library/ipadiscovery: Add time synchronization calls

Attempt to sync time if on_master is not set and no_ntp is not set: At
first with given or dicovered time servers. If no ntp servers have been
given or discovered, then with the ipa server.

New parameters:
  on_master:
    description: IPA client installation on IPA server
    required: false
    default: false
    type: bool
    default: no
  ntp_servers:
    description: List of NTP servers to use
    required: false
    type: list
    default: []
  no_ntp:
    description: Do not sync time and do not detect time servers
    required: false
    default: false
    type: bool
    default: no

The ntp_servers output parameter is now always an empty list if on_master
or no_ntp is set.

library/ipadiscovery.py

@@ -52,6 +52,23 @@ options:
   ca_cert_file:
     description: A CA certificate to use.
     required: false
+  on_master:
+    description: IPA client installation on IPA server
+    required: false
+    default: false
+    type: bool
+    default: no
+  ntp_servers:
+    description: List of NTP servers to use
+    required: false
+    type: list
+    default: []
+  no_ntp:
+    description: Do not sync time and do not detect time servers
+    required: false
+    default: false
+    type: bool
+    default: no
 author:
     - Thomas Woerner
 '''
@@ -204,6 +221,9 @@ def main():
             realm=dict(required=False),
             hostname=dict(required=False),
             ca_cert_file=dict(required=False),
+            on_master=dict(required=False, type='bool', default=False),
+            ntp_servers=dict(required=False, type='list', default=[]),
+            no_ntp=dict(required=False, type='bool', default=False),
         ),
         supports_check_mode = True,
     )
@@ -214,6 +234,9 @@ def main():
     opt_realm = module.params.get('realm')
     opt_hostname = module.params.get('hostname')
     opt_ca_cert_file = module.params.get('ca_cert_file')
+    opt_on_master = module.params.get('on_master')
+    opt_ntp_servers = module.params.get('ntp_servers')
+    opt_no_ntp = module.params.get('no_ntp')
 
     hostname = None
     hostname_source = None
@@ -409,10 +432,32 @@ def main():
                 "installation may fail.")
             break
 
+    if not opt_on_master and not opt_no_ntp:
+        if len(opt_ntp_servers) < 1:
             # Detect NTP servers
             ds = ipadiscovery.IPADiscovery()
             ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp',
                                                None, break_on_first=False)
+        else:
+            ntp_servers = opt_ntp_servers
+
+        # Attempt to sync time:
+        # At first with given or dicovered time servers. If no ntp
+        # servers have been given or discovered, then with the ipa
+        # server.
+        module.log('Synchronizing time ...')
+        synced_ntp = False
+        # use user specified NTP servers if there are any
+        for s in ntp_servers:
+            synced_ntp = ntpconf.synconce_ntp(s, False)
+            if synced_ntp:
+                break
+        if not synced_ntp and not ntp_servers:
+            synced_ntp = ntpconf.synconce_ntp(cli_server[0], False)
+        if not synced_ntp:
+            module.warn("Unable to sync time with NTP server")
+    else:
+        ntp_servers = [ ]
 
     # Check if ipa client is already configured
     if is_client_configured():

roles/ipaclient/defaults/main.yml

@@ -8,3 +8,4 @@ ipaclient_kinit_attempts: 5
 ipaclient_use_otp: no
 ipaclient_allow_repair: no
 ipaclient_on_master: no
+ipaclient_no_ntp: no

roles/ipaclient/tasks/install.yml

@@ -18,6 +18,9 @@
     realm: "{{ ipaclient_realm | default(omit) }}"
     hostname: "{{ ipaclient_hostname | default(ansible_fqdn) }}"
     ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"
+    on_master: "{{ ipaclient_on_master }}"
+    ntp_servers: "{{ ipaclient_ntp_servers | default([]) }}"
+    no_ntp: "{{ ipaclient_no_ntp }}"
   register: ipadiscovery
 
 - name: Install - Set default principal if no keytab is given