From acb2c3106ad763a07eca6e0f6f6737c04f967bfe Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 5 Oct 2011 17:25:09 +0300 Subject: Before kinit, try to sync time with the NTP servers of the domain we are joining When running ipa-client-install on a system whose clock is not in sync with the master, kinit fails and enrollment is aborted. Manual checking of current time at the master and adjusting on the client-to-be is then needed. The patch tries to fetch SRV records for NTP servers of the domain we aim to join and runs ntpdate to get time synchronized. If no SRV records are found, sync with IPA server itself. If that fails, warn that time might be not in sync with KDC. https://fedorahosted.org/freeipa/ticket/1773 --- ipa-client/ipaclient/ntpconf.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'ipa-client/ipaclient/ntpconf.py') diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py index 8e151089..e71692f4 100644 --- a/ipa-client/ipaclient/ntpconf.py +++ b/ipa-client/ipaclient/ntpconf.py @@ -132,3 +132,25 @@ def config_ntp(server_fqdn, fstore = None, sysstore = None): # Restart ntpd ipaservices.knownservices.ntpd.restart() + +def synconce_ntp(server_fqdn): + """ + Syncs time with specified server using ntpdate. + Primarily designed to be used before Kerberos setup + to get time following the KDC time + + Returns True if sync was successful + """ + ntpdate="/usr/sbin/ntpdate" + result = False + if os.path.exists(ntpdate): + # retry several times -- logic follows /etc/init.d/ntpdate + # implementation + for retry in range(0,3): + try: + ipautil.run([ntpdate, "-U", "ntp", "-s", "-b", server_fqdn]) + result = True + break + except: + pass + return result -- cgit