Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1049322
Description of problem: I tried running ipa-client-install today and it failed with: Traceback (most recent call last): File "/sbin/ipa-client-install", line 2590, in <module> sys.exit(main()) File "/sbin/ipa-client-install", line 2571, in main rval = install(options, env, fstore, statestore) File "/sbin/ipa-client-install", line 2529, in install ipaclient.ntpconf.config_ntp(ntp_server, fstore, statestore) File "/usr/lib/python2.7/site-packages/ipaclient/ntpconf.py", line 135, in config_ntp ipaservices.knownservices.ntpd.restart() File "/usr/lib/python2.7/site-packages/ipapython/platform/base/systemd.py", line 131, in restart ipautil.run(["/bin/systemctl", "restart", self.service_instance(instance_name)], capture_output=capture_output) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 328, in run raise CalledProcessError(p.returncode, arg_string, stdout) subprocess.CalledProcessError: Command '/bin/systemctl restart ntpd.service' returned non-zero exit status 1 When looking at systemctl status ntpd, I see: ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled) Active: failed (Result: exit-code) since Tue 2014-01-07 07:18:55 EST; 8s ago Process: 4964 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=1/FAILURE) Jan 07 07:18:55 sgallagh520.linux.gallagherhome.com systemd[1]: Starting Network Time Service... Jan 07 07:18:55 sgallagh520.linux.gallagherhome.com ntpd[4964]: ntpd error: only one user option allowed Jan 07 07:18:55 sgallagh520.linux.gallagherhome.com ntpd[4964]: ntpd - NTP daemon program - Ver. 4.2.6p5 Jan 07 07:18:55 sgallagh520.linux.gallagherhome.com ntpd[4964]: Usage: ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... Jan 07 07:18:55 sgallagh520.linux.gallagherhome.com ntpd[4964]: Try 'ntpd --help' for more information. Jan 07 07:18:55 sgallagh520.linux.gallagherhome.com ntpd[4964]: exit 1 Jan 07 07:18:55 sgallagh520.linux.gallagherhome.com systemd[1]: ntpd.service: control process exited, code=exited status=1 Jan 07 07:18:55 sgallagh520.linux.gallagherhome.com systemd[1]: Failed to start Network Time Service. Jan 07 07:18:55 sgallagh520.linux.gallagherhome.com systemd[1]: Unit ntpd.service entered failed state. The systemd service file has: [Unit] Description=Network Time Service After=syslog.target ntpdate.service sntp.service [Service] Type=forking EnvironmentFile=-/etc/sysconfig/ntpd ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS PrivateTmp=true [Install] WantedBy=multi-user.target and the /etc/sysconfig/ntpd has: # Drop root to id 'ntp:ntp' by default. OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid" # Set to 'yes' to sync hw clock after successful ntpdate SYNC_HWCLOCK=yes # Additional options for ntpdate NTPDATE_OPTIONS="" Though looking at rpmverify, it appears that: S.5....T. c /etc/sysconfig/ntpd Looking at the ipa-client-install source code, it looks like we're forcing the inclusion of the extra -u line into /etc/sysconfig/ntpd, which is rejected by the ntpd binary. Version-Release number of selected component (if applicable): freeipa-client-3.3.3-2.fc20.x86_64 ntp-4.2.6p5-18.fc20.x86_64 This appears to be related to https://bugzilla.redhat.com/show_bug.cgi?id=639101#c13
I checked how ntpd is being run by default and it indeed already has hardcoded the "-u ntp:ntp" part. It seems we will just need to fix ipa-client-install to not add it again.
I am thinking we may also need to deal with FreeIPA client F20->F21 updates and remove the "-u ntp:ntp" part for the already installed clients.
Honza, please take this one. When it is fixed, I would consider releasing FreeIPA 3.3.4 fixing the F20 issues.
master: 923e9d8[[BR]] ipa-3-3: a744b5e
Redundant comment removed:
master: e218f28[[BR]] ipa-3-3: 2fbb14d
Metadata Update from @rcritten: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 4.0 - 2014/01
Login to comment on this ticket.