Start ntpd first unless we do not want it.

Make sure we do sync the clock leaping to the current correct time.
This avoids problems with bad dates on certificates, etc..

5 files changed, 44 insertions, 18 deletions

diff --git a/ipa-server/ipa-install/ipa-replica-install b/ipa-server/ipa-install/ipa-replica-install
index 0fb0a5656..234a624b6 100644
--- a/ipa-server/ipa-install/ipa-replica-install
+++ b/ipa-server/ipa-install/ipa-replica-install
@@ -42,6 +42,8 @@ class ReplicaConfig:
 def parse_options():
     from optparse import OptionParser
     parser = OptionParser()
+    parser.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
+                      help="do not configure ntp", default=True)
     parser.add_option("-d", "--debug", dest="debug", action="store_true",
                       default=False, help="gather extra debugging information")
 
@@ -171,6 +173,12 @@ def main():
     except ldap.INVALID_CREDENTIALS, e :
         sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)
 
+    # Configure ntpd
+    if options.conf_ntp:
+        ntp = ntpinstance.NTPInstance()
+        ntp.create_instance()
+
+    # Configure dirsrv
     install_ds(config)
 
     repl = replication.ReplicationManager(config.host_name, config.dirman_password)
@@ -189,10 +197,6 @@ def main():
     webgui = httpinstance.WebGuiInstance()
     webgui.create_instance()
 
-    # Configure ntpd
-    ntp = ntpinstance.NTPInstance()
-    ntp.create_instance()
-
     service.restart("dirsrv")
     service.restart("krb5kdc")
 
@@ -214,4 +218,4 @@ except Exception, e:
     for str in traceback.format_tb(sys.exc_info()[2]):
         message = message + "\n" + str
     logging.debug(message)
-    sys.exit(1)    
+    sys.exit(1)
diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install
index b873de426..b698d6828 100644
--- a/ipa-server/ipa-install/ipa-server-install
+++ b/ipa-server/ipa-install/ipa-server-install
@@ -75,6 +75,8 @@ def parse_options():
                       default=False, help="unattended installation never prompts the user")
     parser.add_option("", "--uninstall", dest="uninstall", action="store_true",
                       default=False, help="uninstall an existing installation")
+    parser.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
+                      help="do not configure ntp", default=True)
 
     options, args = parser.parse_args()
 
@@ -320,11 +322,11 @@ def main():
     print "This program will setup the FreeIPA Server."
     print ""
     print "This includes:"
+    print "  * Configure the Network Time Daemon (ntpd)"
     print "  * Create and configure an instance of Directory Server"
     print "  * Create and configure a Kerberos Domain Controller (KDC)"
     print "  * Configure Apache (httpd)"
     print "  * Configure TurboGears"
-    print "  * Configure the Network Time Daemon (ntpd)"
     print ""
     print "To accept the default shown in brackets, press the Enter key."
     print ""
@@ -445,6 +447,11 @@ def main():
         print "The following operations may take some minutes to complete."
         print "Please wait until the prompt is returned."
 
+    # Configure ntpd
+    if options.conf_ntp:
+        ntp = ipaserver.ntpinstance.NTPInstance()
+        ntp.create_instance()
+
     # Create a directory server instance
     ds = ipaserver.dsinstance.DsInstance()
     ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password)
@@ -483,10 +490,6 @@ def main():
     service.print_msg("restarting the KDC")
     krb.restart()
 
-    # Configure ntpd
-    ntp = ipaserver.ntpinstance.NTPInstance()
-    ntp.create_instance()
-
     # Set the admin user kerberos password
     ds.change_admin_password(admin_password)
 
diff --git a/ipa-server/ipa-install/share/Makefile.am b/ipa-server/ipa-install/share/Makefile.am
index 28ad51b9c..44afd06a4 100644
--- a/ipa-server/ipa-install/share/Makefile.am
+++ b/ipa-server/ipa-install/share/Makefile.am
@@ -20,6 +20,7 @@ app_DATA =				\
 	krb.con.template		\
 	krbrealm.con.template		\
 	ntp.conf.server.template 	\
+	ntpd.sysconfig.template 	\
 	preferences.html.template 	\
 	referint-conf.ldif		\
 	dna-posix.ldif			\
diff --git a/ipa-server/ipa-install/share/ntpd.sysconfig.template b/ipa-server/ipa-install/share/ntpd.sysconfig.template
new file mode 100644
index 000000000..3412a0e8c
--- /dev/null
+++ b/ipa-server/ipa-install/share/ntpd.sysconfig.template
@@ -0,0 +1,8 @@
+# Drop root to id 'ntp:ntp' by default.
+OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid"
+
+# Set to 'yes' to sync hw clock after successful ntpdate
+SYNC_HWCLOCK=yes
+
+# Additional options for ntpdate
+NTPDATE_OPTIONS=""
diff --git a/ipa-server/ipaserver/ntpinstance.py b/ipa-server/ipaserver/ntpinstance.py
index e2765171e..538588107 100644
--- a/ipa-server/ipaserver/ntpinstance.py
+++ b/ipa-server/ipaserver/ntpinstance.py
@@ -35,25 +35,34 @@ class NTPInstance(service.Service):
         # or we can get our own pool.
         os = ""
         if ipautil.file_exists("/etc/fedora-release"):
-            os = "fedora."
+            os = "fedora"
         elif ipautil.file_exists("/etc/redhat-release"):
-            os = "rhel."
+            os = "rhel"
 
         sub_dict = { }
-        sub_dict["SERVERA"] = "0.%spool.ntp.org" % os
-        sub_dict["SERVERB"] = "1.%spool.ntp.org" % os
-        sub_dict["SERVERC"] = "2.%spool.ntp.org" % os
+        sub_dict["SERVERA"] = "0.%s.pool.ntp.org" % os
+        sub_dict["SERVERB"] = "1.%s.pool.ntp.org" % os
+        sub_dict["SERVERC"] = "2.%s.pool.ntp.org" % os
 
         ntp_conf = ipautil.template_file(ipautil.SHARE_DIR + "ntp.conf.server.template", sub_dict)
+        ntp_sysconf = ipautil.template_file(ipautil.SHARE_DIR + "ntpd.sysconfig.template", {})
 
         sysrestore.backup_file("/etc/ntp.conf")
+        sysrestore.backup_file("/etc/sysconfig/ntpd")
 
         fd = open("/etc/ntp.conf", "w")
         fd.write(ntp_conf)
         fd.close()
 
-    def __start(self):
+        fd = open("/etc/sysconfig/ntpd", "w")
+        fd.write(ntp_sysconf)
+        fd.close()
+
+    def __stop(self):
         self.backup_state("running", self.is_running())
+        self.stop()
+
+    def __start(self):
         self.start()
 
     def __enable(self):
@@ -61,13 +70,14 @@ class NTPInstance(service.Service):
         self.chkconfig_on()
 
     def create_instance(self):
-        self.step("writing configuration", self.__write_config)
 
         # we might consider setting the date manually using ntpd -qg in case
         # the current time is very far off.
 
-        self.step("starting ntpd", self.__start)
+        self.step("stopping ntpd", self.__stop)
+        self.step("writing configuration", self.__write_config)
         self.step("configuring ntpd to start on boot", self.__enable)
+        self.step("starting ntpd", self.__start)
 
         self.start_creation("Configuring ntpd")