM
Dec 14 10:51:09 ipa-2.int.cityfibre.com ntpd[1358]: 0.0.0.0 c011 01
freq_not_set
Dec 14 10:51:09 ipa-2.int.cityfibre.com systemd[1]: ntpd.service: main
process exited, code=exited, status=255/n/a
Dec 14 10:51:09 ipa-2.int.cityfibre.com systemd[1]: Unit ntpd.service
entered failed state.
Dec 14 10:51:09 ipa-2.int.cityfibre.com systemd[1]: ntpd.service failed.
But ipactl is not complaining, which is good. But I don't know why it
works for me and not for you.
Anyway, I hope that for future reference this use case remains
supported. In a container environment like lxd or docker, you *cannot*
run ntpd (but that doesn't mean the time isn't synced!)
Regards,
Brian.
(*) Aside: this makes snapshotting IPA a breeze.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
