ipaserver: Support sync_time changes of 4.8.0

sync_time is not using options anymore, but has two new arguments. These
are ntp_servers and ntp_pool. The options argument is not used anymore.

This requires to use inspect on sync_time to be able to detect if the old
or the new function is available.

The call for get_time_source has been added, but is documented out as the
call is only useful in interactive mode.

ipaserver_test now returns ntp_servers and ntp_pool, which are then used
for ipaserver_setup_ntp.

roles/ipaserver/library/ipaserver_setup_ntp.py

@@ -51,12 +51,20 @@ from ansible.module_utils.ansible_ipa_server import *
 
 def main():
     ansible_module = AnsibleModule(
-        argument_spec = dict(),
+        argument_spec = dict(
+            ntp_servers=dict(required=False, type='list', default=None),
+            ntp_pool=dict(required=False, default=None),
+        ),
     )
 
     ansible_module._ansible_debug = True
     ansible_log = AnsibleModuleLog(ansible_module)
 
+    # set values ############################################################
+
+    options.ntp_servers = ansible_module.params.get('ntp_servers')
+    options.ntp_pool = ansible_module.params.get('ntp_pool')
+
     # init ##########################################################
 
     fstore = sysrestore.FileStore(paths.SYSRESTORE)
@@ -70,13 +78,18 @@ def main():
         # chrony will be handled here in uninstall() method as well by invoking
         # the ipa-server-install --uninstall
         ansible_module.log("Synchronizing time")
-        options.ntp_servers = None
+
-        options.ntp_pool = None
+        argspec = inspect.getargspec(sync_time)
-        if sync_time(options, fstore, sstore):
+        if "options" not in argspec.args:
-            ansible_module.log("Time synchronization was successful.")
+            synced_ntp = sync_time(options.ntp_servers, options.ntp_pool,
+                                   fstore, sstore)
         else:
-            ansible_module.warn("IPA was unable to sync time with chrony!")
+            synced_ntp = sync_time(options, fstore, sstore)
-            ansible_module.warn("Time synchronization is required for IPA "
+        if not synced_ntp:
+            ansible_module.log(
+                "Warning: IPA was unable to sync time with chrony!")
+            ansible_module.log(
+                "         Time synchronization is required for IPA "
                 "to work correctly")
     else:
         # Configure ntpd

roles/ipaserver/library/ipaserver_test.py

@@ -88,6 +88,8 @@ def main():
             pkinit_cert_name=dict(required=False),
             ### client ###
             # mkhomedir
+            ntp_servers=dict(required=False, type='list', default=None),
+            ntp_pool=dict(required=False, default=None),
             no_ntp=dict(required=False, type='bool', default=False),
             # ssh_trust_dns
             # no_ssh
@@ -164,6 +166,8 @@ def main():
     options.pkinit_cert_name = ansible_module.params.get('pkinit_cert_name'),
     ### client ###
     # mkhomedir
+    options.ntp_servers = ansible_module.params.get('ntp_servers')
+    options.ntp_pool = ansible_module.params.get('ntp_pool')
     options.no_ntp = ansible_module.params.get('no_ntp')
     # ssh_trust_dns
     # no_ssh
@@ -705,9 +709,10 @@ def main():
         try:
             timeconf.check_timedate_services()
         except timeconf.NTPConflictingService as e:
-            ansible_module.log("Conflicting time&date synchronization service '%s'"
+            ansible_module.log(
-                       " will be disabled in favor of %s" % \
+                "WARNING: conflicting time&date synchronization service "
-                       (e.conflicting_service, time_service))
+                "'%s' will be disabled in favor of chronyd" % \
+                e.conflicting_service)
         except timeconf.NTPConfigurationError:
             pass
 
@@ -777,6 +782,11 @@ def main():
                 "You will not be able to establish trusts with Active "
                 "Directory.")
 
+    # Do not ask for time source
+    #if not options.no_ntp and not options.unattended and not (
+    #        options.ntp_servers or options.ntp_pool):
+    #    options.ntp_servers, options.ntp_pool = timeconf.get_time_source()
+
     #########################################################################
 
     http_pkcs12_file = None
@@ -871,6 +881,9 @@ def main():
                              ### ad trust ###
                              rid_base=options.rid_base,
                              secondary_rid_base=options.secondary_rid_base,
+                             ### client ###
+                             ntp_servers=options.ntp_servers,
+                             ntp_pool=options.ntp_pool,
                              ### additional ###
                              _installation_cleanup=_installation_cleanup,
                              domainlevel=options.domainlevel)

roles/ipaserver/tasks/install.yml

@@ -64,6 +64,8 @@
     # pkinit_name
     ### client ###
     # mkhomedir
+    ntp_servers: "{{ ipaclient_ntp_servers | default(omit) }}"
+    ntp_pool: "{{ ipaclient_ntp_pool | default(omit) }}"
     no_ntp: "{{ ipaclient_no_ntp }}"
     # ssh_trust_dns
     # no_ssh
@@ -166,6 +168,8 @@
 
   - name: Install - Setup NTP
     ipaserver_setup_ntp:
+      ntp_servers: "{{ result_ipaserver_test.ntp_servers | default(omit) }}"
+      ntp_pool: "{{ result_ipaserver_test.ntp_pool | default(omit) }}"
     when: not ipaclient_no_ntp | bool and (ipaserver_external_cert_files
           is undefined or ipaserver_external_cert_files|length < 1)