library/ipadiscovery: Add time synchronization calls

Attempt to sync time if on_master is not set and no_ntp is not set: At first with given or dicovered time servers. If no ntp servers have been given or discovered, then with the ipa server. New parameters: on_master: description: IPA client installation on IPA server required: false default: false type: bool default: no ntp_servers: description: List of NTP servers to use required: false type: list default: [] no_ntp: description: Do not sync time and do not detect time servers required: false default: false type: bool default: no The ntp_servers output parameter is now always an empty list if on_master or no_ntp is set.
2026-03-26 21:33:05 +00:00 · 2017-12-06 12:53:19 +01:00
parent 120786672e
commit d009b80621
3 changed files with 53 additions and 4 deletions
--- a/library/ipadiscovery.py
+++ b/library/ipadiscovery.py
@@ -52,6 +52,23 @@ options:
  ca_cert_file:
    description: A CA certificate to use.
    required: false
+  on_master:
+    description: IPA client installation on IPA server
+    required: false
+    default: false
+    type: bool
+    default: no
+  ntp_servers:
+    description: List of NTP servers to use
+    required: false
+    type: list
+    default: []
+  no_ntp:
+    description: Do not sync time and do not detect time servers
+    required: false
+    default: false
+    type: bool
+    default: no
 author:
    - Thomas Woerner
 '''
@@ -204,6 +221,9 @@ def main():
            realm=dict(required=False),
            hostname=dict(required=False),
            ca_cert_file=dict(required=False),
+            on_master=dict(required=False, type='bool', default=False),
+            ntp_servers=dict(required=False, type='list', default=[]),
+            no_ntp=dict(required=False, type='bool', default=False),
        ),
        supports_check_mode = True,
    )
@@ -214,6 +234,9 @@ def main():
    opt_realm = module.params.get('realm')
    opt_hostname = module.params.get('hostname')
    opt_ca_cert_file = module.params.get('ca_cert_file')
+    opt_on_master = module.params.get('on_master')
+    opt_ntp_servers = module.params.get('ntp_servers')
+    opt_no_ntp = module.params.get('no_ntp')

    hostname = None
    hostname_source = None
@@ -409,10 +432,32 @@ def main():
                "installation may fail.")
            break

-    # Detect NTP servers
-    ds = ipadiscovery.IPADiscovery()
-    ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp',
-                                       None, break_on_first=False)
+    if not opt_on_master and not opt_no_ntp:
+        if len(opt_ntp_servers) < 1:
+            # Detect NTP servers
+            ds = ipadiscovery.IPADiscovery()
+            ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp',
+                                               None, break_on_first=False)
+        else:
+            ntp_servers = opt_ntp_servers
+
+        # Attempt to sync time:
+        # At first with given or dicovered time servers. If no ntp
+        # servers have been given or discovered, then with the ipa
+        # server.
+        module.log('Synchronizing time ...')
+        synced_ntp = False
+        # use user specified NTP servers if there are any
+        for s in ntp_servers:
+            synced_ntp = ntpconf.synconce_ntp(s, False)
+            if synced_ntp:
+                break
+        if not synced_ntp and not ntp_servers:
+            synced_ntp = ntpconf.synconce_ntp(cli_server[0], False)
+        if not synced_ntp:
+            module.warn("Unable to sync time with NTP server")
+    else:
+        ntp_servers = [ ]

    # Check if ipa client is already configured
    if is_client_configured():
--- a/roles/ipaclient/defaults/main.yml
+++ b/roles/ipaclient/defaults/main.yml
@@ -8,3 +8,4 @@ ipaclient_kinit_attempts: 5
 ipaclient_use_otp: no
 ipaclient_allow_repair: no
 ipaclient_on_master: no
+ipaclient_no_ntp: no
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -18,6 +18,9 @@
    realm: "{{ ipaclient_realm | default(omit) }}"
    hostname: "{{ ipaclient_hostname | default(ansible_fqdn) }}"
    ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"
+    on_master: "{{ ipaclient_on_master }}"
+    ntp_servers: "{{ ipaclient_ntp_servers | default([]) }}"
+    no_ntp: "{{ ipaclient_no_ntp }}"
  register: ipadiscovery

 - name: Install - Set default principal if no keytab is given